camo7782

Level 4
 

Andy Ful

Level 63
Verified
Trusted
Content Creator
it seems she run unknow apps into sandbox, what if a safe app is infected?
She tested the malware in a virtual machine. Furthermore, she is an IT professional. She also created her own malware samples (not published) to show that most AVs have very weak protection against scriptors.

If a legit signed app is infected, not anti-executable, HIPS or antivirus will save your ass.
Many AVs may have a problem with detecting never-seen & signed malware. But usually, the signed malware which can hit home users will be detected by signatures. That is why the AV alongside CF is welcome. The user can also throw out most entries from CF Trusted Vendor LIst and keep only those entries which are required for system/software updates.
 
Last edited:

Telos

Level 20
Verified
Content Creator
Maybe this program is too complex for you at this time. You could just run it and leave Windows' Firewall active (it won't hurt your system). Then watch and observe and search for answers (here and w/Google) before adding 50 questions to this thread. I say this in peace.

Re: HIPS... it is fine to leave it on... some here do. It is chatty. Try it if you like. Again... no harm is done by running it.
 

Andy Ful

Level 63
Verified
Trusted
Content Creator
Found! So new vendors not in the list will end up in Untrusted category? What if an app has no vendr or is not signed? Same result?
You have a lot of information about CF on the CIS website. The Firewall Configuration, HIPS Configuration, Containment Configuration, File Rating Configuration, and Advanced Protection Configuration are valid for CF too.
Here is an answer to your question:
As you can see the application must be signed and the vendor must be on the TVL list, and then the application will be Trusted. There are some other possibilities too (citation):

"There are three ways that a file can be treated as safe in CIS:
  • The file is on the Comodo safe list (a global white-list of trusted software)
  • The user has assigned 'Trusted' rating to the file in the CIS file list (‘Settings’ > ‘File Rating’ > ‘File List’)
  • The file is published and signed by a trusted vendor. The 'vendor' is the software company that created the file."
 
Top