COMODO Internet Security 5.x Thread

[Cyrano2]

Updated .

[lordraiden]

A review of the beta with an AV test

http://translate.google.com/translat...l-detectiei%2F

[Hungry Man]

Well that's nice. Would have been nice to see false positives.

edit: A false positive test, I don't want false positives =p

[NormanN]

Greetings. I was having problems with OA and am giving the CIS Beta a shot. I like it so far. There are so many options available, can somebody point me to a config guide for *5.8*? I'm on Proactive, Restricted Sandbox, All Cloud and Vendor options selected, Safe/Safe, AV Hueristics at Medium....Phew! I don't mind answering pop ups, but don't want Paranoid mode. I also put WMP, VLC, Foxit, and irfanview in a permanent Restricted sandbox. What about download folders? Just a little overwhelmed and confused...but having choices is good!

Thanks,

N

PS: Read this entire thread and other CIS ones as well...still a little unsure of settings.

[Hungry Man]

I don't believe you can add a downloads folder (or any folder) to a sandbox.

You can check out my sig for my specific CIS config. I would suggest you sandbox Java, any instant messaging programs, or anything that touches the internet.

I personally leave autosandboxing off. If I find something suspicious I right click and sandbox it.

[1chaoticadult]

Quote:

Originally Posted by Hungry Man

I don't believe you can add a downloads folder (or any folder) to a sandbox.

Nope you can't I confirm it.

[Romagnolo1973]

Quote:

Originally Posted by NormanN

Greetings. I was having problems with OA and am giving the CIS Beta a shot. I like it so far. There are so many options available, can somebody point me to a config guide for *5.8*? I'm on Proactive, Restricted Sandbox, All Cloud and Vendor options selected, Safe/Safe, AV Hueristics at Medium....Phew! I don't mind answering pop ups, but don't want Paranoid mode. I also put WMP, VLC, Foxit, and irfanview in a permanent Restricted sandbox. What about download folders? Just a little overwhelmed and confused...but having choices is good!

Thanks,

N

PS: Read this entire thread and other CIS ones as well...still a little unsure of settings.

I make an "how to" for CIS 5 but is in Italian language, but if you want just translate with google if it can help you understanding CIS setting better
http://www.hwupgrade.it/forum/showthread.php?t=2247452

[J_L]

Quote:

Originally Posted by NormanN

What about download folders? Just a little overwhelmed and confused...but having choices is good!

Keep "Treat unrecognized files as", and most of your unknown downloads will be sandboxed. Of course, it extends beyond downloads, and affect every program that executes.

[Hungry Man]

I prefer to leave the autosandboxing alone as most of the time I have legitimate applications and not malware on my system.

[1chaoticadult]

Quote:

Originally Posted by Hungry Man

I prefer to leave the autosandboxing alone as most of the time I have legitimate applications and not malware on my system.

LOL. You know you liked those autosandbox popups

[Hungry Man]

Haha, well it was certainly effective. But with full virtualization not supported things like BlackDay and GPCode could break through. Manually sandboxing them works perfectly. That's what I prefer.

[1chaoticadult]

Quote:

Originally Posted by Hungry Man

Haha, well it was certainly effective. But with full virtualization not supported things like BlackDay and GPCode could break through. Manually sandboxing them works perfectly. That's what I prefer.

Yea definitely. Full virtualization in autosandboxing will be something to look forward to in the near future.

[Hungry Man]

Yeah I might even turn it back on.

[1chaoticadult]

Quote:

Originally Posted by Hungry Man

Yeah I might even turn it back on.

It would be tempting to.

[J_L]

Quote:

Originally Posted by Hungry Man

I prefer to leave the autosandboxing alone as most of the time I have legitimate applications and not malware on my system.

That's why Comodo has a whitelist. It's very easy not getting prompts again for the current installation.

[Hungry Man]

It does have a whitelist and that's great but it's not really enough and not really necessary for me.

It's a great feature, I may use it again one day, and I see its value... for now I've got it off.

[abels]

I have this issue with Comodo Firewall: when I run an unrecognized file in the first time CF automatically force it to run in sandbox, but when I run that file in the second time CF automatically add the file to Trust Files and run it outside sandbox.

[lordraiden]

Quote:

Originally Posted by abels

I have this issue with Comodo Firewall: when I run an unrecognized file in the first time CF automatically force it to run in sandbox, but when I run that file in the second time CF automatically add the file to Trust Files and run it outside sandbox.

Maybe you clicked on "do not sandbox this file again"
Or the file was recognized trusted by the Cloud and automatically added to the trusted list.

