HIPS to replace Comodo Defense+

Discussion in 'other anti-malware software' started by Wildest, Jun 26, 2009.

Thread Status:
Not open for further replies.
  1. ronm

    ronm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    14
    Wildest:
    It is a pleasure to meet someone with the same goals that I have. I have a question for you:
    Why settle for second best? Would you like to have Outpost and Defense+ working together? You're not going to believe how ridiculously easy this is to do.
     
  2. ronm

    ronm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    14
    I've decided that I'm not going to wait for your answer because I know that you are interested, but you're probably saying to yourself: "Who is this clown? It's not possible. This is a prank post." Believe me. I know what I'm doing and the problems I can have. I originally posted a message in the Outpostfirewall forum, but it mysteriously disappeared after about a day, probably because someone realized that it works and it will be years before Agnitum can create a firewall as good and as stable as the one I have now. My original post was a little too much work because I was taking a lot of precautions. I have since been working on making the installation procedure as easy as possible. This procedure was tested on Windows XP, so I have no idea what's going to happen if you try this on Vista or Windows 7. Also I don't know what will happen on a 64-bit system. Back up your partition first before trying this. I was also using Outpost 6.5. I would have posted this message sooner, but I was little stunned for awhile. I accidentally installed Outpost 6.7, which was a nightmare for me until now. I'm probably successful this time because I didn't do a clean install and it's using my rules from 6.5, or maybe it's because I have host protection turned off. I have a lot more testing to do before I stay with 6.7, but so far, I'm not seeing any problem with Defense+ and Outpost 6.7.

    1) Download the installation file at:
    hxxp://www.comodo.com/home/download/download.php?prod=anti-malware&currency=USD&region=North+America&country=US&entryURL=http%3A//www.comodo.com/home/internet-security/anti-malware.php%3Fcurrency%3DUSD%26region%3DNorth%2BAmerica%26country%3DUS%26entryURL%3D

    2) Outpost startup mode: disabled
    Outpost host protection: uncheck "enable host protection" (you don't ever want to enable this again, and now you won't have to)

    3) Install Comodo, ignore the Outpost warning, don't install anti-virus, don't scan for malware

    4) After the reboot, open Windows Device Manager, show hidden devices, and under "non-plug and play drivers" - uninstall "Comodo Internet Security Firewall Driver" and "Comodo Internet Security Helper Driver"

    5) After the reboot, delete registry keys:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdHlp
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Inspect
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdHlp
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Inspect

    6) Reboot one more time, start Outpost and set the startup mode back to normal.

    Done. You may want to do other things to prevent Comodo from repairing itself (delete cmdHlp.sys and inspect.sys files, turn off auto-update, etc) but I'm trying to keep this procedure as simple as possible.

    I will not be defending this post in any way. This post is here for informational purposes only, and I hope someone will benefit from it. Take it or leave it.
     
  3. ronm

    ronm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    14
    First off, I am now seeing the post at Outpostfirewall that I couldn't find before, so I want to apologize to the administrators there for my cover-up accusation.

    I think that Wildest has pretty much answered your question. Outpost has the best logs available, and I don't understand how anyone can feel safe with their firewall without the logs showing all allowed and blocked connections in easy readable form. Version 1 was the best version. It's been all downhill from there since Agnitum introduced component-control to us. As for Defense+, I can pass the CLT security test in an Administrator account. Can anyone else do this with their HIPS program?
     
  4. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    LMAO ur running a COMODO LEAK TEST and ur surprised that a COMODO product passes it... lol :rolleyes: ofcourse ther gunna make sure their own product passes the test cuz they made the test for fck sakes.
     
  5. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    theyve clearly changed that now.
     
  6. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    it may be relevant, but i dont like a product of the vendor who created the test to be tested by it, it shuld be used to test other products, see matousec isnt run by any one software vendor so its fine
     
  7. ronm

    ronm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    14
    I wish that I didn't have to report this, but I am having problems with Outpost 6.7 and Security+. When I look at the history of Outpost changes, I see improvements in Outpost that is probably hurting Security+ now. I'm staying with the Outpost 6.5 & Security+ combination. My machine is running too nicely now to be giving up on this.

    Also, if you installed the latest version of Outpost (released July 27), you're going to have to restore your backup. Outpost made changes in the registry that I'm too frustrated to figure out now.
     
  8. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen

    Not to claim Comodo, but no one HIPS should be run in default configuration, it's the contrary of the HIPS philosophy: an HIPS must be customed depending by the system, the used applications....
     
  9. Wildest

    Wildest Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    304
    Thanks for taking time to detail your findings; while it has been most informative, the issue you have raised here is for me a cause for concern.
    It is annoying enough to have to keep track of the peculiarities of one piece of software, much less two involved in a process that requires manual editing of the registry.

    As for Defense+, the recent unprofessional behavior of Comodo's CEO regarding accusations of impropriety in the granting of DV certs has soured my opinion of Comodo, so my interest in finding a Defense+ replacement has been renewed.

    You are having problems integrating Outpost Pro v6.7 with CIS compared to v6.5, so you have chosen to remain with the older version; why not just try Outpost Pro v6.7 solo?
     
  10. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    I applaud your efforts to use a program that you feel comfortable with but I would bet that if you dug very deep into the practices of 99% of companies you could find some dirt somewhere. Obviously some are worse than others. I am not taking up for Comodo, just throwing my 2 cents worth.
     
  11. Wildest

    Wildest Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    304
    The phrase "ignorance is bliss" is applicable here, in combination with the fact that somehow Comodo makes it easier for their dirt to be seen than some other companies. ;)
     
  12. ronm

    ronm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    14
    Wildest,
    If I see reports that Outpost can pass the CLT security test in an administrator account, I might give it another chance. I don't want to turn host protection back on. This is why I am going to such extremes to avoid it. I think this is the reason why there has never been a problem-free version of Outpost since version 1. I tried the release candidate of 6.7 (I made a typo error when I posted my warning, which must have been good for a few laughs), so I already knew that 6.7 was going to be a disaster. I am very happy with what I have now, and my testing days are over.
     
  13. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    lol still going on about how great Comodo is for passing their own test :rolleyes: and comodo is COMPLETELY problem free right, its perfect and can do no wrong... :rolleyes:
     
  14. Wildest

    Wildest Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    304
    Only CIS passes this CLT security test?
    Hasn't this been out for some time?
    If this is critical test, why hasn't other vendors implemented solutions?

    Some more detail about why you think Outpost host protection is terrible pls?
     
  15. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Maybe Smart UAC ( www.replaceuac.com )? That's what I use right now to complement NAV2010. Seems sensitive while still being balanced, so I'd love to see some testing on it. Even installs and works on Windows XP according to the devs. :eek:

    UAC Replacement, HIPS and Black-list in one. :D
     
  16. ronm

    ronm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    14
    Defense+ passes the CLT test when set to "safe mode".

    Say what you like about Comodo, but I now realize why I suddenly was successful in installing Outpost 6.7. I was trying to figure out the easiest way to do what I have done. I was running Comodo firewall & Security+ while trying to install Outpost because I wanted to see if the Outpost installer can repair network connections and break it's ties with Comodo. Comodo saved me from the damage that Outpost installer was about to do to my system.
     
  17. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Does it mean Comodo is not safe in other modes ?
     
  18. Wildest

    Wildest Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    304
    Well, this changes everything!
    Since Comodo eliminates the need to uninstall other security software performing similar functions, it does have the edge.
     
  19. Wildest

    Wildest Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    304
    What most intrigues you about this Smart UAC?
     
  20. ronm

    ronm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    14
    Wildest,
    I had things on my mind when I saw your last message to me, so I didn't get the full impact of what you were asking of me.

    First off - Defense+ was a typo error on my part. I meant to say Security+

    Second - I didn't realize that CIS means Comodo. You may have noticed that I kept stressing CLT passing in an administrator account. Outpost can pass the test in a user-limited account, but changing what needs to be done to get CLT to pass will create more problems for us.

    Third - I saw your comments about Agnitum programmers, so I'm surprised that you had to ask me why I want to turn off host protection. We will be going off-topic if I start to talk about all of the problems I had to deal with throughout the years. Turn off host protection, and if you don't see a noticable difference in the performance of your machine, turn it back on again.

    I'd like to say goodbye now. I thought that I could be of some help to you, and I didn't want to get involved in this CLT argument. Good luck to you all with your HIP program searching.
     
  21. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    HIPS-like functionality - it's much more sensitive than a pure BB. I say UAC replacement simply because it turns off the built-in UAC and "replaces" it with its own HIPS kind of protection. Black-list is only a bonus in the form of a layer since I use AM software that I've full confidence in.

    Don't try it yet on Win7, though, like I did! It clearly said "7" in its listings of supported OS:s during the installation, but it would cause repeating BSODs without a particular reason after a while - I mentioned this in the "current setup"-topic.
     
  22. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    maybe too late in advocating your decision, but geswall seems a good contender.
     
  23. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Yeah, thanks. :) Don't worry, there were many factors which made my decision - there always is in my process to get the most out of my system while being as secure as possible in a seamless way. ;)
     
  24. Wildest

    Wildest Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    304
    WOT is giving the developer page: http://www.securitystronghold.com/ of this product a poor reputation rating!

    Are you sure this is not crapware?
     
  25. Wildest

    Wildest Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    304
    Thanks, I have been curious about geswall actually; will take a closer look.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.