Comodo Internet Security 2013?

Yes he is right.

BB is looking autopilot-mode HIPS. if you select
BB->untrusted will block all dangerous action except execution.
Not equal but looks same.

Actually you can enable HIPS but it will not alert for autosandboxed apps (only alert for process execution). So basically it is not important enabled or disabled.

More info;
http://help.comodo.com/topic-72-1-451-4767-Behaviour-Blocker-.html

 

So according to your posts, only "fully virtualized" in the Behavior Blocker was able to stop it, without the registry key being manually added and protected by the HIPS?

So it would seem that using "fully virtualized" in the BB offers more protection than "untrusted", especially if your setup has HIPS turned off. Or is there a caveat?

 

Non-virtualization protects the files and registry keys for certain paths only.

 

Thank you very much. That link was really helpful. So what's the consensus then? the gentlemen above seem to be talking about this too.

 

Nope. Fully virtualized malware still run your computer and can leak your data. it cant write your system in theory but it can read all of them. it can capture your keystrokes, desktop screen also.

But untrusted malware cant capture them. FV hasnt got any restriction right

 

No, it can not.

Because FV can block the keylogger and the screenlogger.

You can test it with real malwares.

--------------
fully virtualized ≒ partially limited + virtualization

 

It can't leak anything unless it gets through the firewall, right?

You should be able to deny it outbound just as you would if it was ransomware and you had it set to "untrusted", as explained in that article from Chiron. The difference being that if it was fully virtualized, then no changes are made to the system, where as that isn't necessarily the case with the other BB settings.

Or am I missing something?

 

yes it can.
Firewall can control internet access not keyloging action.
You are talking about another case and another security layer.

But;
Firewall default setting is "allow request". you can change off course that, but default mode keylogger can access internet.
http://help.comodo.com/topic-72-1-451-4770-Firewall-Behaviour-Settings.html

Also, Malware can access net using com objects or using another apps which is can access net.
if BB protection bypass is possible, FW protection bypass is also possible, right?
i am not expert but i know there are sample;

it is wrong, there are malware can access net without FW alert, This already known by CIS team

http://forums.comodo.com/news-annou...ly-bypass-the-firewall-vbs-file-t89575.0.html


Actually we are talking about in theory, always there are hole;
BB auto-sandboxed apps bypass;
http://forums.comodo.com/news-annou...drestricted-and-hips-new-method-t90911.0.html
Fully sandbox bypass;
http://forums.comodo.com/news-annou...-looks-like-a-huge-sandbox-hole-t92486.0.html

 

Which makes this whole discussion rather academic, doesn't it? In theory nothing can totally protect your pc.

"Untrusted" can be bypassed, as member a256886572008 linked to on the previous page. Malware accessing the net without a FW alert is not limited to the "Fully Virtualized" configuration only. If the machine can be compromised using either BB setting, then again, the difference would be that under virtualization changes aren't made to the system, or at least they're not suppose to. "Untrusted" with default hips enabled isn't suppose to let "digital signatures of many executables in the PC disappear" either...

I still don't see how the untrusted setting can mitigate damage from being compromised more so than using full virtualization can. It shouldn't. If "Untrusted" can be bypassed and "Fully Virtualized" has a hole, and both settings don't prevent a firewall leak, then what the heck are we using Comodo for? Let's try something else!

 

Sure and then get absolutely bombarded by the popups...

 

Paranoia and scaremongering is what the last few posts are about.All theoretical scenarios.
To all which is the most effective security solution if not comodo..?
I ask with genuine interest seeing as comodo is being wiped off here...so which is it?

 

CIS is close to that (theoretically) but they ruined EVERYTHING with idiotic decisions, ridiculous FP's, stupid malware classification, awful beta testing, awful bug fixing, awful FP fixing etc etc.

In theory, CIS could be a perfect security program but it seems like no one at Comodo bothers about anything and that's why i don't like it and i don't use it.
Thats the main and only problem. And until they solve it i'm not gonna use it. I just don't have time to bother with moronic false positives and their non functional reporting of them from inside the program. I'm just not gonna go through their forum reporting procedure because it's idiotic as well. Last time i did report something they were harassing me the entire time with some dumb bug report format. And i bet they will NEVER fix it just because it wasn't in their dumb formatting even though i've supplied ALL of the required and requested info.

So there is that, until they change their attitude, they'll remain the best only in a theoretical manner...

 

Only when installing new software.
Put it in Clean PC mode and there won't be any popup for already installed apps.

 

In that case you can just as well use any other HIPS that maybe offers support that is a bit more serious than Comodo's...

 

so the answer is that.
some CIS user believe it is bulletprof. it isnt.
i dont say it is bad software, it is very good one. it has some problems but every software has.


And it has plan for unknown files. Some other's havent. i like autosandbox idea. is it perfect? nope. it autosandboxed every software i used. and i know it isnt bulletprof.

Actually they are from real word not theoretical. if you follow links, you will see. real samples, real bypass.
theory is perfect/bulletprof software idea.

i believe autosandbox->untrusted better than fully virtualized. You can select "blocked" but CIS will block also some software which is not categorized as safe by comodo

we are not alone;
http://forums.comodo.com/defense-sa...he-benefit-of-fully-virtualized-t92133.0.html

Look at Kaspersky. it has same ability, default deny. it can run unknown software under restricted rights like CIS. And it has Whitelist off course.

if you run kaspersky with using that tweaked settings, (run all unknown files under low rights) you will see "bombarded popups". Nothing different.

Actually CIS is very quiet if you select BB autosandbox.

 

True, but OA has lots of bugs (check their forum), while lately PF is "lazy" with program updates...
MD is only 32-bit....
Comodo's whitelist is the best out there (my personal tests can verify this claim).

 

with your help
you submit safe apps to them everyday.

 

Thanks.
In the last few weeks, my submissions are not that large as before.
Looks like they have finally decided to search softpedia and CNET on their own....

 

Yes they search throught SoftPedia ...

 

I have to agree on a lot when dealing with Comodo's shortcomings. In theory they would be the best. However, the false positives and the lack of communication when dealing with some issues made me turn away from their product. I've been using their software for years off/on. Still a very good bargain for the price of free.

just my .02cents
Ice

 

with CIS v6, i think FP are more manageable. Just click "dont isolate again"
also you can submit them Comodo forum, they will add their whitelist within 2-3 days.

but right, it isnt for everyone. there are more easy to use security suite.

 

Then ask them to remove that useless Submit Button

 

In Comodo there's no way to monitor and receive notifications about the activities of regsvr32.exe and rundll32.exe in both the System32 and SysWOW64 folders. You can in EXE Radar Pro, but you can't run the two of them together (at least on a 64 bit system). If a relatively dangerous Windows executable is listed in the Trusted Files list then it pretty much has free reign to do what it wishes. I consider that approach to be seriously flawed from a security aspect. I've tried for days (off and on) to make it behave to my wishes but nothing seems to work.

It's very frustrating working with it.

Just my 2 cents.

Later...

 

So what is the verdict on comodo.?.Good,bad or the ugly.
Is there better free alternatives.How would members rate the comodo av.

 

I personally like Comodo..their AV i rate it 7.8 or even 8/10

overall great free suite