COMODO Internet Security 5.x Thread

Setting it to block doesn't block everything. It blocks untrusted files. Unless the malware is on Comodo white list it won't run. So even if it doesn't have signature it will be blocked.

 

Yes I know. But disabling real time scanner is defeating the purpose of the suite. It's still a layer that your turning off.

 

So you're basically relying on real-time and D+, thinking D+ will protect you if real-time fails, just to find out D+ doesn't do it's job at all. That's why we test like we do. When you want to test specific segments of the programs, you disable the rest. I was testing Behavior Shield in avast! just the same or AVG's Identity Protection. I know real-time provides one layer but we were not interested in that.

 

I'm not sure I understand what you mean, generally speaking; I say: in a multilayer security model, if the av fails, the HIPS - not important if we talk about a suite or about av of a producer, HIPS of an other - must block the not av-detected malware. Is it ?

 

But how can you know or test that if real-time intercepts the existing (otherwise problematic) samples? I have few samples that bypass CIS 5.8 entirely, yet they were being detected since few days ago by the real-time scanner. So we should just accept the fact that it's now being detected by the real-time even though it defeats the zero day protection of CIS? I think not and if it wasn't for few of us, no one would even know that D+ is badly flawed in CIS 5.8.

 

Not relying on just that. Also use Firefox with noscript and adblock plus. And most important my common sense in not running something I don't trust. So there's even more layers

But what I'm saying is that the suite would have protected the user because of the AV detecting it. With the sandbox set to block only malware that was whitelisted by comodo would have ran. Which I think is a much better option than partially limited, limited, restricted, or untrusted.

 

I agree the D+ should be fixed applying harder restrictions towards malware like this. But the suite doesn't just rely on D+ it has the AV, Firewall, Comodo DNS, and whitelisting to also combat the malware. That's the good thing.

 

CIS auto sandbox can block the malware by adding one rule to the protected files and folders.

?:\*

 

If it is as simple as adding "?:\*", then why isn't is configured that way from the factory?

 

Because of the additional pop ups the average Joe will have to answer.

 

There will be no additional popups if you add this rule and enable "partially limited".

 

I agree, my was only a post about the tasks of av and HIPS, because I had not understood your previous post. Now I understood

 

I believe that by setting up these rules below on D+ for Windows XP and Windows Vista/7 would have a much better effect on preventing malware from executing.
Those locations are the ones preferred by fake AV's and/or Rootkits/Ransomware to execute:

Win XP
C:\Documents and Settings\*\Local Settings\Application Data\*.exe
C:\Documents and Settings\*\Local Settings\Application Data\*.sys



Win Vista/7

C:\Documents and Settings\*\Application Data\*.exe
C:\Documents and Settings\*\Application Data\*.sys



Regards,


Carlos

 

This method is only for the user who enables "auto sandbox".

 

Ok, I have tried it with LockEmAll with default settings( except AV disabled). Comodo gave a pop up alert for sandboxing it that I did. The ransomware blocked my access to PC but on reboot it was not there. That,s the expected way CIS should deal with it. I tested on XP Home on real system with in a snapshot of CTM.

Not sure how you have tested.

 

I agree with you completely the only way to know if D+ works is by disabling the AV real-time protection; and it is not the first test that D+ failed. Comodo has responded to these failed tests by saying the users should sandbox their browsers. They completely forgot that their engineered minions have been saying that CIS default settings were the best things since the wheel. It goes to prove that they are not interested right now shoring up D+; quite pathetic coming from a security organization.

By the by, did you do the test mentioned in the YouTube link since you used the word "we" while referring to it?

Thanks.

 

Version 5.8.213334.2131

20 October / 2011

Simplified installation experience
Seamless integration with COMODO ESM 2.0 Business Edition
Enhanced protection mode: Defense+ is now stronger in 64 bit operating systems
New options for popup alerts and antivirus alerts
Look and feel
Resource consumption and performance
Firewall does not work properly on Bluetooth PAN adapters
Antivirus crashes on files that reside on bad sectors
Various race conditions exploited by malware to evade Defense+
CMC is not show properly
Startup folders are not configured for all users

 

Thanks for the update.
Having problem updating. I had to uninstall the old version to install the new one.

 

using 5.5 and now for the first time it asks me for an update to 5.8

 

update successfully.......below is image of new notification option of AV

http://imageshack.us/photo/my-images/710/78747406.jpg/

 

Weird that I did not even install the AV portion and still the previous version detects some malware by heuristics( not via cloud).

 

Yes, there's still heuristics included.

 

Hopefully, it fixes the BSOD I had. Thanks.

 

Aigle- There is a separate checkbox in the Defense Plus settings under Execution Control Settings- "Perform Cloud Based Analysis of Unrecognized Files". Just uncheck it if you don't want the AV Cloud.

 

New Comodo Update (...2131) Looks Nice

...but is it an important update?