Which Elements of Comodo do You Use?

Elements of Comodo that You Use

  • Firewall

    Votes: 43 86.0%

  • HIPS

    Votes: 16 32.0%

  • Auto-Contain

    Votes: 37 74.0%

  • Heuristic Command-line Monitoring

    Votes: 24 48.0%

  • Cloud Lookup

    Votes: 27 54.0%

  • Viruscope

    Votes: 29 58.0%

  • Shortened (Edited) Trusted Vendors List

    Votes: 11 22.0%

  • Detect PUP Software (setting in File Rating Settings)

    Votes: 20 40.0%

  • Desktop Widget

    Votes: 10 20.0%

  • Killstart

    Votes: 12 24.0%
  • Total voters
    50
  • Poll closed .
Status
Not open for further replies.
SHvFl said:
Similar to this. Read the first reply. Basically CS settings it's just a "brand name" which is now used as "quality assurance".
Click to expand...

Could it be the simple effectiveness? I mean no alert. Unsigned or incorrectly signed or no TVL listing or no Cloud Lookup input->item definitely is boxed. I bet some of those users get something from the firewall too, so maybe that contributes. FW is pretty good...not smart but pretty good with configurations. It's at least partly a second layer beyond default deny since so much malware requires the internet to do harm.
 
  • Like
Reactions: shmu26, bribon77, SHvFl and 1 other person
AtlBo said:
Could it be the simple effectiveness? I mean no alert. Unsigned or incorrectly signed or no TVL listing or no Cloud Lookup input->item definitely is boxed. I bet some of those users get something from the firewall too, so maybe that contributes. FW is pretty good...not smart but pretty good with configurations. It's at least partly a second layer beyond default deny since so much malware requires the internet to do harm.
Click to expand...
@AtlBo, would you mind posting a screenshot of your command line/embedded code settings? I am curious to see how you have configured the various processes, and I also would like to see exactly what Comodo put on the list (I don't have Comodo installed right now).

If you or others have any comments on the default Comodo list, I would be happy to hear.
Did they miss anything important, or include something useless?
 
  • Like
Reactions: Deleted member 65228, ZeroDay, AtlBo and 2 others
I installed it to replace another firewall and because of HIPs and auto-contain, but I also enabled Viruscope and website filtering because they're already included.
 
  • Like
Reactions: AtlBo, bribon77 and SHvFl
I use Proactive Security Config

Elements of Comodo that I Use
Firewall - Default Settings
Auto-Contain - Set to "Restricted"
Heuristic Command-line Monitoring - Defaults
Cloud Lookup - Default Settings
VirusScope - Set to "Monitor programs in Containment only"
Trusted Vendors List - Default List
Detect PUP Software - Default
Desktop Widget - No
KillSwitch - Yes

I would like to see "ask" option in Auto-Containment.. its going to be there in the next release or beta.
 
  • Like
Reactions: AtlBo, bribon77, shmu26 and 1 other person
I use Proactive Mode with ALL modules customized toward maximum possible protection (aka paranoid mode.)
For advanced users, Comodo's HIPS is a required feature.
For less advanced users, the sandbox is the preferred feature.
 
  • Like
Reactions: ZeroDay, AtlBo, bribon77 and 2 others
shmu26 said:
@AtlBo, would you mind posting a screenshot of your command line/embedded code settings? I am curious to see how you have configured the various processes, and I also would like to see exactly what Comodo put on the list (I don't have Comodo installed right now).
Click to expand...

@shmu26. Here you are. The second one is gigantic sorry about the size of the pic.

Comodo H-C-L Defaults + vds.png Comodo H-C-L Extended List.png

First list is defaults plus mshta.exe, vds.exe, and vdsldr.exe. 2nd list is the full extended list I put together from some Bouncer list I found here on MTs.

I wonder if it would make sense to add .EXCEL.exe and the other MS Office programs to the list. Might try this later to see if HC-L can generate an alert up from macro code in those files.
 
Last edited:
  • Like
Reactions: Evjl's Rain and shmu26
AtlBo said:
@shmu26. Here you are. The second one is gigantic sorry about the size of the pic.

View attachment 172158 View attachment 172159

First list is defaults plus mshta.exe, vds.exe, and vdsldr.exe. 2nd list is the full extended list I put together from some Bouncer list I found here on MTs.

I wonder if it would make sense to add .EXCEL.exe and the other MS Office programs to the list. Might try this later to see if HC-L can generate an alert up from macro code in those files.
Click to expand...
What is vds and vdsldr?
 
shmu26 said:
What is vds and vdsldr?
Click to expand...

Here is the explanation I found:

Virtual Disk Service. vds.exe. C:\WINDOWS\System32\vds.exe. VDS is a set of application programming interfaces (APIs) that provides a single interface for managing disks. VDSprovides an end-to-end solution for managing storage hardware and disks, and for creating volumes on those disks.
Click to expand...

The genuine vdsldr.exe file is a software component of Microsoft Windows Operating System by Microsoft.
The client side process for Microsoft's Virtual Disk Service, this application runs on client machines to support virtual disk implementation. A host machine running VDS will have a management console that will allow access to all storage that is accessible through the client machines.
Click to expand...

Can't recall who recommended adding this. I had been under the impression it is associated specifically with execution of vb script, but I see this is not the case. I guess the larger list has been more or less an experiment for me. I can see how script might be referenced by some of the added elements (like with rundll32.exe), so I have stuck with them for the last 6 months.
 
