CIS 6.2.xxxx Releases!

Re: CIS 6.2.282872.2847 Released!

Switching to COMODO for now,I am gonna love the fully virtualized sandbox,this was my ultimate wish

This version has fallen up to my expectations (finally!) they seem to have considerably patched some bypasses like stuxnet,flame...not fully but atleast till some mark that I can say I am satisfied.

I will go back to avast later this month or next month when they fire some of their stuff up.I still have many clients running avast free/comodo IS.I am eager to see when they are going to patch those fakeAV bypasses,they are samples that are month old,so care less CAV detects those.Still partially limited is excellent apart from couple bypasses lying around for old samples.

 

Re: CIS 6.2.282872.2847 Released!

Guys,anyone else facing this issue with CAMAS/CIMA? When I submit unknown files via CIS I get error sometimes and sometimes it works,it seems to be very unstable,sometimes works sometimes doesnt.

Now it worked but it took long while to get back a detection from their cloud CAMAS: http://camas.comodo.com/cgi-bin/sub...f40c4424e4fc31174a0e5c695b01ae6ab730ea43d3c36

Is comodo working on this?

 

Re: CIS 6.2.282872.2847 Released!

I totally agree that the Full V setting has been a tremendously positive surprise and is excellent, but have to disagree about the Default Partially Limited setting. I have found it to be unacceptably leaky for a number of malware classes.

As it takes only seconds to change the sandbox level to Full V (or Untrusted) and there is no detriment in doing so, I advise new users of CIS to change from the Default setting STAT (if not sooner).

 

Re: CIS 6.2.282872.2847 Released!

Is comodo good or bad security overall in your opinion?

 

Re: CIS 6.2.282872.2847 Released!

@Sis!
Fully virtual from the day 6 was released with the reg tweak
Keep up the great work

 

Re: CIS 6.2.282872.2847 Released!

CIS6 is great. But if you are into detection first so as not to have malware playing around in the Sandbox, I would suggest paring Comodo Firewall with Qihoo360.

Q360 by itself has great detection, and the Comodo Cloud AV activates on file run. The detection rate in every test I've done is additive. I've also not noticed and system slowdown with the combo over either installed alone.

In short, it rocks.

 

Re: CIS 6.2.282872.2847 Released!

I would have to disagree on the system slowdown. I had CIS6.2 on here and there was a SLIGHT slowdown. A user who doesnt really care for slowdowns wouldnt notice at all, But I did. But overall I give CIS a thumbs up.

 

Re: CIS 6.2.282872.2847 Released!

The error "specified file not found" seems a server based issue which have been reported I hope they'll fix this asap.


"it took long while to get back a detection from their cloud"

Betweeb 1 min to 15 min or more depending on many factors since it's a cloud based analysis.

 

Re: CIS 6.2.282872.2847 Released!

I've been playing around with this combo on VM. You're dead on. It rocks. The detection with Qihoo is great. Whatever Qihoo doesn't catch, Comodo cloud does. If it passes the cloud the auto sandbox and HIPS picks up the rest. I also really haven't noticed any impact on the system.

Qihoo on demand scan also has a great detection. I threw 180 malware in a folder. I had to shut off the realtime protection first. It kept catching the malware while extracting from the zip file. First time detection was 175/180. The last 5 was executed with protection back on and only missed 1. The one file left wasn't even malware, more like adware.

 

Re: CIS 6.2.282872.2847 Released!

I think asking about CIS in CIS Thread will always have a positive reply rather there are 1000 of users that have used CIS and "may" have had problems with it like me,not to mention after I installed CIS I couldnt log on to my user account and had to cold boot back so yeah meh and plus I had a occasion once where CAV was pounding the CPU when I kept it on "On Access" but that only happened once and now it works fine for me like a gem.Looks like we have forgotten what happened between Mellih who likes to always land up with his foot in his mouth and AV-C or COMODO hiring their certificates to malware LOL I wish the company could have been as good as like their product CIS

Cruelsister,I disagree with you yet again! partially limited is totally bullet proof when it comes to preventing malware from touching the system though it may leave daughter files aside which is not a big deal as of they are executed they will also be sandboxed,I have tested this default setting against rootkit zeroaccess and a bunch of generic ransomwares and nothing touched my VM except left over daughters.I think your methodology I kind of too "strict" If some file sits on the disk It cannot qualify as bypass and even if some file runs on the system and sits on the network unless it is successful in doing any damage or harm or transfering info I dont think it is a bypass in technicial terms.
I dont understand sometimes why you always try to make a pony of everything you get in your hands.

