Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
[Windows 7-10] What would be in your opinion the most lightweight yet effective security?
Message
<blockquote data-quote="AtlBo" data-source="post: 713561" data-attributes="member: 32547"><p>In CCAV Do you have the option to Block/Run Restricted/Run Virtual for each rule? Any of these will block malware (or anything else honestly). Only Ignore will let malware by with CF. It could still be blocked by the cloud via Viruscope, or by Heuristic command line analysis, or HIPS...even the Firewall gives you the ability to terminate a process. If you have the above options for each sandbox rule, I'm sure it's as powerful.</p><p></p><p></p><p></p><p>After a year, I now feel there really isn't anything to be scared of with Comodo, but here's what I take seriously at this point:</p><p></p><p>1. Comodo's TVL and Cloud Lookup. If Comodo trusts the file that means alot. It's an exhaustive list of trusted vendors, so things that aren't properly signed and/or then aren't allowed by Cloud Lookup should be blocked....period. I mean, OK, go through the submission process for a FP, but wait to see what Comodo says before running the app. Trust the TVL and Cloud Lookup. There are a good many stories of installers that seemed like a known but weren't etc.</p><p>2. Command-line heuristics is the cornerstone of Comodo protection. If anything gets by, chances are it will try to use command line. Comodo is there.</p><p>3. HIPS is helpful but only for taming legit apps really and only for those who understand the HIPS rules and the keys they point to etc. Probably not worth the trouble for most.</p><p>4. In the containment settings, it's not necessary to run with the "Detect which programs require elevated privileges..." setting unchecked. Honestly, it won't affect what Comodo thinks about the program, but unchecked you will have the opportunity to allow the program to run with highest privileges which can mean curtains.</p><p>5. Remember it's a security program and it's there to block sketchy and malicious software. Respect Comodo's opinion like it's the word of faith. You will be able to run most of what you attempt to install without a single alert and you can also fill in below the surface with security like NVT OSArmor or good policy setting software like [USER=32260]@Andy Ful[/USER]'s Hard_Configurator.</p><p></p><p>This is what I feel like I have learned after running for a year with a trimmed TVL to see the dynamics of the program in action. The trimmed TVL means I have gotten (and still get during installations since HIPS is on in Safe Mode) constant alerts from Comodo. I did this mostly to examine the effects of Trust on the number of firewall/connection alerts. Still don't know how the relationship works, but I have the alert frequency level set to High. I am happy with the way the alerts come through. I get a firewall alert for every connection attempt from each unruled application and it will come back unless I choose to remember the choice.</p><p></p><p>One last thing. Before unblocking from the widget, know this one thing. That dynamic creates a firewall, a HIPS, and a containment rule all set to allow. Also, it changes the file rating from "Unrecognized" to "Trusted". I like it being there, since I run with the trimmed TVL. However, the day is coming when I will be trusting the TVL and Cloud Lookup in the near future. Already do on other PCs here, just not the main one yet.</p><p></p><p>Oh yeah. [USER=7463]@cruelsister[/USER]'s settings are the cold blooded essence of Comodo. She trusts Comodo to decide what is malware and what shouldn't be run, and it works. However, she doesn't recommend turning off the firewall and she doesn't disable command-line heuristics. The rest of her settings are rock solid and I wouldn't say just a anti-exe in reality. Close but not exactly.</p></blockquote><p></p>
[QUOTE="AtlBo, post: 713561, member: 32547"] In CCAV Do you have the option to Block/Run Restricted/Run Virtual for each rule? Any of these will block malware (or anything else honestly). Only Ignore will let malware by with CF. It could still be blocked by the cloud via Viruscope, or by Heuristic command line analysis, or HIPS...even the Firewall gives you the ability to terminate a process. If you have the above options for each sandbox rule, I'm sure it's as powerful. After a year, I now feel there really isn't anything to be scared of with Comodo, but here's what I take seriously at this point: 1. Comodo's TVL and Cloud Lookup. If Comodo trusts the file that means alot. It's an exhaustive list of trusted vendors, so things that aren't properly signed and/or then aren't allowed by Cloud Lookup should be blocked....period. I mean, OK, go through the submission process for a FP, but wait to see what Comodo says before running the app. Trust the TVL and Cloud Lookup. There are a good many stories of installers that seemed like a known but weren't etc. 2. Command-line heuristics is the cornerstone of Comodo protection. If anything gets by, chances are it will try to use command line. Comodo is there. 3. HIPS is helpful but only for taming legit apps really and only for those who understand the HIPS rules and the keys they point to etc. Probably not worth the trouble for most. 4. In the containment settings, it's not necessary to run with the "Detect which programs require elevated privileges..." setting unchecked. Honestly, it won't affect what Comodo thinks about the program, but unchecked you will have the opportunity to allow the program to run with highest privileges which can mean curtains. 5. Remember it's a security program and it's there to block sketchy and malicious software. Respect Comodo's opinion like it's the word of faith. You will be able to run most of what you attempt to install without a single alert and you can also fill in below the surface with security like NVT OSArmor or good policy setting software like [USER=32260]@Andy Ful[/USER]'s Hard_Configurator. This is what I feel like I have learned after running for a year with a trimmed TVL to see the dynamics of the program in action. The trimmed TVL means I have gotten (and still get during installations since HIPS is on in Safe Mode) constant alerts from Comodo. I did this mostly to examine the effects of Trust on the number of firewall/connection alerts. Still don't know how the relationship works, but I have the alert frequency level set to High. I am happy with the way the alerts come through. I get a firewall alert for every connection attempt from each unruled application and it will come back unless I choose to remember the choice. One last thing. Before unblocking from the widget, know this one thing. That dynamic creates a firewall, a HIPS, and a containment rule all set to allow. Also, it changes the file rating from "Unrecognized" to "Trusted". I like it being there, since I run with the trimmed TVL. However, the day is coming when I will be trusting the TVL and Cloud Lookup in the near future. Already do on other PCs here, just not the main one yet. Oh yeah. [USER=7463]@cruelsister[/USER]'s settings are the cold blooded essence of Comodo. She trusts Comodo to decide what is malware and what shouldn't be run, and it works. However, she doesn't recommend turning off the firewall and she doesn't disable command-line heuristics. The rest of her settings are rock solid and I wouldn't say just a anti-exe in reality. Close but not exactly. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
