VoodooShield/Cyberlock

Yep. Lots of times, I got a second windows license just to make a virtual machine to do that on. I try different combinations of things. Usually, something else with CFW. The setup in my signature, without voodoo works and with voodoo it still works.

 

...so then it is reasonable, or perhaps recommended, to run VS in combo with cf@cs (cruelcomodo)? any special tweaks needed??

 

There is so much overlap that it is hard to justify such a setup. It's like making a whole extra shopping expedition for a couple minor items that you didn't run out of yet, or you can do without, or you could have picked up for an extra 50 cents. Just my humble opinion.

I am not running Voodooshield on my system at the moment (I prefer SRP) but I do believe that Voodooshield at default settings will keep you very secure.

The justification for using cruelcomodo on top of voodoo is if you are not running an AV. In such a case, the second program is your safety net, it is your AV replacement. (Some people consider voodoo in autopilot to be an AV replacement.) I am not recommending this, I am just reporting what some people do.

 

The following is copypasted from another one of my posts.

Tweaks for comodo:

1. Set CFW to proactive security, DON'T RESTART JUST YET! postpone for now...

1.2. If using comodo I.S. Enable "do not show alerts" in the antivirus and in the selection next to it, select "Quarantine threats"

2. Go to the firewall settings, make sure it's set to safe mode then enable "do not show popup alerts" and change the selection next to it to "block requests" Then go into "network zones" and enable "do not show popup alerts" and select "public"

3. Enable HIPS on safemode, Enable "do not show popup alerts" option and select "block requests"

4. In the container settings, enable "do not show privilege elevation requests" select "block"
in the next set of settings for the container, the entry that says "run virtually" double click it and up at the top of the window that comes up, change it to "block" then click "ok"

5. In the file rating settings. Enable "do not show popup alerts"

6. In the virusscope settings. Make sure it will monitor EVERYTHING and not just what's in the container then enable "do not show popup alerts"

7. Don't screw with any of the other settings unless you know what you're doing with them.

8. Click "ok" and do the system restart it said you needed to do.

If you've done it right, CFW will never pester you with any pointless Yes/No alerts and whitelisted applications will get to do everything they need to do

 

thanks shmu26 (I value your opinion, humble or not)

 

thanks, off the top of my head, those settings sound a lot like cruelsister's config except for HIPS. But I'll go thru the settings in my cf_v12 again and compare with your suggestions. I rarely get popup alerts from either vs or cf.

 

Totally agree.

I don't know about this, but Dan recommends testing organizations use VS in Autopilot since this mode because for the purposes of testing it is most like an AV. But maybe I'm splitting hairs.

@simmersK00L since you're using Cylance with VS you are already well covered.

 

I've been configuring comodo this way since long before cruelsister made that video. Also, the HIPS is a HUGE part of the protection. It hinders malware from spying on your system from inside the sandbox by quite a lot and it's another hurtle that malware would need to get past. When CIS is configured as I described there, NOTHING can infect your system.

It's true, CIS won't give you nearly as many popups as it used to, but giving a normal user a yes/no alert is worse than not having any security at all.

 

Comodo HIPS does not monitor processes running in autocontainment. But there are advanced settings in Comodo to restrict autocontained processes from gaining access to certain system resources. Maybe that is what you meant?
Also worth mentioning is that autocontainment itself has various levels of restriction that can be selected.

 

+1

 

Yeah.

I've played around with legit applications running in CIS's sandbox. Keyboard and monitor as well as all of the other system stuff that the HIPS protects are kept from being accessed by things in CIS's container with HIPS enabled and set to auto-block requests.

And that's WITHOUT running the files in the container with any extra restrictions in the container settings

 

https://calendarofupdates.org/index.php?topic=4512.msg11002#msg11002

 

Thanks @Triple Helix .

Can someone please explain to Andi that SmartScreen is system-wide in Windows 10 and not just restricted to IE and Edge.

 

LOL I have mine turned off!

 

thanks!!!

 

A new toy from Dan.

https://calendarofupdates.org/index.php?topic=4856.0

 

Nice little Tool.

 

I hope they make it free for non-business users, complete with adjustable settings and password protection.

As he said in his post. It's most likely that most home users won't want this tool.

If I'm already paying for the shield that protects be from the voodoo, I wouldn't want to also pay for this.

Business users gotta pay though, because they'll be installing it on LOTS of endpoints and servers.

 

I think Dan plans to incorporate WC into VS at some point.

 

Even better! That would be the ideal. Next on the list would be to make it able to discern the safety of DLL's and every other kind of file that can be harmful.

 

WOW! WhitelistCloud uses a lot of CPU power

 

it was reported to Dan at CoU that some pc it used more than expected CPU%; but eg on my pc the max it ever got to during a scan was 1.80%. Dan is investigating and thinks he knows a fix for cpu where it is using too much.

 

why are you using HIPS with VS... just set Comodo's sandbox to auto terminate and be done with it.

also this way you dont really have heuristics against anything or exploit protection. just an auto virustotal scanner and a reputation based default allow.

 

A user in our forum reported the following error. I told him to install the latest Visual C++ but it didn't help. Can someone report this to Dan?

Thx!

https://i.postimg.cc/8cF3RfVc/Screenshot-1.png