Comodo Internet Security 2013?

Yes you are right. if file is safe, autosubmit or manuel submit result is not fast. Actually i never see whitelisted file which is uploaded by autosubmit options.
But i see blacklisted files many times. Blacklist generation is easy. It upload files to CIMA and result turn back within 2-3 minutes. it is very powerful i think.

But safe file dedection is not easy, it need manuel analysis.

And i think autosubmit is for malware files not for safe files. They just collect files and checking for malicious activity.

it will change user to user.
i think there is not better free alternatives. is there better paid alternatives?
maybe but they will not perfect also. CIS has some problems but all others have some problems.

i used kaspersky.
Vulnerability scan dedect 1 vulnerability but doesnt show anything.
i report it forum;
http://forum.kaspersky.com/index.php?showtopic=255182
there is no help since 1.02.2013


User want/believe to Perfect CIS but it isnt. And also others.

 

Test it yourself ..

 

It's quite simple :
You run an unknown file (never seen by Comodo i.e not already submitted)
It's submitted to CIMA
if it finds suspicious activity it generates a signature ..
That works pretty well as you can see here http://www.comodo.com/home/internet-security/updates/vdp/database.php
Now we need to think about number of FPs generated every day ...

 

You are talking about FP,
Actually i never see FP on my computer.
There are many unknown files, CIS want to sandbox them but i never get FP alert from their AV.

 

Uhhhh on your pc maybe it's ok but what about the others 50 M users ? ......

 

it is just my experience. But if we talking about FP, CIS is not alone;

https://www.wilderssecurity.com/showthread.php?t=343922
https://www.wilderssecurity.com/showthread.php?t=343612

 

I am not talking about "FP" ...
Please have a look on my topic : http://forums.comodo.com/av-false-positivenegative-detection-reporting/fps-from-cima-t92567.0.html

 

in this case, i never see example on my computers.
but i am with you, because there are same situation for unknown files.

v1 unknown, i sent sample them, whitelisted
v2 released, and everything start again. because it is unknown.

i hope they can fix your problem.

 

Only a FileRep system can deal with that issue (automatic whitelisting by prevalance...)

 

I've being trying CIS without TVL for a day. I've deleted "vendor.n" and the TVL is clean now. BB Auto-Sandbox is in "Limited". HIPS is on, in "Safe Mode". All apps are launched without any popup. I thought there must be an avalanche of popups. Or maybe I missed something?

 

Also, for HIPS make sure the box that says "Do NOT show popup alerts" is not checked. And for the BB make sure the box that says "Detect installers and show privilege alerts" is checked.

 

They are implemented, of course. The checkbox 'Create rules for safe applications' is unchecked.

There are dozens of rules in the "HIPS Rules" for my apps. This is why no popups.

I also disabled all boxes in the "File Rating Settings".

Have I done all to disable TVL?

 

As far as I know, yes. I also deleted the vendor.n file and all TVL was gone.

 

Is Cloud Lookup still on ? If yes that's a normal behavior.

 

Now:
1. "vendor.n" deleted and OS is rebooted
2. TVL is empty
3. Cloud Lookup and all other boxes on "File Rating Settings" are clear

Shouldn't I miss anything?

Still no popups for my routine apps maybe because there are dozens of rules in the "HIPS Rules" and hundreds in "Trusted Files". Am I right?

 

Check explorer.exe permissions in HIPS rules? Is it allowed to execute any exe?

 

What's the downside of running as Fully Virtualyzed versus running as Untrusted?

 

The files are not really written on the real drive, unlike untrusted. So what ever files you want to recover.......

 

The rule is "Ask". Is it OK?

 

Ok, thank you.

 

under exclusions is says modify 44/0, that means you have 44 exes that are allowed to be run (from explorer.exe) without an alert this happens when CIS asks to execute a file and you allow it and click remember your answer.

 

Thanks a lot!

I've examined the list and excluded some apps which I won't use. All the rest were my routine apps and "shell32.dll" (btw why "dll" in "exe"?).

 

If you didn't already set, better set "ask " also system32\msiexec.exe.

 

No, it is not set. But anyway it will ask if needed, isn't it?
BTW isn't it for installers *.msi?

 

REMOVED.