COMODO Internet Security 5.x Thread

[Hungry Man]

I rarely install programs anymore.

[clocks]

Quote:

Originally Posted by syk69

When you get the pop up, isn't there a little checkbox you can check so that it remembers your choice not to sandbox or to move to trusted programs? That's not so bad. Not like you install those programs everyday and only requires 1 time answer. Just trying to help.

I understand that. I am just surprised after all this time that these programs still cause popups. Comodos whitelisting simply does not work.

[Hungry Man]

A single popup is not a big deal in my opinion.

edit: And whitelisting the way they do it is not super efficient. I mean, Mamutu manages an excellent whitelist because they have community input. Comodo does not do this.

[allexif]

I tryed almost all other known good antiviruses, internet securities, now I installed CIS latest version 5.5.x. Untill now it managed very well, I can say excelent, so excelent that I can't explain mysefl why all the tests prove that is so weak in comparation to other security suite, how do they test Comodo? Why are the tests so poor?

[J_L]

@clocks: Have you looked at their huge trusted vendors list? Stable works almost too well for me.

@allexif: That`s because they test the AV only. AV-T worries too much about aesthetics and usability issues.

[cruelsister]

Allex- JL is certainly correct in that many judge CIS based on their AV (which isn't the strongest by a long shot). But also note that the testing labs (and even U-tube testers) will only set a given product at the default settings. To make CIS much stronger you should set the Configuration to Proactive Security, Firewall to Custom Policy, and under Execution Control settings (in Defense Plus) set "Treat Unrecognized Files" to Limited.

These tweaks will prevent harmful effects from any malware you may come across and will also prevent Malware running in the Sandbox from getting out to the Internet.

[clocks]

Quote:

Originally Posted by J_L

@clocks: Have you looked at their huge trusted vendors list? Stable works almost too well for me.

That list doesn't mean much to me, because often programs by companies on that list still cause popups.

[Hungry Man]

Whitelisting is difficult. There are ridiculous amounts of applications. However I've seen more whitelist updates in the last 3 days than in the last month.

[allexif]

Thank you J_L and Cruelsister , keeping comodo then, until I get infected

Edit: But PCWORLD, PCMAG, etc, are testing the entire Internet Security right?

[cruelsister]

Yes they are, but at stock settings which really shouldn't be used. Aside from the above 2 tweaks, it is really a very good idea to uncheck (under D+- Sandbox Settings) the box "Automatically Detect Installers and Run Outside the Sandbox".

But back to your question, when CIS is tested there are many true zero day items that the AV (and Cloud) won't detect. These items will be sandboxed and with the settings that I've suggested will remain in the sandbox totally inert (even on a reboot) until either the AV defs or Cloud catch and delete it. Also from today I came across 2 files that, when downloaded and run, will trigger the Red waning that "this file wants unlimited access to your computer!". If you block it (so it can't ever run) it will stay in the downloads folder.

In both of the above cases CIS will leave files that have been rendered harmless on your machine (although they'll be picked up when the AV defs catch up with zero day stuff). AV tests, according to their procedure MUST consider this a fail. That is the type of FAIL that CIS gets.

Now lets that the case of the latest Ransonware. Although Comodo's Cloud detected new all variants this morning, when this malware first showed up a few days ago CIS dealt with it as in the second case I presented above (D+ will alert, and on either Block or Sandbox it will be rendered useless but still left in the Download directory). On all of the other Majors that we tested the Ransomware ran and rendered the computer unusable.

So CIS indeed failed a test because it left a useless file behind. The others failed because they let the computer they were protecting be trashed.

Which one would you prefer to use?

[jasonbourne]

Quote:

Originally Posted by cruelsister

Allex- JL is certainly correct in that many judge CIS based on their AV (which isn't the strongest by a long shot). But also note that the testing labs (and even U-tube testers) will only set a given product at the default settings. To make CIS much stronger you should set the Configuration to Proactive Security, Firewall to Custom Policy, and under Execution Control settings (in Defense Plus) set "Treat Unrecognized Files" to Limited.