Have you check that the file is actually in the "trusted file list"? the second time that you open a file (in a short period of time) the popups informing that the file has been sandboxed does not appear but the file is sandboxed anyway, you can see it in the summary tab at the Defense+ section

[NormanN]

Quote:

Originally Posted by Romagnolo1973

I make an "how to" for CIS 5 but is in Italian language, but if you want just translate with google if it can help you understanding CIS setting better
http://www.hwupgrade.it/forum/showthread.php?t=2247452

I read it, thanks...very informative. I'm still researching the sandbox feature. I like how you can set unrecognized files to a certain level. but separately set internet facing apps to a lower level. Now if I could just figure out what the best levels are for both! I wish the 'Run Sandboxed' option worked on a shortcut. I also wish there was a recovery feature for downloads, instead of having to navigate the VirtualRoot folder. I have Sandboxie as well, but am trying to streamline my setup. One last question: How do I go back to a clean slate as far as the 'rules' go?...I want to retrain the software. Can I just 'Remove' all the rules for both FW and D+ and then restart? Will it auto-populate the built in rules (Windows System, Windows Update, etc...)?

NN

[lordraiden]

Quote:

Originally Posted by NormanN

I read it, thanks...very informative. I'm still researching the sandbox feature. I like how you can set unrecognized files to a certain level. but separately set internet facing apps to a lower level. Now if I could just figure out what the best levels are for both! I wish the 'Run Sandboxed' option worked on a shortcut. I also wish there was a recovery feature for downloads, instead of having to navigate the VirtualRoot folder. I have Sandboxie as well, but am trying to streamline my setup. One last question: How do I go back to a clean slate as far as the 'rules' go?...I want to retrain the software. Can I just 'Remove' all the rules for both FW and D+ and then restart? Will it auto-populate the built in rules (Windows System, Windows Update, etc...)?

NN

You can not give different levels for internet apps and unrecognized apps.

If you delete all the rules after restart and use the programs the lists will be populated again with the trusted/recognized software without showing any popup. I would not delete the rules from "computer security policy" - "D+ rules" (if you are not sure about what you are doing, I mean you can delete the rules for apps, but be carefull with the rules for windows and CIS, I don't know if those kind of rules can be easily recovered, the same goes for the firewall rules specially the SYSTEM rules), but you can delete all the files from the trusted file list. Take a look to the option "create rules for safe applications"

You can make a shortcut to your desktop to the virtualroot folder

You can make right click on any app and click on "run in Comodo sandbox"

[abels]

Quote:

Originally Posted by lordraiden

Maybe you clicked on "do not sandbox this file again"
Or the file was recognized trusted by the Cloud and automatically added to the trusted list.

Have you check that the file is actually in the "trusted file list"? the second time that you open a file (in a short period of time) the popups informing that the file has been sandboxed does not appear but the file is sandboxed anyway, you can see it in the summary tab at the Defense+ section

I didn't click "do not sandbox this file again". The file is just a test file which automatically duplicates itself and in the second time it really affects my system. I think the file is trusted by the cloud as you said. Thanks

[lordraiden]

Quote:

Originally Posted by abels

I didn't click "do not sandbox this file again". The file is just a test file which automatically duplicates itself and in the second time it really affects my system. I think the file is trusted by the cloud as you said. Thanks

And there is nothing in the "Active process list (sandboxed only)" or in the "unrecognized file list"?

[abels]

There is nothing in the Active process list and unrecognized file list, It is automatically added to trust files. I have tried to remove it from trust files but when I run it, CF added it to trust files again. This is the file: -http://www.mediafire.com/?avss5d51zqhn8z1-

[lordraiden]

Quote:

Originally Posted by abels

There is nothing in the Active process list and unrecognized file list, It is automatically added to trust files. I have tried to remove it from trust files but when I run it, CF added it to trust files again. This is the file: -http://www.mediafire.com/?avss5d51zqhn8z1-

The files is not moved to my trusted file list, delete the rule and when the first popups appears check if you have checked the checkbox "add to trusted files" before you click ok.

Nobody should download it unless you want to fill you desktop of empty folders, although you can rapidly delete them via explorer

[NormanN]

Quote:

Originally Posted by lordraiden

You can not give different levels for internet apps and unrecognized apps.

Just to make sure I was clear. I have the 'Unrecognized Files' slider set to 'Restricted', but I manually sand boxed .pdf readers, media players, browsers, etc... as 'Limited'. In the D+ Summary it shows the files as 'Limited' and 'Trusted'.

NN