- Apr 29, 2019
- 168
Someone commented it is against @cruelsister settings
Why CruelSisters disable the HIPS?
- Thread starter camo7782
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Jul 3, 2015
- 8,153
This is true. But you are not bound by Biblical law to use cruelsister settings. You are allowed to use Comodo firewall as it was intended by the developers to be used, if you so wish.
However, as mentioned, you will find HIPS more chatty.
CruelSister settings are a dumbed-down config for Comodo that actually works very well, but if you want the real deal, it's yours for the taking
- Jan 9, 2013
- 1,457
Mine is is Training Mode and have no problems.
- Apr 29, 2019
- 168
How does it works? You switch off after X days or is it automatic?
- Jan 28, 2018
- 2,464
Training mode is a mode to make hips learn the behavior of the software. There is no warning. After a certain period, you have to switch to another mode at your own discretion.
Hips are avoided because it is the 'wall' of software and users.
Hips are avoided because it is the 'wall' of software and users.
If you are going to use Comodo, might be for the best to make a backup, just in case something goes wrong.
- Jul 3, 2015
- 8,153
Training HIPS is a preparation for running HIPS in paranoid mode. If you are planning on running in Safe mode, you don't need to train it. All you need to do is check the trusted file list and make sure that your regular software has trusted status. And if you use an unusual vendor, which is not already on the list, for instance, AppGuard, then add it to the trusted vendors list.
- Jul 6, 2017
- 2,392
Comodo CIS or C Firewall has many variants of configuration.
I like the CS variant because it acts as an anti-exe. But there are other configurations.
I like the CS variant because it acts as an anti-exe. But there are other configurations.
I've been using CSComodo for over a year now with HIPS in safe mode. For 20 minutes I enabled training mode and clicked on my apps to automatically register them with HIPS. Most of the time, I just update my apps so kind of forget that I have a HIPS.
Last edited:
- May 29, 2018
- 2,728
Well she said her cs settings are for noobs = less pop-ups & other annoyances while still providing good protection
There is tons of ways to configurate comodo firewall to fill your needs, but i like to use either default block or cs settings myself
Hips, even on training mode can cause problems and she said hips wont bring any extra protection over container wich is main point of the comodo firewall anyways
tldr ; easy, light, silent protection for noobs, not probably MOST optimal settings comodo firewall can has
There is tons of ways to configurate comodo firewall to fill your needs, but i like to use either default block or cs settings myself
Hips, even on training mode can cause problems and she said hips wont bring any extra protection over container wich is main point of the comodo firewall anyways
tldr ; easy, light, silent protection for noobs, not probably MOST optimal settings comodo firewall can has
- Dec 12, 2013
- 542
I liked your post but honestly can't fully agree with your opinion...HIPS is designed to detect and alert about everything what is important and at the same time is unknown/suspicious/dangerous for the system. Actualy almost everything in your system what is known and trusted should have own rules in used HIPS especialy if that thing needs updating...the rest will be treated as intruder. And that it's the core of using HIPS
- Jul 6, 2017
- 2,392
Friend @ichito, yes, but the HIPS system, if you want to install a good program, will give you 10 alerts, which with the configuration of CS only if it is not recognized, the Sanbox will act.I liked your post but honestly can't fully agree with your opinion...HIPS is designed to detect and alert about everything what is important and at the same time is unknown/suspicious/dangerous for the system. Actualy almost everything in your system what is known and trusted should have own rules in used HIPS especialy if that thing needs updating...the rest will be treated as intruder. And that it's the core of using HIPS
- Jul 3, 2015
- 8,153
If the program that you are installing is fully recognized, and Autocontainment allows it to install freely, then also HIPS (safe mode) will not give you alerts. This is because Autocontainment and HIPS (safe mode) use the same file rating system.
If the program is NOT fully recognized, then you will see a big difference between CruelComodo and HIPS Comodo. You will get a flood of alerts from HIPS Comodo, if you do not know how to properly react to the first two prompts. However, if you treat the first two prompts correctly, HIPS will shut its mouth (most of the time) and let you install.
- Jul 6, 2017
- 2,392
In short it is the same if you use in safe mode. If the HIPS is deactivated, the Sanbox acts directly
- Apr 29, 2019
- 168
So makes sense to have both safe mode HIPS and cruel comodo with sandbox? is there a case when one trigger and the other doesnt?
- Jul 3, 2015
- 8,153
Let's say a dropper evades detection (this actually happens) and does absolutely nothing suspicious. All it does is schedule itself to run when you reboot your computer. This is totally normal for software to do.
The dropper launches right after your system starts, and spawns the payload before your clunky security software is fully up and running.
If you have Cruelcomodo, it is too late for autocontainment, but you might still be lucky if the firewall stops the payload. (Example taken from one of CruelSister's own tests.)
If you have HIPS, the payload can be stopped at any point in the attack sequence, not just at the initial execution (autocontainment) or calling home (firewall).
- Mar 25, 2014
- 398
- Feb 24, 2019
- 408
And that's fine for somebody like you or me, but when people try to copy this kind of config and encounter issues who is really to blame?I liked your post but honestly can't fully agree with your opinion...HIPS is designed to detect and alert about everything what is important and at the same time is unknown/suspicious/dangerous for the system. Actualy almost everything in your system what is known and trusted should have own rules in used HIPS especialy if that thing needs updating...the rest will be treated as intruder. And that it's the core of using HIPS
- Apr 1, 2019
- 2,868
She is an IT professional with a background in security and malware. She is very knowledgeable about how malware works and shares her insights here, on wilders, and in a YouTube channel. If you search around the Comodo threads you will find a wealth of insight from her posts and comments.
- Jul 6, 2017
- 2,392
It's someone where I and others have learned a lot about Comodo Firewall.
The pity is that lately it does not appear much.
From here I make an appeal to @cruelsister.
