AppGuard, and COMODO

Discussion in 'other anti-malware software' started by Cvette, Dec 13, 2011.

Thread Status:
Not open for further replies.
  1. Cvette

    Cvette Registered Member

    Joined:
    Apr 16, 2010
    Posts:
    373
    Location:
    South Carolina, USA
    I've seen a great amount of positive feedback for AppGuard lately on how light, and strong it is. I'm all for light, and effective security software, but does AppGuard do anything that my currently installed COMODO Firewall does not? I wouldn't want to spend the $39.95 if COMODO already does what AppGuard would do in its place.

    I would hate for this to turn into an A vs. B thread, so rather than ask "Which is better?" I ask only one thing. Does AppGuard possess any functionality that COMODO Firewall w/D+ doesn't already have?
     
  2. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Yes appguard is an anti-exe. Comodo is a HIPS. You can configure comodo to operate as an anti-exe.
     
  3. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    Very different pieces of software. Comodo's D+ is traditional HIPS where AG is strictly policy based. AG won't ask you to do anything whereas Comodo will require you to make decisions at times. AG is an anti-executable and doesn't have any built-in firewall capabilities. AG is just a different kind of protection. You should take advantage of the free trial for AG and see how you like this type of software before you purchase. It will also allow you to discover any potential conflicts with other software before you spend your money.
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    it is good even if you run it alone;)
     
  5. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Yeah sorry for the short but sweet answer. Comodo and appguard are two different softwares. They both run very well together. I actually had appguard, sandboxie and Comodo firewall running together. No issues, no headaches. I know that appguard doesn't have a firewall. Nor does it have an online AV and behavior component. Like 1000db said, they are both two very different programs. They do compliment each other nicely. Anti-exec's aren't for everyone. You sometimes have to hash out a few issues with installing programs and then getting them to work once installed. Other than that its very light and secure. Give it a try.
     
  6. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    if i could Get app guard i will certainly will
    in my opinion appgurad better than any complimentary security software on the market these days
     
  7. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    Hi,

    There is something I don't quite understand. Comodo FW with D+ is a classical HIPS security solution whereas AppGuard is a policy based anti-EXE.

    Then why are there tests where these two completely different programs are compared if their scopes are quite different from each other.

    I read and even posted in a different thread about Comodo with D+ not blocking rootkit ZeroAccess whereas AppGuard blocked it at default level.
    There's even a guide at Comodo forums about setting up D+ to act as an anti-exe which obviously is not [at least by default].

    Isn't that comparison somewhat misleading since the way these two products behave and interact is quite different? [anti-exe vs hips]


    Thank you.
     
  8. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    The two applications work quite differently and they do work well in combination together. Some of the differences are described below.

    Comodo Firewall with Defense+ uses a mixture of HIPS, cloud-based analysis, and whitelisting to determine the status of executables as good, bad, or unknown. Depending on the classification, an executable will be allowed if good, blocked if bad, or run in a sandbox (if enabled) if unknown. As Defense+ is classical HIPS it will generate alerts that require a user response.

    With Comodo, the protection is always on in the sense that it isn't necessary to nominate applications for protection. Comodo will automatically make its own classification and behave accordingly. With Comodo it isn't necessary to disable Defense+ in order to install software or apply updates, although the user may have to respond to a number of Firewall and Defense+ alerts during the install process. One feature that is missing from Comodo is the ability to lock folders containing private confidential data to prevent read access.

    AppGuard works by applying pre-defined policy restriction rules to applications, depending on the level of risk that they pose for exploitation by malware. The way the policies are applied will depend both on how AppGuard is configured and on the level of protection chosen. AppGuard will automatically block policy violations and log the reason without asking the user what to do. In order to override this, it will be necessary to temporarily suspend one or more AppGuard protections.

    Two basic concepts that AppGuard works with are the concept of guarded and unguarded applications, and the concept of System-Space and User-Space. User-Space is the user profile plus any additional non-system partitions, and System-Space is all files and folders that are not in User-Space. Guarded applications can write to User-Space but may not write to System-Space. Unguarded applications can write to both User-Space and System-Space. Executables residing in System-Space can run guarded or unguarded, but will only run guarded if explicitly added to the list of guarded applications. Executables residing in User-Space are either not allowed to run, or are automatically guarded, depending on the level of protection chosen.

    The AppGuard security model provides strong drive-by download protection for guarded applications. In order to do software installs though, it is usually necessary to change the AppGuard protection level to Install during the install process, which temporarily suspends most of AppGuard's protections. Another useful AppGuard feature is Privacy Mode, which enables folders containing private confidential data to be locked to prevent read access by guarded applications. AppGuard has no firewall features.

    The above is not intended to be a full description of the feature sets of these two applications, but hopefully it is enough to show that they are very different types of application and can be effectively deployed together.
     
Loading...
Thread Status:
Not open for further replies.