CIS 6.1.x.x Releases!

I have two major problems with the latest edition
1. Cannot change language in sandboxed browsers from English to Greek
2. When I purge trusted applications the deleted ones are there even though purging was successful
That's enough for me, unistall it today

 

On 8 for me I haven't noticed any performance slowdowns, but I wonder if that would be dependent on the type of system one has.

But the occasional freezes are as unexpected as they are wretched.

 

Working so well with Vista x64 .... Only 4 MO .... no bugs no issues nothing.

 

As is to be expected. It never ceases to amaze me when an application freaks out over something as simple as an out of date driver or because you unticked a box during setup. It would be interesting to see what percentage of users having issues are actually running windows 8.

 

I installed just the v6 Firewall and so far it's all smooth for me too. I enabled the HIPS but have left the Behavior Blocker turned off for now. Personally I prefer the Defense+ alerts to the BB auto-sandboxing feature, which can interfere with installers.

 

On my Win 8 and for that matter any win box i always rely on a HIPS to also alert straightway to manually adding a new string into the Run branch of the registry. Did i miss something here w/ Comodo fw? It fails to alert at all on such an elementary action. So i am of all apps turned to Spyware Terminator for immediate dependable alerts per the registry.

Would be a milestone if EQSys had a signed driver for x64 but that issue is mute of course.

If comodo could fashion this app/hips as expected it would be welcome, but untill or unless....

 

EQSys ?

 

EASTER,
By default CIS 6.1's Hips is set on Safe Mode. You have to change it to Paranoid to get notifications, and I mean a lot of notifications. Particularly on Win 8. Also, CIS 6.1 doesn't notify you of what it considers trusted processes are doing like cmd.exe, rundll32.exe, runas.exe, cscript.exe, wscript.exe, or regsvr32.exe. To me that's dangerous which is one of the reasons I think CIS 6.1 is a joke from a security standpoint. This "blind faith" that others have in it is beyond me.

This, of course, is just my opinion.

Later...

 

I recently installed the latest v6 of the firewall and discovered that HIPS is Off by default. Defense+ has to be enabled under advanced settings where the default is SAFE mode, but it can easily be changed to other modes, such as Paranoid, there.

 

Which explains it plainly enough. Sort of akin to Mamutu's Paranoid mode that alerts on about every activity but offers more intensive security geeks like me a method to make rules on-the-fly as well as review if important files of concern are being alerted to or not.

 

I've been a Comodo Fangirl for a few years now, but after installing Windows 8 I've had to reevaluate my stand. Today I had the third blown installation of an application due to a frozen D+ alert. On my computer the only option that I have is to Shutdown the system thereby leaving god alone knows what sort of residua behind. Unacceptable. I won't even bring up the amount of times that, while functional, Firewall alerts would only show that top half of the alert box! Try blocking something when Allow is the only thing that is visible.

Further, as was noted above the D+ alerts leave more and more to be desired. It is so easy when you are testing files that you know are malware to feel good when you block the baddie after a D+ alert Stops it in its nasty tracks. But would you really have made the same decision if that same file was downloaded from ftp.mozilla.org? Too many decisions there, and not nearly enough as random (as again was brought up by Trespasser) cmd.exe, svchost, etc pop up.

A year ago I wouldn't have believed it, but for me it's time to move on. To my utter surprise there are some anti-malware applications that have protection actually be enhanced in a Windows 8 environment instead of being bugged out.

So I've moved from CIS to Symantec Endpoint. It's kind of nice sometimes to have decisions made for you.

 

So they didn't fix this major issue...Comodo is beginning to lose ground step by step...

 

Unfortunately so, at least untill when they seriously get around to addressing their products to become equally compatible on this newest MS pla(y)tform.

In straight layman's terms.....trimming the fat

 

comodo v6 has been designed so that the HIPS do not need to be used.

You either use the HIPS or the BB.

 

I would say if you have BB on and HIPS off it means that HIPS kicks in when BB determines something suspicious.

 

BB is not real behavior blocker but renamed autosandbox.
It still can not determine anything suspicious.
The file is either Safe or Unknown.

"Real" BB is coming soon....

 

Hm, then they shouldn't call it BB it's misleading. Especially when you have both "BB" and HIPS on and get doubled popup surge but put up with it having in mind idea that you are more protected.

 

Its called BB coz true BB features are in the pipeline that will be added under this module in the subsequent future versions. This is just a start for Comodo BB protection module.

 

Really? And how works its proactive protection if doesn't work? Only by this BB module which in fact is not behavioral blocker? It's funny how one can name something as behavioral blocker when it has nothing common with such technologie.

 

You remember that beard i had

 

Do you have any proof that its proactive protection doesn't work? Matousec tested CIS 6.0 in "Proactive Security Challenge 64".

 

The HIPS are still present even if turned off within the interface.
The BB module is coming to comodo in a while and i should imagine the HIPS will be completely disabled at this point.

I have ran both together with no problems.The only concern i have is the av not detecting malware within the kiosk and im not sure if this is intended behaviour or not.

Version 6 was released too early in my opinion.

 

Next CIS update : GUI fixes, probably bug fixes

Future ... : Real BB

Currently we do have a "Cloud Based Behavior Analyser" which is CIMA.

but it's behavioral analysis
it's not behavioral blocking.

 

Bug fixes for certain one would expect as each next release reveals yet new issues to draw up work orders for.

Behaviour Analysis results dictate Behavioral Blocking (or not) which in turn begin to fill a database list (Ruleset) from which that BB module or BB Program uses to filter it's actions.

I find it somewhat surprising that theres not been as much study given (or development for that matter) to the inner workings of BehaviorBlockers as there was for HIPS.

Regards Easter