Which Elements of Comodo do You Use?

Discussion in 'Comodo' started by AtlBo, Nov 6, 2017.

?

Elements of Comodo that You Use

Poll closed Dec 6, 2017.
  1. Firewall

    43 vote(s)
    86.0%
  2. HIPS

    16 vote(s)
    32.0%
  3. Auto-Contain

    37 vote(s)
    74.0%
  4. Heuristic Command-line Monitoring

    24 vote(s)
    48.0%
  5. Cloud Lookup

    27 vote(s)
    54.0%
  6. Viruscope

    29 vote(s)
    58.0%
  7. Shortened (Edited) Trusted Vendors List

    11 vote(s)
    22.0%
  8. Detect PUP Software (setting in File Rating Settings)

    20 vote(s)
    40.0%
  9. Desktop Widget

    10 vote(s)
    20.0%
  10. Killstart

    12 vote(s)
    24.0%
Multiple votes are allowed.
  1. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,519
    Qihoo 360
    Official Website:
    https://www.comodo.com/
    Posting this to see how most Comodo users use the program. If you would like you can rate the importance of the features in a post.

    Feature Security Value and 1-10 rating of the element in Comodo
    1. Auto-contain (element 1-10 rating 8.5)
    2. Heuristic Command-line (element 1-10 rating 9.0)
    3. Firewall (element 1-10 rating 7)
    4. HIPS (element 1-10 rating 6.5)
    5. Cloud Lookup (element 1-10 rating 6)

    The rest are optional for user

    One question: If you could improve any one thing about Comodo (any of them) what would the improvement be?

    For me this would be improving the interactibility of the user to the "Unblock Applications" dialog. Make it so that users have more control when unblocking.

    EDIT: In poll Killstart should be Killswitch :oops:
     
    tim one, XhenEd, bribon77 and 7 others like this.
  2. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,285
    13,650
    Utopia
    Obviously, the desktop widget is by far the most important feature of Comodo! I am sure that all users will agree!
     
    Kwan ST, ZeroDay, bribon77 and 5 others like this.
  3. nikos200

    nikos200 Level 2

    Nov 18, 2015
    88
    390
    Greece
    Windows 10
    Emsisoft
  4. frogboy

    frogboy Level 61
    Trusted

    Jun 9, 2013
    6,228
    64,826
    Heavy Duty Mechanic.
    Western Australia
    Windows 10
    Emsisoft
  5. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,285
    13,650
    Utopia
    Most important thing to fix: command line analysis/embedded code detection.
    If you have autocontainer enabled, and you have a bat file or embedded code with a random name, it doesn't work well together.
     
    tim one, bribon77, SHvFl and 3 others like this.
  6. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,519
    Qihoo 360
    Of course :). Just trying to see how many make use of the widget with that one.

    Thanks for this. Wasn't aware. What is a random name if I may ask? Wondering if Comodo knows about this. Haven't had any time to test the feature, although I have been hoping to put it through some tests at some point.
     
    bribon77, nikos200 and SHvFl like this.
  7. Evjl's Rain

    Evjl's Rain Level 29
    Trusted AV Tester

    Apr 18, 2016
    1,817
    13,238
    Vietnam
    Windows 8.1
    Avast
    1/ Firewall: it's a must for me. Windows Firewall is not easy to use at least for me. I can't create a rule which "Allows A and blocks everything else". Very easy to monitor all the connection and block if necessary + outbound connection notification
    2/ Auto-contain: I now use it as an on-demand sandbox, not automatically blocks my programs. Also I made some rules to block dangerous extensions (.js, .jar, .ps1,... for example) and block vulnerable processes (powershell). I disable auto-containment of unrecognized apps
    3/ cloud lookup and virusscope, PUP: reduce false positive rate with basic malware signatures, although they are useless most of the time
    4/ Heuristic Command-line Monitoring: never does anything for me, but I keep it enable

    what is broken: update module. After 2 tries and reboots, I still haven't get the latest version for some reasons although I downloaded the installer straight from comodo website today
     
  8. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,519
    Qihoo 360
    I lean heavily on the Firewall too @Evjl's Rain. I have a fairly large number of processes set to "ask" so I can see when they contact the internet. I am also monitoring ipV6 traffic which has been interesting. You get all those hits about hardware detection from apps, but I once in a while something will try to reach across the net via that protocol.
     
    tim one, ZeroDay, bribon77 and 4 others like this.
  9. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,285
    13,650
    Utopia
    Yeah, they know about it. It mainly affects cmd.exe. A random name is something like 45000100bcf12.bat
    My intel integrated graphics spawns a bat file like that at system startup, and every time it is a different name. That's that rub. It will always be autocontained, and the system tray icon for graphics won't work. Currently, that icon is the only way to access graphics settings.
     
  10. SHvFl

    SHvFl Level 32
    Content Creator Trusted

    Nov 19, 2014
    2,153
    16,410
    Supermodel for McDonald's
    Europe
    Windows 10
    Emsisoft
    When i use Comodo nowadays i only use the firewall but i consider the auto containment, Heuristic Command-line Monitoring and Shortened (Edited) Trusted Vendors List useful. No longer do the same for hips because it's broken, viruscope is useless, cloud is run by monkeys, pup is no worry for me, widget is too big and i use process explorer so i don't need killswitch.
     
