COMODO Internet Security 5.x Thread

[andyman35]

Quote:

Originally Posted by Hungry Man

What do we know about the automatic sandbox? Is it basically hte same but with virtualized file system?

Yes the automatic sandbox will now equate to the manual one.

[TyRidian]

Quote:

also nice to see CCE + Killswitch being integrated to CIS...per screenshots

I'm glad they decided to do that.

[Solarlynx]

AFAIK CCE isn't going to be integrated with the CIS 6 as COMODO's policy for CIS is first of all prevention and CCE is only for cleaning.

[wasgij6]

Quote:

Originally Posted by Solarlynx

AFAIK CCE isn't going to be integrated with the CIS 6 as COMODO's policy for CIS is first of all prevention and CCE is only for cleaning.

if you look at the first screenshot under advanced tasks it says "Clean this endpoint - Run Comodo Cleaning Essentials tool to clean persistent infections"

[KelvinW4]

Yeah, maybe that is for any threats that got through the system. However, it doesn't seem possible huh?

[Solarlynx]

Quote:

Originally Posted by wasgij6

if you look at the first screenshot under advanced tasks it says "Clean this endpoint - Run Comodo Cleaning Essentials tool to clean persistent infections"

Sorry for my ignorance - what screenshots?

[a256886572008]

Quote:

Originally Posted by Solarlynx

Sorry for my ignorance - what screenshots?

http://i.imgur.com/qdAFm.png

[Solarlynx]

Thank you.
Really, there CCE.
I never had to use it but I really love the KillSwitch there.

[Brocke]

I noticed when you manally update CIS the Time and Date will change and state that the Database has been updated on the exact same time you checked even if there is no database update.

isnt that alittle misleading and when CIS checks even if there isnt a update it will still show the time it checked.

[Solarlynx]

Really, that's rather misleading - sometimes newer date for older bases.

They must mean the time of the last check. Then it must be written not "The virus database has been updated on ..." but "The last successful check was on...".

[Brandonn2010]

Tell me if this seems okay:

I am trying the whole suite on my brother's PC (11 y/o so high-risk user).

For the AV: I have cranked up the heuristics to high, and enabled rootkit scanning (not sure why this is disabled by default).

For the firewall: Default settings.

For Def+: I have set to treat unknown processes as Blocked, hopefully turning it into an anti-exe for unknown processes and malware.

Sandbox: Disabled as I feel the Def+ is enough and I don't want to deal with things being virtualized.

Does this seem secure?

EDIT: Yes I have checked Chiron's guide and I was also wondering whether it uses caching to improve scan speeds?

[cheater87]

Seems good to me Brandon.

[KelvinW4]

The AV has the rootkit scanning off because it lengthens the amount of time to scan the computer.
Comodo only uses on-session caching, meaning that after a computer restarts it needs to rebuild cache again. hopefully it will be changed after v6

[Brandonn2010]

Well I have a lot of confidence it the Def+ now. I went to install Minecraft on my brother's computer to see if it would work on there, and COMODO blocked it with the same message AppGuard gives when blocking something, that the file or path or whatever cannot be found However, I added an exclusion for Minecraft's file in Def+ but it still kept blocking it.

[narenbisht]

Quote:

Originally Posted by KelvinW4

The AV has the rootkit scanning off because it lengthens the amount of time to scan the computer.
Comodo only uses on-session caching, meaning that after a computer restarts it needs to rebuild cache again. hopefully it will be changed after v6

The caching thing is changed & improved in CIS 6 as per Devs.

Rootkit scan is there in Comodo AV by default. The option for Rootkit scan which is off is an advanced Rootkit scan so it may give FP & therefore off.

[CogitoTesting]

@ Brandonn2010

Please do not disable the sandbox since they complement each other. Also enable parental control and suppress notifications for all modules i.e av, firewall, and D+.

AV: Suppress notification and automatically quarantine threats.
D+: Automatically block unknown threats.
Firewall: Block all incoming connections

P.S: make sure you create a very good password for the parental control so that your brother could not guess it or disable CIS modules when they become a pain in his neck . I would also suggest for you to use k9 web filter along side CIS. Then and only then your brother would develop some sort of vendetta against you. Good luck m8. .

Thanks.

[Chiron]

Quote:

Originally Posted by Brandonn2010

Tell me if this seems okay:
For Def+: I have set to treat unknown processes as Blocked, hopefully turning it into an anti-exe for unknown processes and malware.

Sandbox: Disabled as I feel the Def+ is enough and I don't want to deal with things being virtualized.

I'd advise that you enable the sandbox and turn Defense+ to Untrusted. Blocked does not even give you any indication of what was blocked. This can make it very frustrating to use.

Also, leaving the sandbox enabled makes it much quieter and easy to use. BTW, this version of the automatic sandbox does not virtualize programs. It just functions like an automatic Defense+ and automatically limits their actions. V6 will have full virtualization of processes placed in the automatic sandbox.

[Brandonn2010]

Quote:

Originally Posted by Chiron

I'd advise that you enable the sandbox and turn Defense+ to Untrusted. Blocked does not even give you any indication of what was blocked. This can make it very frustrating to use.

Also, leaving the sandbox enabled makes it much quieter and easy to use. BTW, this version of the automatic sandbox does not virtualize programs. It just functions like an automatic Defense+ and automatically limits their actions. V6 will have full virtualization of processes placed in the automatic sandbox.

How is it safer to let the malware run in the sandbox than just blocking it in the first place?

[Chiron]

Quote:

Originally Posted by Brandonn2010

How is it safer to let the malware run in the sandbox than just blocking it in the first place?

I mainly just do it so I get the popup to let me allow it for safe apps. It's just for convenience.

In reality I haven't seen any loss in safety by running things in the sandbox and setting it to untrusted.

[Brandonn2010]

The alert from Def+ when blocking would be a nice feature for version 6.