yigido's Config

[Online_Sword]

I removed AV module of Comodo Internet Security, so I have only Comodo Firewall now. I can still check how viruscope perform with new updates I added EAM to my config.

Hi, I am also interested in the combination of EAM and Comodo. So I hope to ask you some questions on your configuration:

Do you enable or disable HIPS of CFW?
Do you enable or disable AutoSandobx of CFW?
How long have you used this combination (EAM + CFW)?
Has any BSOD ever happened since you use this combination?

 

[Deleted member 2913]

I removed AV module of Comodo Internet Security, so I have only Comodo Firewall now. I can still check how viruscope perform with new updates I added EAM to my config.

You are an expert user. I think Comodo FW is enough for you...Cloud AV is there with CFW. Why EAM or any other AV? The question coz as mentioned you are an expert user & just my opinion...CFW with its Cloud AV protections is good for experts...no need any AV.

 

[hjlbx]

You are an expert user. I think Comodo FW is enough for you...Cloud AV is there with CFW. Why EAM or any other AV? The question coz as mentioned you are an expert user & just my opinion...CFW with its Cloud AV protections is good for experts...no need any AV.

@yigido has no need of any AV... he just likes playing with security softs = Bad Habit.

 

[Deleted member 2913]

@yigido has no need of any AV... he just likes playing with security softs = Bad Habit.

HJLBX,

But as you know Comodo Cloud is not a pure Cloud AV i.e it doesn't blocks a file for cloud results i.e like Panda has default 30 secs, Bd free too works like this. And as per Panda getting cloud results is instant...30 secs default is just in case.

So if a detection is present in the cloud but due to Comodo cloud glitch or whatever malware was not detected on the system...I believe it will be autosandboxed or if an installer then elevated privileges Comodo alert will be there, right?

 

[hjlbx]

HJLBX,

But as you know Comodo Cloud is not a pure Cloud AV i.e it doesn't blocks a file for cloud results i.e like Panda has default 30 secs, Bd free too works like this. And as per Panda getting cloud results is instant...30 secs default is just in case.

So if a detection is present in the cloud but due to Comodo cloud glitch or whatever malware was not detected on the system...I believe it will be autosandboxed or if an installer then elevated privileges Comodo alert will be there, right?

You can set Comodo Cloud Antivirus to "No notifications: 'Block and Terminate."

If local CIS cannot communicate with Comodo File Lookup Server (FLS\Comodo Cloud) to establish file reputation, then it will treat it as Unrecognized. At default Internet Security configuration, CIS will auto-sandbox. At default Proactive Security configuration, CIS will generate HIPS alert and auto-sandbox - if user allows file to run at HIPS alert.

If the following settings are enabled under Defense+ > Sandbox > Sandbox Settings :

• Detect programs which require elevated privileges, e.g. installers or updaters
• Show privilege elevation alerts for unknown programs

then when execute any file that requires elevated privileges will be detected - and - Sandbox "Elevation" alerts will be generated for any Unrecognized file.

That alert is for the user to understand that the file that is about to run will do so with complete system access .

(Although sandboxed file cannot do much to physical system... plus, protected objects and protected data folders cannot be modified. I am a bit perplexed as to why Comodo designed it this way, since the Unrecognized file will be sandboxed and the elevated privilege is irrelevant to overall actual, physical system security in the sandbox. In other words, I've considered it carefully and the elevated privilege alert for Unrecognized apps seems to be superfluous - and somewhat of a duplicate to the HIPS alert. In any case, system is protected despite elevated privileges. Protected... that's all that matters... right ?)

 

[Deleted member 2913]

I find elevated privileges good & not duplicate to HIPS alert.
On elevated privileges alert, you select any option to install & no further popups. HIPS will give you all sort of popups.
So for me elevated privilege gives an option to install sandboxed or unlimited in case of FP without further popups. I like this.
HIPS is good for users who like to know more.

 

[hjlbx]

I find elevated privileges good & not duplicate to HIPS alert.
On elevated privileges alert, you select any option to install & no further popups. HIPS will give you all sort of popups.
So for me elevated privilege gives an option to install sandboxed or unlimited in case of FP without further popups. I like this.
HIPS is good for users who like to know more.

@yesnoo - you bring up a good point. Since I use HIPS, the elevated privilege alert is essentially a duplicate.

 

[Deleted member 2913]

@yesnoo - you bring up a good point. Since I use HIPS, the elevated privilege alert is essentially a duplicate.

Do you get same number of HIPS alerts with Sandbox + HIPS enabled & HIPS enabled only i.e Sandbox disabled?

 

[hjlbx]

Do you get same number of HIPS alerts with Sandbox + HIPS enabled & HIPS enabled only i.e Sandbox disabled?

With files that request elevated privileges I get both HIPS & Sandbox alerts = double alerts.

With either HIPS or Sandbox disabled, I only see alerts from the module that is enabled = single alerts.

However, as you know, HIPS can generate a whole lot of alerts - depending upon the file's actions.

 

[Deleted member 2913]

With files that request elevated privileges I get both HIPS & Sandbox alerts = double alerts.

With either HIPS or Sandbox disabled, I only see alerts from the module that is enabled = single alerts.

However, as you know, HIPS can generate a whole lot of alerts - depending upon the file's actions.

