Answer how to use Threat Fire with Comodo

Discussion in 'other anti-malware software' started by Kees1958, Apr 29, 2008.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    Got a few questions on how to set up Comodo with D+ and ThreatFire together.

    Wel here you go.


    Install Comodo with D+, Install Threat Fire (both free versions)

    Go to D+ settings and unselect the settings showed, go to TF and make sure you create a restore point before quarantaining something (fall back when it was a wrong decision).

    Why use D+ and TF: Simply TF takes care of the things you unselected at D+ (plus driver install). Driver install (rootkit) is the worst malware you can get, therefore some overlap. D+ is more resisdent at tricks to shut down the computer, TF is a little weaker, so D+ provides something extra.

    Another reason to use them side by side:
    A) Comodo has a white list of safe applications, using both the D+ and the Firewall in safe mode will automotically create rules for safe programs. This makes choosing easier.
    B) When TF finds an intrusion it first checks his AntiVirus data base to see whether it is a known malware. Next it will intelligently monitor the program and warn you when things are reallygetting suspicious. The black list makes the behaviour blocking better, because it only has to minitor complex mean intrusions, the simpler intrusions are likely to be catched by the blcklist AV data base.

    Therefore it is wise to add all your trusted vendors (and other security aps) to the trusted vendors or my own safe files (for not signed files, see post https://www.wilderssecurity.com/showpost.php?p=1189021&postcount=9)

    see post

    See pics for setup
     

    Attached Files:

    Last edited: Apr 29, 2008
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Next reduce file protection see pic
     

    Attached Files:

  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    next add some registry protection, disable the defaulr staryp and important keys and replace with these, see below
     

    Attached Files:

  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Next reduce my portected com interfaces, see pic (note I added also one)
     

    Attached Files:

    • com.JPG
      com.JPG
      File size:
      64.9 KB
      Views:
      4,336
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Now add your favourite sandbox to it and you won't be needing anything else (remember that TF also has an AV-data base)

    Level 1: Comodo FW and D+ (white list supported HIPS)
    Level 2: SafeSpace, Returnil, Sandboxie, GesWall, DefenseWall, et cetera for internet facing aps
    Level 3: TheatFire (Behavior Based HIPS) and Antivirus data base check
     
  6. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Nice setup... Perhaps i'll check it out later...:thumb:
     
  7. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Nice post. Kees could you tell me, what security features are added with the D+/TF combo as opposed to D+ alone? I am just using Comodo 3 w/D+ now in Vista (along with Nod 32 and SAS Pro).

    I am aware of the added features a person would benefit from with the rootkit scanning and on-demand av. What else?

    Thanks.
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    ACR1965,

    Only benefit is that TF will determine how to deal with process tampering, hook setting, messaging, process termination, direct access to keyboard and monitor. So using TF with D+ (light) generates less pop-ups, when using D+ only I do not think it is weaker security, but be ready to ansewer some pop-ups.

    It is more a knowledge of the user thing than strength of the tools used. Another idea is to do mark those extra D+ settings and let him learn in quiet mode (training mode), You can use TF as a second thought/opinion in the training period, then remove TF when you set D+ to safe mode.

    Regards
     
    Last edited: May 4, 2008
  9. fuzzylogic

    fuzzylogic Registered Member

    Joined:
    Mar 12, 2008
    Posts:
    149
    great post, and good for those whom can stand D+. for me its like surfing in IE and watching all the pop ups come. it one piece of software that has too many alerts for the most mundane of stuff. novices will turn it off right away or just click allow all the time, and only the hardcore will persist to tame it. Threatfire will only pop up when theres something going on it know is out of the ordinary. Your probably the only one here thats managed to do that lol ;)
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    The irony of using Comodo without D+, is that the average user (on Vista) can have easier and stronger protection by running LUA (in quiet mode at least with free util TweakUAC) and using the superb MS Vista Fire Wall and add outbound control with this nifty free utility called Vista FireWall Control. When D+ is to difficult for you (when on XP) try online Armor free (without TreatFire).
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    From here, By MrBrian

    http://www.pctools.com/forum/showthread.php?t=50673&highlight=comodo
     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    In other words, TF is far more user-friendly than CPF. CPF shouldn't be used by persons with limited technical knowledge.
     
  13. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Aigle, Lucas

    Yep, that is why I configured Comodo with reduced D+ settings, so D+ and TF are more or less complementary.

    Regards Kees
     
  14. Fam Money

    Fam Money Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    9
    Kees1958, I'm very appreciative that you're so active on this forum. This forum is the first place I come when I begin to research a new security setup and your Vista x64 related posts have been very helpful to me in selecting what to run.

    I'll give CPF a closer look as I have never got around to trying over the last year or so. I did try TF a few months back and it seemed to run fine although it did delay Windows boot up when running with KAV which is to be expected.

    I just wish we had more options for Vista x64. I've just started using Sandboxie on an XP x86 install and love it. I was sad to see that it'll never make it to Vista x64.:'(

    Thanks again for the posts!
     
  15. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    On Vista64 the only alternative to ThreatFire is Primary Response Safe Connect (or the Norton branded version Norton Antibot), you can use the same settings for Comodo D+ as for TF. There both paid, so that is a pitty.

    I used to run Haute Secure beta (free) on Vista64 with global profiles. After installing SP1, the global profiles cause an BSOD (007E error). The HS guys are former Microsoft guys and HS beta really worked well (until SP1).

    When you run Vista in Lua (with TweakUAC in quiet mode) and have D+ looking after dirver installs, I would not worry when using it with a freeware AV. IE in protected mode in Vista is safer than IE in XP. When you use KAV with Active Defense Protection Module, Window's own FireWall in combo with VistaFireWall control (for outbound control) is a real good FW and light, because it is deeply integrated in Vista's OS.

    Regards K
     
Loading...
Thread Status:
Not open for further replies.