COMODO Internet Security 4.0.664.127486 BETA Released

From the leading developer & project manager of CIS:

Behavior Blocker, CIMA heurstics and so on will be in the next versions once this version launches with the sandbox (as sandbox is a huge code based release). CIS including sandbox supports both x32 and x64 platforms.

 

OOPs...I posted this just 1 minute after you. >.> I'l delete.

 

Np...

There is also further improvements in the AV: MUCH better memory handling while updating for first time and also the need to no longer reboot (Probably thanks to the new CIS 4 Engine).

 

Wll it be on the tests by AV Comparatives when it leaves beta?
Regards,
Jerry

 

nope. lol theyve always got an excuse tho

 

@Dragons Forever, the comodo hero formerly known as 3exist

When running on Vista and Windows 7 the great benefit of UAC is that when running least priveledge processes they can only perform side by side infections. Combining this file and regsitry virtualisation (Vista/Win7 only offer this as a mean to deal with incompatibility, not security) is really smart and reduces the risks to a minimum

So here a few questions:

1. When a sandboxed program spawns a process, will the same restrictions be applied (meaning both least priveldge and virtualisaton)?

2. When a sandboxed program creates a process, will the same restrictions be applied (meaning both least priveldge and virtualisaton)?

3. When an elevation request is encountered, will file and registry virtualisation still be on to protect (like pseudo admin)?

4. Great improvement to whitelist installs. I assume this precedes over the unknown program handling (since it is a trusted installer/company), is this right?

5. What settings do I need to activate in D+. In other words would the minimum be enough (file and regsitry) or do I need some additional protection (f.i. to exclude the debugger mode route and keep least priveledge sandbox in tact?)?

6. How is the sandbox cleared and/or promoted to real system environment?

When I get the answers I am hoping for, this is really a break through.

 

Can it be freely used with Returnil?

 

Of course.

 

@3xist

where is the download link for cis4 beta ?

 

https://forums.comodo.com/cis4-beta-testing-b202.0/

https://forums.comodo.com/cis4-beta...urity-40664127486-beta-released-t49850.0.html

 

10X guests

 

btw , cis 4 beta + using SB dont go along side well , a major slow down in open ie or fire fox

 

wondering if v4 will be more user-friendly..I mean for a beginner/intermediate users..seems like it's possible, fingers crossed

 

basically its same as version 3 with few tabs / features adding

 

So... it's still going to be way too complex for new users :sighs:

 

Look at the youtube review of version 4 by Languy99 and see that CIS works much easier than 3 for new users.

 

You're completely wrong
It's intended to beginners or so. It has less popups and so on.

 

Well that could be a surprise:

It really does not matter what policy you set in the sandbox, because it runs least priveledge user and has file and registry virtuaisation, you only would like to check on side by side injections (= process modification) and some spyware related issues (key/screen loggers etc). So it could be very quiet.

Next step would be to realise a reporting functionality (like buster sandbox analyser) and acquire some behavioral / intelligent malware forensics (like Hitman Pro) and most decisions can be made for the average user.

 

I found that Defense + still causes a lot of pop-ups, and it is made worse by the fact that they removed "install mode".

 

The install mode is still there but works different, you can use it but them you dont have to come back to the normal mode, comodo come back automatly

 

Ok, I will take a look. I didnt look for it before based on the info in the OP, saying that it was removed.


EDIT: I see something called "training mode". Guess maybe they just renamed it. lol

 

I've been running CIS 4 since this morning and so far, no hiccups.

Question;
Where can I find a tutorial dedicated to the sandbox feature ?

 

I just downloaded the latest COMODO, CIS_Setup_3.13.125662.579_XP_Vista_x32

I remember I tried COMODO firewall about 1 year ago but had to remove it because for some odd reason it would never save and allow the 3 Punkbuster files that's needed for me to play online games.

Is the new version OK with this now?

And I can I tell COMODO to allow EVERYTHING that's currently on my system so I won't get bombarded with a 1000 popups?

 

Not sure, but i think if you set it in training mode, it allows everything while in it.

 

Yes.

Yes.

No it will not be.

You are correct.

You don't need to touch anything else.

It is automatically cleared on reboot.

But let me give you a better overall answer for your questions if I may...

- CIS makes sure the installers/updaters run outside the sandbox. Here users receive a ELEVATION alert, which very simply means: I am installing something, and make sure it is installed something an do not bother me with it again. This design is made to avoid incompatible issues to avoid sandboxing such programs. This really is alot similar to how UAC works in Windows Vista and Windows 7 when you see a elevation Alert like UAC. ELEVATION Alert will only alert you once and only once. Allowing it for example will make that installer/updater fully trusted and its files that it drops. Blocking it blocks it totally.

- Visualization is not yet activated/enabled by default. The sandboxed programs only start with limited rights and Defense+ handles these specifically.

How It works at the moment (Sandbox)
Unknown applications are run in the "non admin" restriction level - equal to using a non-admin account... which you probably know results in like 80% less virus damage. If you are running Windows XP, You can use Process Explorer to identify restrictions added to a sandboxed process, you can see the Job limits of the sandboxed process. So CIS4 assigns restricted tokens to processes according to the level in sandbox and puts them into a job object. It really is exploiting the full support from the operating system at this stage.

So off course OS provides alot of security as a starting point. Then we have Defense+ which automatically blocks file system and registry access to critical keys/files. These critical keys/files are the same ones used in Defense+ groups. Remember Comodo Sandbox is a default-deny sandbox where unknown apps are run in it by default. it is NOT a on-demand sandbox just to sandbox some applications, even though you can do it.

So this is how the sandbox works and elevation Alerts. I hope this helps!

Anyway, Have a play with process explorer. Run programs in the sandbox, like a undetected malware... you don't need to install the AV. And go to proccess explorer and you will see how the malware is in the sandbox and the restrictions, tested under windows xp.