These tweaks will prevent harmful effects from any malware you may come across and will also prevent Malware running in the Sandbox from getting out to the Internet.

Been a user of CIS for quite sometime now and yeah I tend to agree there. Sadly the poor performance of the AV has been the issue but D+ with the firewall is superb. Of course not all programs are perfect and the user-preference depending on his/her liking or style will always be king but still a very good program there.

[cruelsister]

I used to totally obsess over most AM solutions vs keyloggers; normally unless you have a secondary solution like Zemana, DW, or Spyshelter it wasn't going to be detected.

I pretty much thought the same way about CIS vs Keyloggers until I found a few true Zero-day items. In these cases either D+ didn't allow the hook, didn't allow the driver install, or most importantly didn't allow the loggers to transmit out.

[luciddream]

Quote:

Originally Posted by clocks

I understand that. I am just surprised after all this time that these programs still cause popups. Comodos whitelisting simply does not work.

It works fine for me. In fact it worked too good, and I unchecked "trust files from trusted vendors" and also deleted the "vendor.n" file. I like to decide on my own what to trust or not to trust.

Since at this point I've set a rule for just about everything on my PC, and run a pretty static setup, I never get popups. I only really got them the first week or so. Since then it's been quiet. I think the whole thing is vastly exaggerated.

[Hungry Man]

Comodo's loud like UAC is loud. It'll pop up once in a while but once you're done setting the computer up/ installing your program you'll never hear it again.

[cruelsister]

After playing with the beta on a VM I decided to install it on my main computer. Did anyone else notice that bootup is much faster?

Also, except when non-Microsoft software is installed or when I'm testing it against malware I really don't remember CIS giving me any popups.

[clocks]

Quote:

Originally Posted by luciddream

I think the whole thing is vastly exaggerated.

Number of popups from CIS vs the number of pup-ups from most any other AV = huge difference.

[cruelsister]

Could it be "Number of Malware blocked by CIS vs Number of Malware blocked by most other AV = huge difference"?

Seriously, except when installing something (and I certainly demand popups for that). I get no alerts whatsover.

[ichito]

Quote:

Originally Posted by Hungry Man

Whitelisting is difficult. There are ridiculous amounts of applications. However I've seen more whitelist updates in the last 3 days than in the last month.

On the Polish forum Safegroup our colleague Morphiusz leads a campaign of collecting an applications to whitelist and than sends it along to the Comodo.
Maybe you could participate in the campaign?
http://forum.safegroup.pl/programy-k...cie-t4402.html

[cruelsister]

Świetny pomysł! Dziękuję.

[clocks]

Quote:

Originally Posted by cruelsister

Could it be "Number of Malware blocked by CIS vs Number of Malware blocked by most other AV = huge difference"?

Seriously, except when installing something (and I certainly demand popups for that). I get no alerts whatsover.

CIS does a solid job, but there are a handful of others that do just as well or better without all the noise.

[blacknight]

Quote:

Originally Posted by clocks

CIS does a solid job, but there are a handful of others that do just as well or better without all the noise.

Difficult to believe. It depends from you mean what an HIPS is and what it has to do. If for you an HIPS must decide for himself what should allow and what deny, may be autosandboxing in the doubtful cases, sorry but it isn't really an HIPS. " Noise " is the real power and aim of the HIPSs.

[clocks]

Ok, whatever floats your boat.

[NSG001]

Anyone know of any showstoppers preventing this beta from being unleashed ?

[cruelsister]

Not yet for me. Exported the Proactive configuration file from the old version, uninstalled it. Installed the Beta and imported the cfgx file. Smooth as silk. The system is without a doubt more responsive upon bootup, but other than that everything is fine.

[NSG001]

Quote:

Originally Posted by cruelsister

Not yet for me. Exported the Proactive configuration file from the old version, uninstalled it. Installed the Beta and imported the cfgx file. Smooth as silk. The system is without a doubt more responsive upon bootup, but other than that everything is fine.

Yeah like wise, running exceedingly good for a beta.
Hoping for a release soon now en route to Version 6