  11. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,519
    Qihoo 360
    #11 AtlBo, Nov 6, 2017
    Last edited: Nov 6, 2017
    Yes that nasty bug. OK. I hadn't thought of it in terms of a boot scenario. That is a nasty issue. Of course, there are other scenarios with the auto-sandbox occurring before heuristic command-line can be detected issue too. I wonder if Comodo could ever get to the point with the heuristic command line monitoring where they would trust the monitoring over the sandbox and then allow the sandbox to run command lines if HCL option is on. This way there could be separate and logically compatible alerts, even if the process were contained.

    This still wouldn't solve your issue or mine with the Qihoo browser extension, since there isn't anyway to wildcard the dropped .tmp for it to be ignored. However, part of me really still feels that devs shouldn't be making use of command line on boot or on program start up. This practice does put security writers in a tough spot coming up with hands off security for c-l monitoring. That's kind of amateurish it seems to me when there are surely security friendly ways to accomplish the same thing.
     
    tim one, SHvFl, shmu26 and 1 other person like this.
  12. bribon77

    bribon77 Level 11

    Jul 6, 2017
    509
    3,480
    spain
    Windows 7
    Emsisoft
    I have used Comodo in many ways. But lately I use it with @Cs configuration. I think it's excellent.
     
    frogboy, venustus, tim one and 5 others like this.
  13. Captain Awesome

    Captain Awesome Level 19

    May 7, 2016
    901
    7,058
    Student
    India
    Windows 10
    Emsisoft
    When i use Comodo I install only FW and setup Auto-Contain.:)
     
    frogboy, AtlBo, SHvFl and 1 other person like this.
  14. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,285
    13,650
    Utopia
    Maybe someone can explain to me the special magic of CFW at CS settings, which seems to be so popular in this neck of the woods.
    I admit that it works; it is a simple yet effective setup.
    But why is it preferable to any of the other default/deny solutions out there?
     
    AtlBo, bribon77 and SHvFl like this.
  15. SHvFl

    SHvFl Level 32
    Content Creator Trusted

    Nov 19, 2014
    2,153
    16,410
    Supermodel for McDonald's
    Europe
    Windows 10
    Emsisoft
    Similar to this. Read the first reply. Basically CS settings it's just a "brand name" which is now used as "quality assurance".

    Hoover vs. vacuum - Grammarist
     
    frogboy, AtlBo, shmu26 and 1 other person like this.
  16. bribon77

    bribon77 Level 11

    Jul 6, 2017
    509
    3,480
    spain
    Windows 7
    Emsisoft
    You said it. Simple but effective. It doesn't bother me with alerts.
     
    AtlBo and shmu26 like this.
  17. Evjl's Rain

    Evjl's Rain Level 29
    Trusted AV Tester

    Apr 18, 2016
    1,817
    13,238
    Vietnam
    Windows 8.1
    Avast
    #17 Evjl's Rain, Nov 6, 2017
    Last edited: Nov 6, 2017
    because it sandboxes everything which is "Unrecognized" according to the TVL or the cloud. During the sandbox, we can see how the app is doing to decide if it is safe or not to allow or block
    in the default settings, there are a few other rules which allow more apps to run without being sandboxed (a file must come from the internet, from specific locations or the file age is less than 3 days,... if I recall it correctly -> CS's settings bypass these rules and sandbox everything Unrecognized regardless of the file's location, age,...)

    compare to other solutions
    - anti-exe: block or allow, you don't know if the file is safe or not, just base on the ratings. If we allow a malware to run, we are screwed
    - SRP: I don't have experience with it

    CS's settings: sandbox first -> OK, this app looks safe/malicious (visually) -> allow/block
     
    ZeroDay and AtlBo like this.
  18. Sephiroth Source

    Jul 13, 2015
    46
    180
    I updated the Comodo Firewall today and also had problems. After restarting the machine, Windows warned that there was no active firewall in the system. I did the entire installation process and the second time it worked.
     
  19. Evjl's Rain

    Evjl's Rain Level 29
    Trusted AV Tester

    Apr 18, 2016
    1,817
    13,238
    Vietnam
    Windows 8.1
    Avast
    #19 Evjl's Rain, Nov 6, 2017
    Last edited: Nov 6, 2017
    moreover, CS's settings are almost bug-less and are used by many users without any major issue
    if we try to use more modules such as HIPS and tweak everything intensively, we may encounter bugs. CS's config just simply works without many complicated tweaks. The net result could be exactly the same before or after tweaking between CS's and paranoid setup

    my real experience after many months, I have never ever had the bug of rule disappearance using simple configurations. I think most issues come from the HIPS module after a period in training mode
     
    Rengar, bribon77, ZeroDay and 3 others like this.
  20. dvdke

    dvdke Level 1

    Oct 28, 2017
    14
    15
    belguim
    Windows 7
    BitDefender
    only the firewall.
     
    Sunshine-boy, bribon77, SHvFl and 2 others like this.
Loading...
Similar Threads Forum Date
Need Help HitmanPro Alert - Blocking Photoshop Elements 14 on Startup Apps - Questions & Help Jan 8, 2016
Expired Get Ashampoo Burning Studio Elements for FREE Giveaways Archive Jan 9, 2012
Expired Giveaway of the Day - 4 Elements Premium Game Giveaways Archive Sep 4, 2011