Comodo Internet Security 10.x Thread

I have Comodo Firewall only, but internal updater still not not finding / downloading build 6396 (issued Nov 1).

I suppose I could download CFW only and install over the top, but IIRC I had problems doing this before.

 

In the announcement post Umesh said "At the moment we have updated comodo.com for new installations, updates for older CIS versions will be released next week."

They are going to be pushing 10.0.2 on monday.
"Hi All,
Following is final build that will go live on Monday, 13th Nov, 2017 at early US-EST hrs and updates to all older versions will also be released."
https://forums.comodo.com/beta-corner-cis/comodo-internet-security-v10026408-rc-t120932.0.html

 

Thanks for that info.

 

No problem

 

Hi all

Comodo Internet Security v 10.0.2.6408 Released

https://forums.comodo.com/news-anno...et-security-v10026408-released-t120949.0.html

With best Regards
Mops21

 

Got it now .

 

It requires the previous version uninstall ( mine is 10.01.6294 ) or it is possible to install over ?

 

No need for uninstall, just install over old one.
After that you have to restart PC.

 

The file submission system still doesn't work does it? I have CCleaner files that should be white listed, but were unrecognized anyway, that were auto submitted on 11/3. They still have not rec'd the response that they are safe.

 

Thank you. Bored to get a try with softwares and to have to restore a previous image.

 

For those that use my settings only- the internal updater works fine, but please verify the auto-containment (sandbox) setting after reboot as it may have been reset to Partially Limited instead of the previous setting of Restricted (or Untrusted).

ps- note that there is now a function (they listened!) to delete all the accumulated stuff in Blocked Applications.

 

On my PC stay the same:


Where is that options: "delete all the accumulated stuff in Blocked Applications"?

 

DJ- the sandbox change may have been specific to me, but I wanted to make sure that no one else was affected as the proper setting is of paramount importance.

Regarding the "Blocked Applications"- this would refer to the stuff that accumulates and can be seen on the main GUI (sorry- I am elsewhere so can't give a screenshot)- on the left under Network Intrusions. Previously these had to be left as is even though they may be either have been addressed or ignored. Now they can be cleared; not a big thing by any means, but I am anal and like things clean...

 

@cruelsister Mine was also set to 'Partially Limited'.

Should the Action be 'Run Restricted', or 'Run Virtually' as @Djigi has it?

 

@cruelsister Don't you think that to use DEFENSE+ in Paranoid Mode customized and without auto-containment is a more sure defense ?

 

If you like to get popups, sure But if you mistakenly click "allow" when you should click "block", then there's nothing that can save you
cruelsister's settings give you almost no popups and what you have to do is, if something is running in the sandbox (thus with a green border), ask yourself if it's legit or no. If so, make an exclusion to the auto-containment. If not, just reset the sandbox and delete that app

 

Yes, it's an " old " question: to use the auto-containment is more comfortable and not boring, but sandbox were and are vulnerable to some types of attack, while the pure use of an HIPS, highly configured, is more sure.

 

BK- You bring up an excellent question, but sadly I don't feel that anyone can give a definitive answer regarding the safety of a Paranoid Mode HIPS. The reason for this is simply that various people have varying degrees of knowledge; to answer a popup correctly a person MUST know what is being asked prior to making an informed choice. In my setup there are no such assumptions.

But let's also look when Paranoid Mode is enabled without the sandbox for two different types of files:

1). A typical malware file- With Paranoid Mode (hereafter PM) on and the file is run you will get AT LEAST 2 popups- one for Explorer is attempting to run a file, then a popup for what that malicious file is attempting to do (and there may be multiple popups here depending on how the malware is constructed). However you will also notice that the HIPS description will state that the file is unknown and is trying to do whatever. In this case with the HIPS off and Containment on that file would have just been sandboxed (you can get a popup telling you this if you don't shut it off, but no choice on the Users part is needed).

Either way the malware would have been stopped. But which method is more elegant?

2). For fun, try to open a file manager like my favorite xplorer2. As a file manager must touch just about everything on a system, PM will give popups beyond number. I always give up after 25, and you can see an issue here if something malicious would be dropped after I shut down PM in despair. On the other hand Containment just allows it to run.

You also state that sandboxes are vulnerable (before beginning, please note that when you read about a sandbox "bypass" it refers more to the malware fooling the sandbox user that the file is safe and not that it will break out on its own). Note that various sandboxes work by differing methods and also for different uses.
Consider a sandbox that is used for forensic analysis- evasion techniques like counting the number of Documents on a system, activating only after a number of right-Clicks, or the hated Sleep Skipping may lull a person into thinking the file is safe. For the comodo containment system, these files just won't run and should be considered malicious. A person should no more take something out of containment that will not activate any more than he would run file after Avast tells you it is malicious.

Finally note one thing- on a VERY VERY broad basis malware will attempt to do one of two things- either trash files directly or steal information. So please consider the worst thing possible for Comodo at my settings- that of a highly signed malware file.
a).- File Trashing- one should ALWAYS have a current image that can be restored- not so much for the non-existent ransomware file signed by Microsoft, but for the more common occurrence of hard drive failure.
b). Data Stealers- Note that my settings also has the Firewall on. For the paranoid it should be set at Custom so every outbound connection can be accepted/denied on a case by case basis. Remember that a data stealer that can't connect back to Command is just another piece of junk.

Although there could be much more said, what it really boils down for me is that I want to use my computer for High and Noble purposes like shopping and watching cooking videos. I have neither the time nor the desire to acknowledge innumerable security popups.

(pardon the length of this post- this is also why I don't speak on my videos. They would extend over hours...)

 

A lot of users complain that the HIPS pop ups are too many and boring, but I don't understand: once the HIPS is installed it needs basically to set the rules for the other installed programs: ok, this is boring and, if you want to get the highest protection, it requires time and work; but once it is done, how many new softwares do you install every day or every week to require a new , boring work ?

Anyway, about Cis Defense+, I never used the sandbox now auto containment, but I know, and I read in the forum, I believe in this thread, that in some situation the sandbox decides over the HIPS ( sorry for I don't remember the details ): and I trust Defense+ more than the auto containment.

 

Very interesting post! So if I understood correctly, you're not a fan of user controlled HIPS, but you really love auto-containment. If I didn't have such bad experiences with Comodo in the past, I surely would have tried it. What about Comodo Cloud AV, does it have the same strength when it comes to sandboxing?

 

I believe it's the same..just without the firewall.

 

https://antivirus.comodo.com/cloud-antivirus.php
Go to the FAQ

In CCAV the sandbox protection level is not customizable like in CIS, but the default level is higher than CIS' default level (something between limited and restricted)

 

I just tried the current CCAV and I have to say that I don't hate it anymore. They made a couple of important enhancements since I last danced with it that I find optimal:

1). the Containment level is now somewhere between Restricted and Untrusted.

2). Under Sandbox settings there is now Network Traffic Control options. This is of paramount importance. Previously sandboxed RATS could connect out to control. Now (I tried a current Volgmer RAT variant) the request for OutBound connection was just totally denied.

Thank you Rasheed for asking me about CCAV; I had no idea of the improvements (it still is clunkier than CF, but on a modern system (non-POS) it would not be an issue.

 

Glad to hear that
The new fileless malware protection feature is also very good