I meant HIPS alert...
i.e 1. Sandbox & HIPS enabled - You install a program A & get elevated privileges alert & choose "run unlimited" & further get HIPS alerts
2. HIPS enabled only i.e Sandbox disabled - You install a program A & get HIPS alert

If you get less HIPS alerts in scenario 1 compared to scenario 2 then elevated privilege alert is not duplicate to HIPS as EP played a part & reduced couple alerts, right?

 

[hjlbx]

I meant HIPS alert...
i.e 1. Sandbox & HIPS enabled - You install a program A & get elevated privileges alert & choose "run unlimited" & further get HIPS alerts
2. HIPS enabled only i.e Sandbox disabled - You install a program A & get HIPS alert

If you get less HIPS alerts in scenario 1 compared to scenario 2 then elevated privilege alert is not duplicate to HIPS as EP played a part & reduced couple alerts, right?

1.

I run from Downloads directory, so if file is an installer, I will get Explorer is trying to access file A. Allow. File A is requesting elevated privileges. Allow. Explorer is trying to access file A (again). Allow. Elevated privileges alert (again). Allow.

For Unrecognized file that will be sandboxed:

1st HIPS alert is at unelevated privileges for file. Then 1st elevated privileges alert - with unelevated privileges for file, but select allow enables elevated privileges and passes it on. This generates 2nd HIPS alert at elevated privileges for file. Then 2nd elevated privileges alert with elevated privileges for file.

So you see, elevated privileges detection and alerts causes duplicate alert.

I do not use "Treat as..." or "Remember my answer..." when 1st run any Unrecognized file. It is still sandboxed.

2.

If use only HIPS, then only one alert and choose Allow.

 

[Deleted member 2913]

Ok, got it.

 

[hjlbx]

Ok, got it.

I don't like the way it works... it causes confusion - duplicate alerts are unnecessary.

I thought it was a W8.1 bug... but now I am not too sure since I have conflicting infos.

 

[Deleted member 2913]

I don't like the way it works... it causes confusion - duplicate alerts are unnecessary.

I thought it was a W8.1 bug... but now I am not too sure since I have conflicting infos.

I am not sure too.
I use default settings on Win 7 64. And sometimes I too see 2 popups for same thing i.e Program A - I run program A & get elevated privilege alert & select an option run isolated/run unlimited but again get elevated privilege alert & select an option. Sometimes I see this...dont know bug or whatever...with CIS things are so confusing sometimes.

 

[Deleted member 2913]

Removed

 

[Cats-4_Owners-2]

Hello friend Yigido, you've ever a fascinating configuration where conversations abound! As you prefer Stickypassword over Keypass, were the offline/non-synch characteristics what won you over from LastPass?
I feel quite inspired by your use of Emsisot Anti-Malware which is a most effective recommendation, and may follow your lead ..at least for 30 days!

 

[hjlbx]

I am not sure too.
I use default settings on Win 7 64. And sometimes I too see 2 popups for same thing i.e Program A - I run program A & get elevated privilege alert & select an option run isolated/run unlimited but again get elevated privilege alert & select an option. Sometimes I see this...dont know bug or whatever...with CIS things are so confusing sometimes.

I just realized we're tearing-up @yigido's config thread.

Apologies @yigido... no disrespect intended, just inattention.

@yesnoo - I will just say "Good Grief, the bugs just keep piling on. I'm working on 4 or 5 moderately important right now (so many minor ones I lost track !) - with no motivation at the moment to get them prepared and submitted. Despite the bugs, CIS does protect the system. It just bothers me because they cause massive confusion - and consequently people who experience them judge CIS as "garbage." My CIS config is customized - and - probably most typical CIS users would never create rules and modifications that I have done\do. So, some it has to do with my 'tinkering.' "

 

[yigido]

Gusy no problem on posting my config, feel free to spamming here

Hi, I am also interested in the combination of EAM and Comodo. So I hope to ask you some questions on your configuration:

Do you enable or disable HIPS of CFW?
Do you enable or disable AutoSandobx of CFW?
How long have you used this combination (EAM + CFW)?
Has any BSOD ever happened since you use this combination?

No problem so far works great!

You are an expert user. I think Comodo FW is enough for you...Cloud AV is there with CFW. Why EAM or any other AV? The question coz as mentioned you are an expert user & just my opinion...CFW with its Cloud AV protections is good for experts...no need any AV.

Actually I do not need any realtime protection feature. Comodo Firewall works like a anti-executable that I like. Proactive configuration is set!
Why am I using EAM? Because I got a key for 1 year I want to use it after their huge changelog, I want to see the improvements,too.

Hello friend Yigido, you've ever a fascinating configuration where conversations abound! As you prefer Stickypassword over Keypass, were the offline/non-synch characteristics what won you over from LastPass?
I feel quite inspired by your use of Emsisot Anti-Malware which is a most effective recommendation, and may follow your lead ..at least for 30 days!

Actually, StickPassword's browser integration works better than KeePass. It is a life saver, time saver feature.
I imported my password but I got problem about filling the forms on websites with StickPassword. So, I came back to LastPass. I check my security options again. I tighthen some settings to prevent hacking.. after all I am again a LastPass user. LastPass is a leader on its area.

 

[Deleted member 2913]

You used Sticky free or pro?
I think Sticky free is limited to 15 accounts, right?

 

[yigido]

You used Sticky free or pro?
I think Sticky free is limited to 15 accounts, right?

I imported more than 15 accounts. I was using free version.