Comodo behavior blocker

I heard seen on here before that someone said multiple times that comodo is developing a real behavior blocker (not the sandbox). Does anyone have any info if this is true or not? Possibly a link to some info? I used google to research it but came up short on any real answeres. Thanks.

 

Have you tried the comodo forum.?

 

Yes, according to them, they were thinking of integrating a real behavior blocker, and I think they said it was going to be in V6.2 but I haven't heard of much talk about it though. Personally, I think it will take a while for them to put that in, like always.

 

Only problem with comodo is that they come up with some fantastic software and then abandon it a few months later for what ever reasons.

 

Haven't seen them abandon CIS yet

 

Thats very true.
I dont think they will abandon it just yet.
It will get much better in time.

 

You might have misunderstood what I meant.
I asked egemen. The upcoming ver as you should already know will adress all requests about the GUI from CIS users who complained about it not long ago. Once this done, typically all V5 users will be updated to V6. Then we will start waiting for the BB. And BTW, you could simply ask on the CIS thread.

 

If you develop something that gets 55 M of worldwilde users in a couple of years with a big team of ppl working for the development as well as AV labs, you don't really think about abandon.
CIS IS the main product developed by Comodo.

 

Hello spywar.

Im speaking about some of the other projects like CTM and programs manager.
As you say CIS is their flagship product and its most excellent but some of the other sidelined programs were good too but have not received any updates.

Thanks.

 

Well, i hope they imliment it in v6.2 but to me that seems unlikely cinsidering weve seen hide nor hair of it. Untill then im running comodos hips in a *toned down *mode S in ive cinfigured its protected files/folders and monitoring settings to only alrt me to what i deam extreamly malicious actions. Some would cinsider it putting cfw on a crutch, i consider it making a makeshift BB considering theres a shortage of free ones lol

 

very true indeed

 

They already have a pretty good HIPS, IMO theres no need for a BB.

 

There is a need to implement a great BB that automatically starts monitoring unknown files that are sandboxed and automatically deletes the ones that have bad behavior. Ofc Advanced users should be able to set it to ask them with popups.

 

IMO a classic BB is important to have because of the simple fact that HIPS is waay to chatty. I am advances pc user and i think that. Makes me wanna bang my head off the desk

 

A good and reasonably intelligent Behavior Blocker coupled in tandem with a solid HIPS is made for some incredibly tight security overall in my experience with them.

It was because of the introduction of a good HIPS (and not those lame chatty ones) that proved (for me) that a resident AV was totally a waste and not nearly as effective. Add to that the lite resource useage for good measure.

I'm probably just one of few handful of some seriously challenging users who was out to prove (and did) that any AV's were not even in the same league as a well configured HIPS (EQSysecure) supported with an active Behavior Blocker (ThreatFire) at the time. Throw in Sandboxie and/or Shadow Defender/Returnil or any other full coverage Virtualization Layer and it was game over.

Remains to be seen if Comodo. can separate their proactive defense from the rest of the field by integrating the best features of those now defunct formerly great apps into their own creation without drawing down the performance on our machines.

 

Hi

Have you a Link for it comodo Forum where did you Read it

 

This has been talked for years on the Comodo forum.

Problem is a behavior blocker is extremely sophisticated stuff usual reserved for commercial firewalls/AVs. The only product that I know that has it on the retail side is Privatefirewall. I suspect that is because it was a commercial product at one time. PF calls in Anomaly Detection and it is conditioned by using a percentage deviation from normal past behavior. In other words, it has to be monitored and "tweaked" to your operating environment to be truely effective. I suspect the average user will "shoot himself in the foot" once they start changing the settings from default.

I also beleive Prevxx had behavior elements to it? I assume Webroot incorporated those into WSA?

 

If comodo made a exact clone of threatfire I`d.be happy

 

Hi

Thank you for your answer

 

I'd prefer it to resemble Mamutu personally.TF had an annoying habit of automatically wiping out good applications that it deemed dodgy,whereas Mamutu gave the user the option to ignore it's warnings.

It has been mentioned on numerous occasions by the devs at Comodo,so I hope it's still in the pipeline,I'm a huge fan of a good behaviour blocker as it can be a very powerful tool.

 

I think a HIPS is good enough for most users and a lot depends on user habits and what software is downloaded and sites visited etc.

My view FWIW.

 

I'm one of those in that audience. Comodo. being one of those rare outfits that manufacture a warehouse of different programs whether they are accepted as useful or not might should do just that. And it wouldn't hurt if enough former Threatfire diehards would petition Comodo. to consider such a project. After all, it's right up their alley.the way they like to throw together multiple programs for every sort of useage.

Maybe they can roll out a Behavior Blocker not so unlike our prized Threatfire and do it some better.

 

Yes, it's the core of the program taking into account thousands of end points for taking decisions on what is good or bad. IMO, the best you can get on the market nowadays. Prevx 4 (WSA) of course has inherited that as natural evolution of Prevx 3.

The main advantage of PREVX/WSA? The core knowledge and algorithms are in the cloud, with huge power and calculation capacity of data centres. No reverse engineering possible locally.

 

Zone Alarm has a BB built into its AV. AV products integrate a BB even if they don't have an HIPS component.