Which Elements of Comodo do You Use?

Elements of Comodo that You Use

  • Firewall

    Votes: 43 86.0%
  • HIPS

    Votes: 16 32.0%
  • Auto-Contain

    Votes: 37 74.0%
  • Heuristic Command-line Monitoring

    Votes: 24 48.0%
  • Cloud Lookup

    Votes: 27 54.0%
  • Viruscope

    Votes: 29 58.0%
  • Shortened (Edited) Trusted Vendors List

    Votes: 11 22.0%
  • Detect PUP Software (setting in File Rating Settings)

    Votes: 20 40.0%
  • Desktop Widget

    Votes: 10 20.0%
  • Killstart

    Votes: 12 24.0%

  • Total voters
    50
  • Poll closed .

AtlBo

Level 26
Verified
Joined
Dec 29, 2014
Messages
1,530
Antivirus
Qihoo 360
#1
Posting this to see how most Comodo users use the program. If you would like you can rate the importance of the features in a post.

Feature Security Value and 1-10 rating of the element in Comodo
1. Auto-contain (element 1-10 rating 8.5)
2. Heuristic Command-line (element 1-10 rating 9.0)
3. Firewall (element 1-10 rating 7)
4. HIPS (element 1-10 rating 6.5)
5. Cloud Lookup (element 1-10 rating 6)

The rest are optional for user

One question: If you could improve any one thing about Comodo (any of them) what would the improvement be?

For me this would be improving the interactibility of the user to the "Unblock Applications" dialog. Make it so that users have more control when unblocking.

EDIT: In poll Killstart should be Killswitch :oops:
 

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,653
OS
Windows 10
#5
Most important thing to fix: command line analysis/embedded code detection.
If you have autocontainer enabled, and you have a bat file or embedded code with a random name, it doesn't work well together.
 

AtlBo

Level 26
Verified
Joined
Dec 29, 2014
Messages
1,530
Antivirus
Qihoo 360
#6
Obviously, the desktop widget is by far the most important feature of Comodo! I am sure that all users will agree!
Of course :). Just trying to see how many make use of the widget with that one.

Most important thing to fix: command line analysis/embedded code detection.
If you have autocontainer enabled, and you have a bat file or embedded code with a random name, it doesn't work.
Thanks for this. Wasn't aware. What is a random name if I may ask? Wondering if Comodo knows about this. Haven't had any time to test the feature, although I have been hoping to put it through some tests at some point.
 

Evjl's Rain

Level 38
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,720
OS
Windows 8.1
Antivirus
Avast
#7
1/ Firewall: it's a must for me. Windows Firewall is not easy to use at least for me. I can't create a rule which "Allows A and blocks everything else". Very easy to monitor all the connection and block if necessary + outbound connection notification
2/ Auto-contain: I now use it as an on-demand sandbox, not automatically blocks my programs. Also I made some rules to block dangerous extensions (.js, .jar, .ps1,... for example) and block vulnerable processes (powershell). I disable auto-containment of unrecognized apps
3/ cloud lookup and virusscope, PUP: reduce false positive rate with basic malware signatures, although they are useless most of the time
4/ Heuristic Command-line Monitoring: never does anything for me, but I keep it enable

what is broken: update module. After 2 tries and reboots, I still haven't get the latest version for some reasons although I downloaded the installer straight from comodo website today
 

AtlBo

Level 26
Verified
Joined
Dec 29, 2014
Messages
1,530
Antivirus
Qihoo 360
#8
Firewall: it's a must for me. Windows Firewall is not easy to use at least for me. I can't create a rule which "Allows A and blocks everything else". Very easy to monitor all the connection and block if necessary + outbound connection notification
I lean heavily on the Firewall too @Evjl's Rain. I have a fairly large number of processes set to "ask" so I can see when they contact the internet. I am also monitoring ipV6 traffic which has been interesting. You get all those hits about hardware detection from apps, but I once in a while something will try to reach across the net via that protocol.
 

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,653
OS
Windows 10
#9
Thanks for this. Wasn't aware. What is a random name if I may ask? Wondering if Comodo knows about this. Haven't had any time to test the feature, although I have been hoping to put it through some tests at some point.
Yeah, they know about it. It mainly affects cmd.exe. A random name is something like 45000100bcf12.bat
My intel integrated graphics spawns a bat file like that at system startup, and every time it is a different name. That's that rub. It will always be autocontained, and the system tray icon for graphics won't work. Currently, that icon is the only way to access graphics settings.
 

SHvFl

Level 34
Content Creator
Verified
Joined
Nov 19, 2014
Messages
2,315
OS
Windows 10
Antivirus
Emsisoft
#10
When i use Comodo nowadays i only use the firewall but i consider the auto containment, Heuristic Command-line Monitoring and Shortened (Edited) Trusted Vendors List useful. No longer do the same for hips because it's broken, viruscope is useless, cloud is run by monkeys, pup is no worry for me, widget is too big and i use process explorer so i don't need killswitch.
 

