Comodo Internet Security Premium V4.1 Preview

I'm perfect fine with 4.1.
I want a game mode and as Brocke said more info in main screen instead Tip of the day and Highlights.

 

I do so to have a second av for an on-demand scan, as J_L said.

 

yes i mean having another AV never hurts

 

4.1 is a satisfactory update personally. Never chose to install toolbars and the like, so that didn't make much of a difference for me. Do like the new SandBox options in alerts though.

What's missing is a way to show sandboxed processes, which is essential imo, especially since most programs are sandboxed when you first run them and the notification can be a bit slow.
Actually, can you configure it to prompt you before sandboxing? Will that lower the security? (excl. user mistake)

 

Off Topic: Suggestion to Admin and Mods:

Why not create a virtual thread, encrypted, where CIS haters can to attack, to criticize and to tell all the tales and the fables they want, like a real sandbox ?

Please, today is Sunday, I'm joking.

 

blacknight:


Good idea!! or maybe a create a COMODO FORUM!!

A place where the faithful could fellowship,socialize,sip the wonderful cool-aid,and bask in the effulgence that is Guru Melih.

I mean there has to be a reason you guys are trying to figure out this CIS albatross here,rather than on Comodo forums.

Could it be that even you, get a little tired the fanaticism,and slogan chanting?

Oh,and by the way,"a real sandbox" is one concept, it is clear, Comodo will never understand.

 

I don't understand why a "game mode" is such an oft requested feature. Frankly, if you're finding yourself wanting to ignore alerts, you're doing it wrong. You should only see alerts when you have just installed an application or in the event of comodo catching an attack in progress. Either way, the situation warrants your attention.

Am I missing something?

 

You didn't try a game with CIS running don't you?
When you first launch a game you don't receive nothing just a black screen. The only way to get rid off that black screen is to reset your rig.
But if you put D+ in Training mode before launching game everything is fine, after 2-3 minutes playing the game you can put D+ back on your security mode without problems and game will launch perfect afterward.
Usually I do that D+ "trick" but sometimes I forget and I end with a hard reset that's why I want a Gaming mode (BTW gaming mode is on the way but I don't know when).
Outpost have it so I want it on CIS too.

 

I do game quite often and never close CIS. I am all too familiar with the black screen and it caused me no end of frustration when I was new to the program!

All you have to do to prevent this black screen, however, is create a predefined rule allowing an interprocess memory access to c:/windows/system32/csrss.exe and apply that rule to every fullscreen game before you launch it. You have to open the CIS UI, add a new application to Defense+ manually, and then apply this predefined rule to it. A little extra work, yes... However it is worth it to not have the gaping holes in your security left by training mode. Take a look at your rules sometime, I guarantee you you will be alarmed. If I recall correctly, Training Mode will allow all interprocess memory accesses because the game requires one to csrss.exe. This is a HUGE hole in your HIPS, as the game you are running could potentially execute code in a remote thread in another process (say, something you have set as a Windows System Application) thus completely bypassing any restrictions on itself. I never use Training Mode - its just not granular enough for me. Also, csrss.exe requires no rules itself, at least in the proactive configuration, so allowing this memory access does not create a significant hole in your ruleset! I cannot remember if csrss.exe is marked as a windows system application by default... If it is, I removed this rule and never saw a single prompt for it. I run in paranoid mode too, so there is no chance that CIS is trusting csrss and blindly allowing all its actions.

It seems that we have different interpretations of the phrase 'game mode'. I blame Zone Alarm for mine. I think it means alert suppression so you aren't distracted or tabbed out while gaming. You seem to just want a solution to the black screen problem. A game mode per se seems unnecessary to me, given the solution above. What does Outpost have? I briefly tried their product, but must have overlooked this option.

I do think that newer users should be spared the inevitable black screen when they first launch a game and the temptation to use training mode. It would be easiest if Comodo simply modified the default configuration to allow all applications to access csrss.exe in memory. In fact, you should probably do this instead of my suggestion above. There is an all applications rule under Computer Security Policy which you can modify. If you add the interprocess memory access to csrss.exe here, it will globally allow it for all applications. This saves you a fair bit of tedium, although I still prefer to only allow csrss.exe access in applications that actually need it. Whatever you feel comfortable with.

