Comodo behavior blocker

Discussion in 'other anti-malware software' started by Antimalware18, Jun 13, 2013.

Thread Status:
Not open for further replies.
  1. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    I heard seen on here before that someone said multiple times that comodo is developing a real behavior blocker (not the sandbox). Does anyone have any info if this is true or not? Possibly a link to some info? I used google to research it but came up short on any real answeres. Thanks.
     
  2. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Have you tried the comodo forum.?
     
  3. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Yes, according to them, they were thinking of integrating a real behavior blocker, and I think they said it was going to be in V6.2 but I haven't heard of much talk about it though. Personally, I think it will take a while for them to put that in, like always.
     
  4. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Only problem with comodo is that they come up with some fantastic software and then abandon it a few months later for what ever reasons.
     
  5. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Haven't seen them abandon CIS yet :)
     
  6. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Thats very true.
    I dont think they will abandon it just yet.
    It will get much better in time.
     
  7. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
    You might have misunderstood what I meant.
    I asked egemen. The upcoming ver as you should already know will adress all requests about the GUI from CIS users who complained about it not long ago. Once this done, typically all V5 users will be updated to V6. Then we will start waiting for the BB. And BTW, you could simply ask on the CIS thread.
     
  8. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
    If you develop something that gets 55 M of worldwilde users in a couple of years with a big team of ppl working for the development as well as AV labs, you don't really think about abandon.
    CIS IS the main product developed by Comodo.
     
  9. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Hello spywar.

    Im speaking about some of the other projects like CTM and programs manager.
    As you say CIS is their flagship product and its most excellent but some of the other sidelined programs were good too but have not received any updates.

    Thanks.
     
  10. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    Well, i hope they imliment it in v6.2 but to me that seems unlikely cinsidering weve seen hide nor hair of it. Untill then im running comodos hips in a *toned down *mode S in ive cinfigured its protected files/folders and monitoring settings to only alrt me to what i deam extreamly malicious actions. Some would cinsider it putting cfw on a crutch, i consider it making a makeshift BB considering theres a shortage of free ones lol :cool:
     
  11. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    very true indeed
     
  12. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    They already have a pretty good HIPS, IMO theres no need for a BB. :D
     
  13. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
    There is a need to implement a great BB that automatically starts monitoring unknown files that are sandboxed and automatically deletes the ones that have bad behavior. Ofc Advanced users should be able to set it to ask them with popups.
     
  14. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    IMO a classic BB is important to have because of the simple fact that HIPS is waay to chatty. I am advances pc user and i think that. Makes me wanna bang my head off the desk:argh:
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    A good and reasonably intelligent Behavior Blocker coupled in tandem with a solid HIPS is made for some incredibly tight security overall in my experience with them.

    It was because of the introduction of a good HIPS (and not those lame chatty ones) that proved (for me) that a resident AV was totally a waste and not nearly as effective. Add to that the lite resource useage for good measure.

    I'm probably just one of few handful of some seriously challenging users who was out to prove (and did) that any AV's were not even in the same league as a well configured HIPS (EQSysecure) supported with an active Behavior Blocker (ThreatFire) at the time. Throw in Sandboxie and/or Shadow Defender/Returnil or any other full coverage Virtualization Layer and it was game over.

    Remains to be seen if Comodo. can separate their proactive defense from the rest of the field by integrating the best features of those now defunct formerly great apps into their own creation without drawing down the performance on our machines.
     
  16. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    1,499
    Location:
    Germany
    Hi

    Have you a Link for it comodo Forum where did you Read it
     
  17. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    This has been talked for years on the Comodo forum.

    Problem is a behavior blocker is extremely sophisticated stuff usual reserved for commercial firewalls/AVs. The only product that I know that has it on the retail side is Privatefirewall. I suspect that is because it was a commercial product at one time. PF calls in Anomaly Detection and it is conditioned by using a percentage deviation from normal past behavior. In other words, it has to be monitored and "tweaked" to your operating environment to be truely effective. I suspect the average user will "shoot himself in the foot" once they start changing the settings from default.

    I also beleive Prevxx had behavior elements to it? I assume Webroot incorporated those into WSA?
     
    Last edited: Jun 15, 2013
  18. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    If comodo made a exact clone of threatfire I`d.be happy:D
     
  19. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    1,499
    Location:
    Germany
    Hi

    Thank you for your answer
     
  20. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I'd prefer it to resemble Mamutu personally.TF had an annoying habit of automatically wiping out good applications that it deemed dodgy,whereas Mamutu gave the user the option to ignore it's warnings.

    It has been mentioned on numerous occasions by the devs at Comodo,so I hope it's still in the pipeline,I'm a huge fan of a good behaviour blocker as it can be a very powerful tool.
     
  21. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    I think a HIPS is good enough for most users and a lot depends on user habits and what software is downloaded and sites visited etc.

    My view FWIW.
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I'm one of those in that audience. Comodo. being one of those rare outfits that manufacture a warehouse of different programs whether they are accepted as useful or not might should do just that. And it wouldn't hurt if enough former Threatfire diehards would petition Comodo. to consider such a project. After all, it's right up their alley.the way they like to throw together multiple programs for every sort of useage.

    Maybe they can roll out a Behavior Blocker not so unlike our prized Threatfire and do it some better.
     
  23. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,724
    Location:
    localhost
    Yes, it's the core of the program taking into account thousands of end points for taking decisions on what is good or bad. IMO, the best you can get on the market nowadays. Prevx 4 (WSA) of course has inherited that as natural evolution of Prevx 3.

    The main advantage of PREVX/WSA? The core knowledge and algorithms are in the cloud, with huge power and calculation capacity of data centres. No reverse engineering possible locally. ;)
     
  24. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,438

    Zone Alarm has a BB built into its AV. AV products integrate a BB even if they don't have an HIPS component. :thumb:
     
Loading...
Thread Status:
Not open for further replies.