I am not a regular CIS guy,but I do know how CIS is set up and how it works,A LOT of time has been spent by the devs,mods and all the people contributing to comodo on their forums to make the default security settings as bulletproof as possible.During the development the sandbox was tested with roughly 15000 pieces of malware and nothing got passed it means nothing is left on the system infected after reboot.What has actually been a problem for CIS is custom made malware like gpcode etc that are just 1 or 2 of their kind,not wider spread but I think a slight change in your config should take care of it.However,I agree that these things may be a problem in the future if malware writers get settled with this vulnerability,that is the exact reason I have been pushing myself for CIS to fix these things quickly or do something and some people A.K.A "fanboys" think I am bashing CIS

I dont understand why people always talk about some software being "rocking" for me its always a work in progress and I have had some or other set back with every AV,C'mon

 

Re: CIS 6.2.282872.2847 Released!

TI- Thank you for your thoughtful comments! Far from considering you a basher, you should be applauded for pointing out flaws as correction will only make the product better. Software, like people, should strive for perfection.

But let me clarify a few things:

1). Although I have been (and still am) a great fan of CIS, many disagree. Sadly one of the points of contention has been the impression that detection via definition/cloud is not good (totally unwarranted). Even if this was the case would it actually matter as CIS has more potent anti-malware defenses in place?

(digression- Product A has a 98% detection rate, but missed samples will trash the computer. Product B has an 70% detection rate but will contain all missed samples. Which can be considered the better AM product?)

I have been very impressed by the performance of Qihoo360, and quite frankly surprised to note that when paired with Comodo Firewall the raw detection rate was both additive and statistically significant. The combination ranks it among the best out there. Hopefully this will allay some of the hesitation people have about Comodo.

2). Regarding Sandbox levels- First off, I totally agree with you regarding spawned daughter and other residua left on the drives. But as I'm sure you realize others will disagree. But as Full V will prevent these files from being deposited and will not lead to any more prompts or other annoyances than other sandbox levels, why not use it? The one thing that I've heard is that at Full V the malware is able to be active in the sandbox and that can't be good. However I infected a CIS protected computer with an email stealer/bomber (written by our friends at 6139 and it was unable to read contact info and was stopped from transmitting out. So Full V works quite well.

3). You intimate that CIS can be hardened by registry tweaks or by adding arcana to Protected files/folders. Totally agree with you. But as this would present no issues to implement for us, I don't think that it would be practical for those that have issues finding out how to start and use Windows Explorer. With Full V no tweaks are needed.

4). Regarding the Default level of PL being bulletproof, that's hardly the case as a number of malware types can bypass it. Why not just assume Worst Case and go with Full V? (If you have time check your PM- just make sure that you have things in your Documents folder that you will never need again!)


ps- Notice that I did not use "Rock" once.

 

Re: CIS 6.2.282872.2847 Released!

It's been quite a while since I tried CIS, got some positive experiences from others, so I decided to give it another go.

In the advanced HIPS settings, I found the enhanced protection mode, which seems something like Sandboxie's 3.x experimental protection to 'bypass' Patchguard. Interestingly, the guide states it's also for Win8x64, with all the HIPS/Sandboxing/Antilogging products having trouble with the new Patchguard, they seem to have a way around it as well. However, it is also available on x86, and I was able to enable it and it asked for reboot, and it kept working correctly after. But it is a 64 bit feature :S Also stated in guide:
On 64 bit systems, enabling this mode will activate additional host intrusion prevention techniques

The alert sound played when CIS gives a pop-up is WAY to loud, I can hear it clearly already when my volume level is almost zero and on normal volume levels it is painful to my ears. I know you can disable the sounds, but I find it weird they use such a loud sound, and since it's enabled by default you'd think they received lots of complaints and made it less loud.