AtlBo

Level 26
Verified
Joined
Dec 29, 2014
Messages
1,530
Antivirus
Qihoo 360
#11
That's that rub. It will always be autocontained, and the system tray icon for graphics won't work. Currently, that icon is the only way to access graphics settings.
Yes that nasty bug. OK. I hadn't thought of it in terms of a boot scenario. That is a nasty issue. Of course, there are other scenarios with the auto-sandbox occurring before heuristic command-line can be detected issue too. I wonder if Comodo could ever get to the point with the heuristic command line monitoring where they would trust the monitoring over the sandbox and then allow the sandbox to run command lines if HCL option is on. This way there could be separate and logically compatible alerts, even if the process were contained.

This still wouldn't solve your issue or mine with the Qihoo browser extension, since there isn't anyway to wildcard the dropped .tmp for it to be ignored. However, part of me really still feels that devs shouldn't be making use of command line on boot or on program start up. This practice does put security writers in a tough spot coming up with hands off security for c-l monitoring. That's kind of amateurish it seems to me when there are surely security friendly ways to accomplish the same thing.
 
Last edited:

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,653
OS
Windows 10
#14
Maybe someone can explain to me the special magic of CFW at CS settings, which seems to be so popular in this neck of the woods.
I admit that it works; it is a simple yet effective setup.
But why is it preferable to any of the other default/deny solutions out there?
 

SHvFl

Level 34
Content Creator
Verified
Joined
Nov 19, 2014
Messages
2,315
OS
Windows 10
Antivirus
Emsisoft
#15
Maybe someone can explain to me the special magic of CFW at CS settings, which seems to be so popular in this neck of the woods.
I admit that it works; it is a simple yet effective setup.
But why is it preferable to any of the other default/deny solutions out there?
Similar to this. Read the first reply. Basically CS settings it's just a "brand name" which is now used as "quality assurance".

Hoover vs. vacuum - Grammarist
 

bribon77

Level 17
Verified
Joined
Jul 6, 2017
Messages
810
OS
Linux
Antivirus
Default-Deny
#16
Maybe someone can explain to me the special magic of CFW at CS settings, which seems to be so popular in this neck of the woods.
I admit that it works; it is a simple yet effective setup.
But why is it preferable to any of the other default/deny solutions out there?
You said it. Simple but effective. It doesn't bother me with alerts.
 

Evjl's Rain

Level 38
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,720
OS
Windows 8.1
Antivirus
Avast
#17
Maybe someone can explain to me the special magic of CFW at CS settings, which seems to be so popular in this neck of the woods.
I admit that it works; it is a simple yet effective setup.
But why is it preferable to any of the other default/deny solutions out there?
because it sandboxes everything which is "Unrecognized" according to the TVL or the cloud. During the sandbox, we can see how the app is doing to decide if it is safe or not to allow or block
in the default settings, there are a few other rules which allow more apps to run without being sandboxed (a file must come from the internet, from specific locations or the file age is less than 3 days,... if I recall it correctly -> CS's settings bypass these rules and sandbox everything Unrecognized regardless of the file's location, age,...)

compare to other solutions
- anti-exe: block or allow, you don't know if the file is safe or not, just base on the ratings. If we allow a malware to run, we are screwed
- SRP: I don't have experience with it

CS's settings: sandbox first -> OK, this app looks safe/malicious (visually) -> allow/block
 
Last edited:
Joined
Jul 13, 2015
Messages
55
#18
1/ Firewall: it's a must for me. Windows Firewall is not easy to use at least for me. I can't create a rule which "Allows A and blocks everything else". Very easy to monitor all the connection and block if necessary + outbound connection notification
2/ Auto-contain: I now use it as an on-demand sandbox, not automatically blocks my programs. Also I made some rules to block dangerous extensions (.js, .jar, .ps1,... for example) and block vulnerable processes (powershell). I disable auto-containment of unrecognized apps
3/ cloud lookup and virusscope, PUP: reduce false positive rate with basic malware signatures, although they are useless most of the time
4/ Heuristic Command-line Monitoring: never does anything for me, but I keep it enable

what is broken: update module. After 2 tries and reboots, I still haven't get the latest version for some reasons although I downloaded the installer straight from comodo website today
I updated the Comodo Firewall today and also had problems. After restarting the machine, Windows warned that there was no active firewall in the system. I did the entire installation process and the second time it worked.
 

Evjl's Rain

Level 38
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,720
OS
Windows 8.1
Antivirus
Avast
#19
moreover, CS's settings are almost bug-less and are used by many users without any major issue
if we try to use more modules such as HIPS and tweak everything intensively, we may encounter bugs. CS's config just simply works without many complicated tweaks. The net result could be exactly the same before or after tweaking between CS's and paranoid setup

my real experience after many months, I have never ever had the bug of rule disappearance using simple configurations. I think most issues come from the HIPS module after a period in training mode
 
Last edited: