Comodo Firewall (only) has D+....settings etc?

Hi;

Does the Comodo Firewall have the D+?

I have used Comodo Internet Security before (year+ ago...did not install the antivirus. Used it in tandem with Avast free) and it had D+. I do not remember seeing one before but that was I think the early versions(2.xx.xx or 3.xx.xx) of just Comodo Firewall.

As mentioned before, I used D+ without the antivirus module last time I used CIS. If for example Comodo Firewall(just the firewall) has D+ and I opt to use it, does it equal CIS w/ D+ and w/o antivirus as well?

Thinking of using CIS ver 4.1 in an old system with either Avira Personnal/Avast free ver5 with PrevX 3.0. What may be a decent setting so that it will be compatible with all three security softwares..say with;

(a) CIS ver 4.1-- w/ D+ and w/o antivirus, Avira Personnal, PrevX 3.0 and Sandboxie (paid version)
(b) CIS ver 4.1-- w/ D+ and w/o antivirus, Avast free ver5, PrevX 3.0 and Sandboxie (paid version)


AND, one last important question. Has Comodo improved it's explanation on it's pop-ups? For a not so "learned" pc user
it may seem cryptic and if no explanation is given may just hit "Allow this request" to get rid of the pop-up. Please see a good example by aigle:

https://www.wilderssecurity.com/showpost.php?p=1444190&postcount=115

Your guidance is humbly requested.

Thanks in advance!

 

Yes, Comodo Firewall has D+; and no, the explanation of alerts hasn't improved. The biggest problem with HIPS alerts is that the same alerts can be triggered by both good and bad programs, so ultimately the user is left to decide whether or not the program's intention is malicious. This is okay for knowledgeable users who like to have full control over what their system is doing, but it isn't suitable for everyone.

Your proposed setup of: Comodo Firewall, Sandboxie, Prevx, coupled with a free antivirus looks like a good one. You don't say whether you are using Prevx free or paid but I'm assuming it's the paid version as the free version doesn't prevent or remove malware.

Your main decision is going to be around how to configure D+. Providing that you are careful where you download files from, you could consider configuring D+ to turn off the HIPS and function solely as an anti-execute. This can be done by disabling the D+ Sandbox, unchecking all of the D+ Monitoring Settings, but leaving D+ Image Execution Control enabled. You would get the benefit of a default-deny policy with very few alerts. The only alerts you would get would be when an unknown program tries to run.

I have a very similar setup to you and have D+ configured this way.

 

Hi;

I intend to use PrevX free first. I intend to use it as a scanning 2nd opinion to Avira or Avast. If Avira I'll use the Security Suite without the firewall and the Proactive module. If Avast free, I'l disable Websheild.

So sorry to hear that the alerts explanation is still the same...cryptic to 'normal sort of beginner-to-going-to-novice user'.

I will try your set-up tip.

Oh by the way, did you do a leaktest on your set-up? I plan to do one after. How'd it go?

Thanks in advance!

 

No, because I'm not convinced of the value of leak tests and I dislike having to answer HIPS prompts. If you are concerned about leaks and want to carry out your own leak testing, you will need to make sure that the HIPS monitoring settings are all enabled. If you disable the HIPS monitoring settings as I have done, Comodo Firewall won't do very well in leak tests. My main goal is to prevent malware from executing in the first place.

For day-to-day operation, I use Comodo D+ solely as an anti-executable in conjunction with an approach based primarily on policy restriction (AppGuard and Sandboxie) and virtualisation (Sandboxie and Shadow Defender), with anti-virus (Panda Cloud and Prevx with SafeOnline) as an additional layer. This approach suits the way I like to interact with the PC and has served me well.

 

I think Virtual Machine is a good choice to help you do a leaktest.Some leaktests are dangerous and ruinously.

 

Hi;

@cqpreson;

Thanks for the reply.

"I think Virtual Machine is a good choice to help you do a leaktest. Some leaktests are dangerous and ruinously."
--Is this leaktest the one that you download and use like the ones at Matousec and PCFlank? How is it done? Not really done this one before...maybe on the new machine..

By the way, http://www.pcflank.com/pcflankleaktest.htm download was with a virus re: SPR.Tool.Demo.Leaktest something as Avira Premium blocked.

@pegr;

Hmm..I will keep that in mind. Was not paying attention to the HIPS deactivation for D+ to be an antiexecutable. Well, I ask because when I used Online Armor Premium (new machine) I did avail of the leaktest of GRC ShieldsUP! and did quite fine then but the set-up is different to this discussion. This is solely for an older pc I learned to love.

Will get back on this when set-up is good to go!

Thanks again!

 

I used comodo leaktest before.

But someone said,for comodo,comodo leaktest was simple.So I saw somebody use some malware and trojans to test his rules.And it seems to be more effective and more practical.On the other hand,it is dangerous indeed.

 

Hi;

I'll keep that in mind. Oh by the way I am setting it up now but I have problems with Mbam updates...tsk..still. It's been a long time now....more of missess than hits..re-install and re-install etc etc..But hey, thanks to you all!

 

Did you see the logs of comodo D+ and firewall when you could use MBAM smoothly?Maybe from the logs we can get more info to modify the ruleset.

By the way,I remembered I saw the name of MBAM's updater's process in the taskmgr is not constant.Did I remember that wrong?I think adding the Digital Signature of MBAM into comodo's trusted vendor list.And let comodo trust MBAM can solve this problem .

 

@ cqpreson;

Sorry for late reply. I have excluded all critical process' of MBAM in Comodo as per suggestions in the Mbam forums. It's updating now but not 100%..still getting errors but I suspect DNS servers..when mbam changes update servers from data-cdn.mbamupdates.com to either edge.data-cdn.mbamupdates.com or llnw.data-cdn.mbaupdates.com I get the error. But if it stays with data-cdn.mbamupdates.com the update is successfull. Oh well..you were right..CIS alerts are still the same..I have to look up those that I don't know. Seems eating up resources again..still observing though.

Cheers!

 

Yep, that's pretty much the gist of things. Comodo is capable of blocking anything you throw at it, but it's only as good as the end users decision making. That's the problem with HIPS. I wouldn't recommend them for the average user. I couldn't live without one though, personally.

Once you have all your rules set up you rarely get a popup. I put mine on Clean PC Mode at first and let it learn everything. After a month or so I've ran pretty much everything I use on my PC and it's set a rule for it. Then I go in and modify certain things to my liking, then set it to Safe Mode. It really didn't take that much time. Is it making me more secure? Probably not, honestly, because my PC never gets compromised in the first place, which makes leaking rather moot. I guess my main reason to use one is the same as many... to know what's trying to do what on your system. And I'll bet also that most of us (especially Wilders members) find in the end that it's always legitimate processes doing legitimate stuff.