COMODO Internet Security 5.x Thread

A new version of Ransomware showed up earlier today. Amazingly enough Commodo AV picked it up! D+/Sandbox stops these things cold, so no worries anyway but it is nice to see the defs up to date.

 

What I meant is that I've seen the whitelist grow a ton. I rarely get notifications and if I do I submit it to Comodo.

Mhm. I ran a few very new pieces of malware last night that were sandboxed but not picked up by the cloud AV. All were broken and not a single infection made it onto my computer.

 

thats good hungryman

 

Yup.

What I want to do is see if legitimate apps run. Sandboxing is useless if it breaks everything (at least for me...) but if it's just breaking malware than that's fine =p though I'd prefer the malware runs and is simply restricted.

 

exactly

 

So jmonge why is it you are not running CIS then?

Thanks.

 

i am considering to run it again

 

Seems like you're already covered in terms of antiviruses. At this point if you want to add security I'd go for Defense+.

 

You don't need it, you got OA++

 

Defense+ is so ridiculously lightweight and effective it should really be a part of any security setup. Unless of course that setup includes other virtualization software, then it's not so necessary.

 

OA++ and comodo D+ is very good

 

Noooooo. Burnt bacon, don't do it J

 

That's the impasse we're at here though... there is no noise for me. I've had maybe a half dozen popups in the past year. And this is with no whitelist at all, since I deleted my vendor.n file.

I wonder what people are doing to make it noisy?... perpetually changing their setups, installing & uninstalling things all day?

 

I'll bet some are putting D+ in Paranoid Mode. That certainly should increase the popups!

 

Well autosandboxing also counts as a popup I assume. So you'll get one of those quite often.

As for the Defense+ HIPS without sandboxing... I've gotten that a single time in all of the time I've used Comodo.

 

I'm running Defense+ in Safe Mode using the vendor whitelist and the only popups I see are when I install something.

 

Who knows cuz I'm not seeing it. I barely get popups.

 

Same here. Can't remember the last popup I got.

 

On the contrary, I use Defense+ without the sandbox.The sandbox is a good function from Comodo to make easy for " common " users, but I prefer to check and to decide by myself what allow in my system.

 

The sandbox makes it incredibly easy to do that since it allows a "sneak preview" of the program.

 

Blacknight- I strongly suggest that you use the Sandbox. There was a variant of the recent ransomware that was only controlled by sandboxing it. Without it you wouldn't have the chance to decide anything (other than when to restore the image for your trashed computer).

 

Does that mean it would have completely bypassed CIS Execution Control so there would have been no alert with a chance to deny execution on launch?

 

No. Execution Control just means that before an application is launched CIS gets a chance to do a few thins to it. One of those things is sandboxing.

Otherwise you're relying on some cloud-based detection methods and those aren't necessarily going to catch it. I believe the ransomware was not caught.

 

My experience of the sandbox is that if enabled, Execution Control will run an unknown application in the sandbox. If disabled, Execution Control will function as an anti-executable and display an alert with an option to deny execution before proceeding. Either way, Execution Control is the first step to blocking execution or to allowing execution to continue sandboxed, depending on whether or not the sandbox feature is enabled.

If Execution Control has been bypassed such that it can't prevent execution at launch then I can't see how it can force the application to run sandboxed or am I missing something here?