shmu26

Level 85
Verified
Trusted
Content Creator
Someone commented it is against @cruelsister settings
This is true. But you are not bound by Biblical law to use cruelsister settings. You are allowed to use Comodo firewall as it was intended by the developers to be used, if you so wish. :)
However, as mentioned, you will find HIPS more chatty.
CruelSister settings are a dumbed-down config for Comodo that actually works very well, but if you want the real deal, it's yours for the taking
 

WinXPert

Level 24
Verified
Trusted
Malware Hunter
Mine is is Training Mode and have no problems.

214428
 

shmu26

Level 85
Verified
Trusted
Content Creator
Mine is is Training Mode and have no problems.

View attachment 214428
Training HIPS is a preparation for running HIPS in paranoid mode. If you are planning on running in Safe mode, you don't need to train it. All you need to do is check the trusted file list and make sure that your regular software has trusted status. And if you use an unusual vendor, which is not already on the list, for instance, AppGuard, then add it to the trusted vendors list.
 

Back3

Level 5
I've been using CSComodo for over a year now with HIPS in safe mode. For 20 minutes I enabled training mode and clicked on my apps to automatically register them with HIPS. Most of the time, I just update my apps so kind of forget that I have a HIPS.
 
Last edited:

Moonhorse

Level 29
Verified
Content Creator
Well she said her cs settings are for noobs = less pop-ups & other annoyances while still providing good protection

There is tons of ways to configurate comodo firewall to fill your needs, but i like to use either default block or cs settings myself

Hips, even on training mode can cause problems and she said hips wont bring any extra protection over container wich is main point of the comodo firewall anyways

tldr ; easy, light, silent protection for noobs, not probably MOST optimal settings comodo firewall can has
 

ichito

Level 9
Verified
Content Creator
HIPS work on static systems... very static systems. Even updating an app could cause 50 alerts because 50 files are modified or dropped on certain modes. IIRC safe mode alerts you if things like firewall settings are changed or the HOSTS file is modified which is all you need.
I liked your post but honestly can't fully agree with your opinion...HIPS is designed to detect and alert about everything what is important and at the same time is unknown/suspicious/dangerous for the system. Actualy almost everything in your system what is known and trusted should have own rules in used HIPS especialy if that thing needs updating...the rest will be treated as intruder. And that it's the core of using HIPS :cool:
 

bribon77

Level 33
Verified
I liked your post but honestly can't fully agree with your opinion...HIPS is designed to detect and alert about everything what is important and at the same time is unknown/suspicious/dangerous for the system. Actualy almost everything in your system what is known and trusted should have own rules in used HIPS especialy if that thing needs updating...the rest will be treated as intruder. And that it's the core of using HIPS :cool:
Friend @ichito, yes, but the HIPS system, if you want to install a good program, will give you 10 alerts, which with the configuration of CS only if it is not recognized, the Sanbox will act.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Friend @ichito, yes, but the HIPS system, if you want to install a good program, will give you 10 alerts, which with the configuration of CS only if it is not recognized, the Sanbox will act.
If the program that you are installing is fully recognized, and Autocontainment allows it to install freely, then also HIPS (safe mode) will not give you alerts. This is because Autocontainment and HIPS (safe mode) use the same file rating system.

If the program is NOT fully recognized, then you will see a big difference between CruelComodo and HIPS Comodo. You will get a flood of alerts from HIPS Comodo, if you do not know how to properly react to the first two prompts. However, if you treat the first two prompts correctly, HIPS will shut its mouth (most of the time) and let you install.
 

bribon77

Level 33
Verified
If the program that you are installing is fully recognized, and Autocontainment allows it to install freely, then also HIPS (safe mode) will not give you alerts. This is because Autocontainment and HIPS (safe mode) use the same file rating system.

If the program is NOT fully recognized, then you will see a big difference between CruelComodo and HIPS Comodo. You will get a flood of alerts from HIPS Comodo, if you do not know how to properly react to the first two prompts. However, if you treat the first two prompts correctly, HIPS will shut its mouth (most of the time) and let you install.
In short it is the same if you use in safe mode. If the HIPS is deactivated, the Sanbox acts directly
 

shmu26

Level 85
Verified
Trusted
Content Creator
So makes sense to have both safe mode HIPS and cruel comodo with sandbox? is there a case when one trigger and the other doesnt?
Let's say a dropper evades detection (this actually happens) and does absolutely nothing suspicious. All it does is schedule itself to run when you reboot your computer. This is totally normal for software to do.
The dropper launches right after your system starts, and spawns the payload before your clunky security software is fully up and running.
If you have Cruelcomodo, it is too late for autocontainment, but you might still be lucky if the firewall stops the payload. (Example taken from one of CruelSister's own tests.)
If you have HIPS, the payload can be stopped at any point in the attack sequence, not just at the initial execution (autocontainment) or calling home (firewall).
 

Threadripper

Level 8
I liked your post but honestly can't fully agree with your opinion...HIPS is designed to detect and alert about everything what is important and at the same time is unknown/suspicious/dangerous for the system. Actualy almost everything in your system what is known and trusted should have own rules in used HIPS especialy if that thing needs updating...the rest will be treated as intruder. And that it's the core of using HIPS :cool:
And that's fine for somebody like you or me, but when people try to copy this kind of config and encounter issues who is really to blame?
 
Top