Advice Request Why CruelSisters disable the HIPS?

Please provide comments and solutions that are helpful to the author of this topic.

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Someone commented it is against @cruelsister settings
This is true. But you are not bound by Biblical law to use cruelsister settings. You are allowed to use Comodo firewall as it was intended by the developers to be used, if you so wish. :)
However, as mentioned, you will find HIPS more chatty.
CruelSister settings are a dumbed-down config for Comodo that actually works very well, but if you want the real deal, it's yours for the taking
 

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
Mine is is Training Mode and have no problems.

214428
 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
Training mode is a mode to make hips learn the behavior of the software. There is no warning. After a certain period, you have to switch to another mode at your own discretion.

Hips are avoided because it is the 'wall' of software and users.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Mine is is Training Mode and have no problems.

View attachment 214428
Training HIPS is a preparation for running HIPS in paranoid mode. If you are planning on running in Safe mode, you don't need to train it. All you need to do is check the trusted file list and make sure that your regular software has trusted status. And if you use an unusual vendor, which is not already on the list, for instance, AppGuard, then add it to the trusted vendors list.
 

Back3

Level 14
Verified
Top Poster
Apr 14, 2019
654
I've been using CSComodo for over a year now with HIPS in safe mode. For 20 minutes I enabled training mode and clicked on my apps to automatically register them with HIPS. Most of the time, I just update my apps so kind of forget that I have a HIPS.
 
Last edited:

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Well she said her cs settings are for noobs = less pop-ups & other annoyances while still providing good protection

There is tons of ways to configurate comodo firewall to fill your needs, but i like to use either default block or cs settings myself

Hips, even on training mode can cause problems and she said hips wont bring any extra protection over container wich is main point of the comodo firewall anyways

tldr ; easy, light, silent protection for noobs, not probably MOST optimal settings comodo firewall can has
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
HIPS work on static systems... very static systems. Even updating an app could cause 50 alerts because 50 files are modified or dropped on certain modes. IIRC safe mode alerts you if things like firewall settings are changed or the HOSTS file is modified which is all you need.
I liked your post but honestly can't fully agree with your opinion...HIPS is designed to detect and alert about everything what is important and at the same time is unknown/suspicious/dangerous for the system. Actualy almost everything in your system what is known and trusted should have own rules in used HIPS especialy if that thing needs updating...the rest will be treated as intruder. And that it's the core of using HIPS :cool:
 

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
I liked your post but honestly can't fully agree with your opinion...HIPS is designed to detect and alert about everything what is important and at the same time is unknown/suspicious/dangerous for the system. Actualy almost everything in your system what is known and trusted should have own rules in used HIPS especialy if that thing needs updating...the rest will be treated as intruder. And that it's the core of using HIPS :cool:
Friend @ichito, yes, but the HIPS system, if you want to install a good program, will give you 10 alerts, which with the configuration of CS only if it is not recognized, the Sanbox will act.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Friend @ichito, yes, but the HIPS system, if you want to install a good program, will give you 10 alerts, which with the configuration of CS only if it is not recognized, the Sanbox will act.
If the program that you are installing is fully recognized, and Autocontainment allows it to install freely, then also HIPS (safe mode) will not give you alerts. This is because Autocontainment and HIPS (safe mode) use the same file rating system.

If the program is NOT fully recognized, then you will see a big difference between CruelComodo and HIPS Comodo. You will get a flood of alerts from HIPS Comodo, if you do not know how to properly react to the first two prompts. However, if you treat the first two prompts correctly, HIPS will shut its mouth (most of the time) and let you install.
 

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
If the program that you are installing is fully recognized, and Autocontainment allows it to install freely, then also HIPS (safe mode) will not give you alerts. This is because Autocontainment and HIPS (safe mode) use the same file rating system.

If the program is NOT fully recognized, then you will see a big difference between CruelComodo and HIPS Comodo. You will get a flood of alerts from HIPS Comodo, if you do not know how to properly react to the first two prompts. However, if you treat the first two prompts correctly, HIPS will shut its mouth (most of the time) and let you install.
In short it is the same if you use in safe mode. If the HIPS is deactivated, the Sanbox acts directly
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
So makes sense to have both safe mode HIPS and cruel comodo with sandbox? is there a case when one trigger and the other doesnt?
Let's say a dropper evades detection (this actually happens) and does absolutely nothing suspicious. All it does is schedule itself to run when you reboot your computer. This is totally normal for software to do.
The dropper launches right after your system starts, and spawns the payload before your clunky security software is fully up and running.
If you have Cruelcomodo, it is too late for autocontainment, but you might still be lucky if the firewall stops the payload. (Example taken from one of CruelSister's own tests.)
If you have HIPS, the payload can be stopped at any point in the attack sequence, not just at the initial execution (autocontainment) or calling home (firewall).
 

Threadripper

Level 9
Verified
Well-known
Feb 24, 2019
408
I liked your post but honestly can't fully agree with your opinion...HIPS is designed to detect and alert about everything what is important and at the same time is unknown/suspicious/dangerous for the system. Actualy almost everything in your system what is known and trusted should have own rules in used HIPS especialy if that thing needs updating...the rest will be treated as intruder. And that it's the core of using HIPS :cool:
And that's fine for somebody like you or me, but when people try to copy this kind of config and encounter issues who is really to blame?
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Why? Is she a programmer or something?

She is an IT professional with a background in security and malware. She is very knowledgeable about how malware works and shares her insights here, on wilders, and in a YouTube channel. If you search around the Comodo threads you will find a wealth of insight from her posts and comments.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top