I also tried the new Full V feature and noticed a fully v'd program can log keystrokes, but it can't if you use one of the more stricter traditional restriction levels.

 

Re: CIS 6.2.282872.2847 Released!

This may be true for CIS but not for most other AV products like ESET,Avast (Not for long for avast,things are gonna change soon),Avira,Fortinet,Viper,BD etc etc where there is absence of something like D+ of comodo.What you are looking at is from CIS prespective,I am looking from Global point of view.

And still there are 1000 out there who dont know or who are not comfortable with something like CIS.There will never be a 100% security products not even CIS,look at their forum,even they have custom made bypasses that can be used by generic malware writers for their uncountable varients LOL

Still talking about CIS,me being a bit of a advanced guy,I have HIPS and FW to safe mode,sandbox on untrusted,and proactive security on.

For anyone else,I will leave CIS on default,if you wanna really modify anything,move the sandbox level to untrusted or fully virtualized and you are set

 

Re: CIS 6.2.282872.2847 Released!

Partial Limited is effective in real world scene.

CIS 6 is easy enough for majority. I have installed CIS 6 defaults on 7 family members system, all are average users. I just told them if they get any popup simply click the default/recommended tab, any program not working or any prob just give me a call & whenever I visit them I check their system, yet no prob or infection.

 

Re: CIS 6.2.282872.2847 Released!

Really!? I guess that Is not what I meant...what when the user installs comodo by themself I have seen some doing this and what when they dont know anything about computers and viruses and when a user downloads some malcious codec pack he thinks is legit and he clicks allow and then he is is doomed or what...it can even happen with informed users of course if you are living in a country like India where most people are "Noobs" you will find a lot doing this unless they are made aware of some things

As usual as I said earlier,it depends a lot on user's brain of what he does.Honestly,most 99% will click isolate but there is even that 1% of the guys who dont know what they are doing.

and then there will be more of them saying "comodo didnt protect me" when they didnt click the right option atleast in v6.2 you get 2 chances with the elevated rights pop up and still thing is saddening for me when people take wrong decisions,of course there may be a a very less of these type of people because there are almost no questions in CIS right now but you know it may happen,we have to think both sides

 

Re: CIS 6.2.282872.2847 Released!

I agree.

Those 1%, its very tough to protect them when they dont know much about security & dont follow the products recommendation too & dont want to learn too.

 

Re: CIS 6.2.282872.2847 Released!

I guess a cloud AV like Quihoo will go for these careless users.

 

Re: CIS 6.2.282872.2847 Released!

No, MSE or Panda Cloud for them.

 

Re: CIS 6.2.282872.2847 Released!

Cruelsister told that Quihoo has superb detection that's why I think it'll be helpful to careless users.

 

Re: CIS 6.2.282872.2847 Released!

Just to clarify.... do you mean pairing Q360 with standalone comodo firewall or with comodo internet security suite?Also are you leaving proactive defense enabled in Q360 ,when run with comodo?
thanks

 

Re: CIS 6.2.282872.2847 Released!

In this case you can disable the option to detect installers (new option in 6.2). This will sandbox all unknown installers.

 

Re: CIS 6.2.282872.2847 Released!

I agree,

 

Re: CIS 6.2.282872.2847 Released!

Ive set my folder options to single click to open stuff.Anyone know why i have to click comodo tray icon twice for the program to open??.Every other tray icon opens program on single click...and i havent yet come accross any other file/folder that requires double click.I know im piccy but its starting to annoy me

 

Re: CIS 6.2.282872.2847 Released!

lol me too

 

Re: CIS 6.2.282872.2847 Released!

Another guy forgets to read everything of my reply Excuse me,but for me what matters is the real life usage where people leave everything on default.

For me,I install it on default on my clients machines and if I get more than a few of them infected in some months I trash the product and dont look behind unless they improve and the same applies to CIS,it doesnt bother how you configure it for others,it matter how others leave CIS on their machine and how much are they able to get things right

There is already been earlier dicussions of what happens when CIS is put against some of its vulnerabilities used by Gpcode,stuxnet,flame prevailing there for years and unfixed yet,seriously doesnt this show enough that no product is 100%