- Apr 29, 2019
- 168
Why CruelSisters disable the HIPS?
- Thread starter camo7782
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Feb 24, 2019
- 408
- Apr 29, 2019
- 168
- Feb 24, 2019
- 408
HIPS work on static systems... very static systems. Even updating an app could cause 50 alerts because 50 files are modified or dropped on certain modes. IIRC safe mode alerts you if things like firewall settings are changed or the HOSTS file is modified which is all you need.
- Apr 29, 2019
- 168
- Feb 24, 2019
- 408
IIRC = If I recall correctly.
- Jul 6, 2017
- 2,392
It's very safe, but ask for answers for everything and you have to know how to respond if you don't answer well, you can stop working certain applications.
I've used it in the past in paranoid mode, but it's tedious.
- Jun 24, 2016
- 2,485
The reason is simple: she enabled auto-sandbox. There's no need for overkilling it with HIPS.
- Apr 29, 2019
- 168
it seems she run unknow apps into sandbox, what if a safe app is infected?
- Jun 24, 2016
- 2,485
If a legit signed app is infected, not anti-executable, HIPS or antivirus will save your ass.
- Dec 23, 2014
- 8,513
She tested the malware in a virtual machine. Furthermore, she is an IT professional. She also created her own malware samples (not published) to show that most AVs have very weak protection against scriptors.
Many AVs may have a problem with detecting never-seen & signed malware. But usually, the signed malware which can hit home users will be detected by signatures. That is why the AV alongside CF is welcome. The user can also throw out most entries from CF Trusted Vendor LIst and keep only those entries which are required for system/software updates.
Last edited:
- Mar 25, 2014
- 398
@cruelsister is a member, but most use her recommendations for setting up and configuring Comodo Firewall.
...
- Apr 29, 2019
- 168
So her amlware was able to bypass CF with her settings too?
How do I do that?
- Dec 23, 2014
- 8,513
Some samples with EV certificate could. But, this kind of malware is used in targetted attacks on organizations, not home users.
It was possible some time ago:
So, it is probably possible now.
- Apr 29, 2019
- 168
ok but this is about the full Comodo, not Firewall only.It was possible some time ago so, it is probably possible now.
- Dec 23, 2014
- 8,513
- Apr 29, 2019
- 168
Found! So new vendors not in the list will end up in Untrusted category? What if an app has no vendr or is not signed? Same result?
- Jan 29, 2017
- 1,201
Maybe this program is too complex for you at this time. You could just run it and leave Windows' Firewall active (it won't hurt your system). Then watch and observe and search for answers (here and w/Google) before adding 50 questions to this thread. I say this in peace.
Re: HIPS... it is fine to leave it on... some here do. It is chatty. Try it if you like. Again... no harm is done by running it.
Re: HIPS... it is fine to leave it on... some here do. It is chatty. Try it if you like. Again... no harm is done by running it.
- Dec 23, 2014
- 8,513
You have a lot of information about CF on the CIS website. The Firewall Configuration, HIPS Configuration, Containment Configuration, File Rating Configuration, and Advanced Protection Configuration are valid for CF too.
Here is an answer to your question:
As you can see the application must be signed and the vendor must be on the TVL list, and then the application will be Trusted. There are some other possibilities too (citation):
"There are three ways that a file can be treated as safe in CIS:
- The file is on the Comodo safe list (a global white-list of trusted software)
- The user has assigned 'Trusted' rating to the file in the CIS file list (‘Settings’ > ‘File Rating’ > ‘File List’)
- The file is published and signed by a trusted vendor. The 'vendor' is the software company that created the file."