Last edited:
  • Like
Reactions: Evjl's Rain and shmu26
AtlBo said:
Here is the explanation I found:



Can't recall who recommended adding this. I had been under the impression it is associated with execution of vb script, but I see this is not the case. I guess the larger list has been more or less an experiment for me. I can see how script might be referenced by some of the added elements (like with rundll32.exe), so I have stuck with them for the last 6 months.
Click to expand...
Thanks. I think a lot of ransomware uses vds.
 
  • Like
Reactions: Evjl's Rain and AtlBo
Here is a use of Comodo Firewall that I haven't seen anyone talk about yet:
HIPS at paranoid, but monitoring only for process execution and DNS/RPC client service.
This gives you an advanced anti-exe, plus protection against network connection snooping.
 
  • Like
Reactions: Evjl's Rain and AtlBo
shmu26 said:
Here is a use of Comodo Firewall that I haven't seen anyone talk about yet:
HIPS at paranoid, but monitoring only for process execution and DNS/RPC client service.
Click to expand...

Interesting way to think for someone who is not currently using the HIPS element of Comodo. I am using the HIPS module since I don't install many programs these days, but I ran Comodo with only about 5 of the the HIPS modules enabled for awhile. After that I realized they are all actually fairly pointedly purposeful, so I reenabled them all. Still, I can see why someone would go this direction with the settings, and it seems like a very nice idea to me. :)
 
  • Like
Reactions: Evjl's Rain and shmu26
Umbra said:
For advanced users, Comodo's HIPS is a required feature.
Click to expand...

Advanced users don't use HIPS. People use HIPS in order to look like advanced users. Once you are advanced enough to understand HIPS properly, you know how you can get infected, which threats apply to you, what you need to do against it, and finally you realize you don't actually need it anymore or never needed it in the first place.
 
  • Like
Reactions: Nightwalker, Evjl's Rain, Tiny and 4 others
HIP is important, only with so many tools you can exclude it. If some of these tools did not exist, it would be extremely necessary.

I would improve the AV and viruscope: Although it is understandable that they have not worked so much ..
1- The method of protection avoids the need for signatures.
2- I do not think they earn a lot of money with CIS

Before I liked the method of protection and comfortable (2009 approx) but it was impossible to use the alerts .. now I noticed a lot that advanced and comfortable cloud has been a pleasant change ..

I hope they improve.
 
  • Like
Reactions: Evjl's Rain, bribon77, AtlBo and 2 others
AtlBo said:
Interesting way to think for someone who is not currently using the HIPS element of Comodo.
Click to expand...
Reinstalled CFW today, just to try out my idea. :)
@Lockdown kept telling me about how powerful SpyShelter Firewall is, if you run it in "ask user" mode. It took me a while to wrap my mind around it, but when I finally understood what SpyShelter application execution control is doing, I realized that you can achieve the same with Comodo HIPS. Had to try it out. So far, so good.
If I am not mistaken, this is what the new NVT ERP will be accomplishing, through the addition of parent process to the whitelisting.
 
  • Like
Reactions: Evjl's Rain, bribon77 and AtlBo
FleischmannTV said:
Advanced users don't use HIPS. People use HIPS in order to look like advanced users. Once you are advanced enough to understand HIPS properly, you know how you can get infected, which threats apply to you, what you need to do against it, and finally you realize you don't actually need it anymore or never needed it in the first place.
Click to expand...
Just out of curiosity, what does the true "advanced user" need, in terms of security software? Assuming he is a home user with normal computer purposes.
 
  • Like
Reactions: Evjl's Rain, ZeroDay, bribon77 and 1 other person
shmu26 said:
Just out of curiosity, what does the true "advanced user" need, in terms of security software? Assuming he is a home user with normal computer purposes.
Click to expand...
I think it depends on your knowledge ..
eg: CFW is enough for someone who knows the use of sandbox and sends things to virustotal (HIP is not necessary).
CIS: It is enough for a user who does not install anything signed or very unknown.

A user who wants control would use all CFW
 
  • Like
Reactions: Evjl's Rain, bribon77, shmu26 and 1 other person
FleischmannTV said:
Advanced users don't use HIPS. People use HIPS in order to look like advanced users. Once you are advanced enough to understand HIPS properly, you know how you can get infected, which threats apply to you, what you need to do against it, and finally you realize you don't actually need it anymore or never needed it in the first place.
Click to expand...

I use the HIPS as a stand in "cover" for some of the weaknesses of Comodo Firewall. The input is helpful with questionable apps when the app or the functionality in the application is something required at the time. Mostly, the alerts give an indication for me of what the specific app would like to be able to access, and knowing I can watch the app if necessary.

Kind of sounds like you are saying that what the advanced user needs is the same as what the noob needs. Don't take this the wrong way, because it would be great if it were true at this time. For me, security software has a little ways to go before I'll count out old fashioned HIPS. I think more clever presentation of threat potential (on alerts) is needed and then more clearly understandable security options packages or package choices. Example is Comodo's Internet, Firewall, and Proactive options. There isn't much clarity to the choice in the deepest sense. New Comodo user ends up taking Comodo's word for it with the default or choosing based on someone else's experience and or advice.

Also, there are different levels of noob or non-advanced, when it is taken into consideration that some users focus hard on a limited set of applications and then may switch. Essentially, they become a noob all over again even if a noob with good knowledge.
 
  • Like
Reactions: Evjl's Rain, klaken, Sunshine-boy and 2 others
Status
Not open for further replies.

You may also like...