Now that I think of it, perhaps I should post this over on the Comodo forums. This does seem like a good change to the ruleset and, if I recall correctly, a sticky there was recommending full blown training mode for all games to get around this problem. For shame!

 

Yep, a little extra work for nothing.
It's a game, is trusted so I don't need to manually configure it.
I dunno what gaping holes I can have for 2 minutes of Training Mode until game is properly seen by D+.
TBH I'm not paranoiac about my computer security.

It is in default group Windows System Applications

Outpost asks me if I want to enter in Entertainment Mode

Yep, that's all I want, a rule for games to run from the first time I launch them without me making manually rules for them.

But I'll try your suggestion about allow all applications to access csrss.exe in memory. Thanks for idea.

 

Yeah, the game is trusted, but if its an online game its net-facing and thus handling untrusted input. The gaping hole doesn't come from the 2 minutes in training mode but from the misconfigured rules that result. If there ever was an itw exploit exploiting games, they would probably just use the old download and execute shellcode, so you'd be protected anyway, as training mode acts properly on that parameter. It just depends how paranoid you want to get if this concerns you or not!

Thanks, that is very interesting. Perhaps it is necessary on 32 bit but not 64, or maybe just a less than ideal configuration by Comodo.

Ahh, so this is the Game Mode I am used to. Does Outpost have the black screen problem as well? If not, perhaps this game mode also allows the interprocess memory access to csrss.exe on the fly if it detects an application is going fullscreen. Interesting.

You are very welcome.

 

It's nice, but well known, safe programs still cause too many pop-ups. Also, I would like a skin that has version 3s color scheme, which was way better than the all too common, boring red one they use now.

 

Nope, games runs fine from first launch.
Now I put that rule in All applications but I don't have any game installed ATM. I'll keep an eye on first game launched to see what's happening.

Choose one.

 

The Blue is closest I can find, but I still like the old one.

http://comodo-internet-security.software.informer.com/screenshot/67366/

 

i used to have secunia psi installed on a win7 32bit computer and well CIS says the PSI.exe needs to be sandboxed. well ive uninstalled it and when you clean the path link it even says it cant find it.

why in earth if its not even installed why is it asking to sandbox? there are no registry keys or left over. i even used revo uninstaller to remove it. no go.

any ideas?


thanks
Brock

 

You can use standard windows xp theme files (*.msstyle) as Comodo themes.

 

just one quicky... I am not at the moment near my VM where testing CIS and would like to know does adobe reader runs fine in CIS sandbox? Iam not interested in printing from sandboxed reader just viewing simple pdfs (maybe few pictures in it and text) from web browser and off line

 

You still can't manually sandbox an application from a shortcut. You have to right-click directly on the executable. You also can't sandbox an app by right-clicking and sandboxing an associated file.

 

will the sandbox work if i only install the antivirus with D+?thanks

 

Yes.
The Sandbox component is on by default. You can Disable/Enable whenever thru the CIS tray icon.

 

thanks

 

Yesterday happened a very frustrating thing.While i was creating rules for programs i started Wondershare Photo Story,two pop ups from Comodo came.One from D+,the other from sanbox.By mistake,i hit block in the D+ window and allow in the sandbox's one.Now,the big problem is that the program wouldn't start at all.I've searched it in My pending files,in My blocked files,nothing.I've deleted the file from My own safe file(from an odd reason it was there),and i tried again.Nothing.The program was still blocked.I've decided to uninstall and the reinstall the program.Done.Start the program,D+ pop up,allow it,sandbox pop up,allow,and the program is still blocked although it appear again in My own safe files.What the heck?

 

Check if in the Computer security policy the program is blocked, and then remove the rule (or modify it) and try again
Defense+ -> Advanced -> Computer security policy

 

It was there.Damn,i missed that part. Thanks.