comodo firewall 3.0 is easily killable via the task manager

Re: after several trials, end result :comodo 3.0 is easily killable

This is not quite so... The basic way to avoid process termination is by hooking a windows function (NtTerminateProcess). It's true that most of antivirus, HIPS and antimalware in general hook that function too, but it's the job of the programmers to make sure the hooking is safe. If some precautions would've not been taken, then the various security solutions would be incompatible one to another, but this is not the case.
So, as a conclusion, a firewall could protect itself if it takes care how it's using the hooks.

 

Re: after several trials, end result :comodo 3.0 is easily killable

I would actually think that if such was possible, then there are many vendors awaiting this info. Please advise them. I know from beta testing SSM that certain possible acceptancey between various protection systems is, to say the least, not always possible.

Please show possible example,.

 

Re: after several trials, end result :comodo 3.0 is easily killable

I believe the correct answers are, in order, no, they have to - that's how they work, and no. At least at this time, and probably moving forward as well although I haven't followed the details with Vista that much.

Blue

 

Re: after several trials, end result :comodo 3.0 is easily killable

1-AVG antispyware has powerful self protection although it is not related to any kind of hips and it also contains an option to enable or disable the self protection

2-outpost 2008 and v4.0 has an option to enable or disable self protection which is not related to its hips function in other words you can disable the component control function"hips" in outpost while u still having the self protction enabled

in fact there's no conflict between any independent hips program and the ability of any other installed software to protect itself from termination

 

Re: after several trials, end result :comodo 3.0 is easily killable

My mistake, I use Avira AV, which hooks that function, and I also saw that many security suites use it too, and so I came to the wrong conclusion that it is used by the antivirus part of the suite too (when in fact it is probably used by the HIPS component).

As far as I know, if you hook a function, you must also call the original function. So in theory, there should be no problem that every program hooks a function - the others will continue to function correctly.
As for an example, Avira Personal is working fine along Sygate Firewall, and they both hook NtTerminateProcess.

 

I'm not sure if this would work so I'm asking and throwing it out there as a suggestion,

to protect it from being killed and to get just the basic firewall can you install with the defense + but put it on the training mode setting?

so that way you can use the process protection but everything will automatically be learned so you won't get pop ups from the hips feature,

I am currently using CFP with the defense + enabled and set to clean pc mode I'll probably put it on paranoid eventually but I was thinking about the defense + in training mode for a friend who doesn't know how to use a hips and my friend would probably kill me because of all the pop ups they'd get

does anyone think that would work? it would make it just the basic firewall but also give it protection?

I thought this seemed like the right topic to ask this, if it is OT then I'll create a new thread with this post.

 

When you go to install CFP3, it recommends you use Defense +. It then goes on to say if you install the Basic Firewall mode, there is *no* malware defense. What did you think that meant?

If you configure a program to not do malware protection, and it does what it says, no malware protection - Why are you complaining?

I have to agree with the CEO of Comodo here - they were clear IN THE INSTALLER about what mode you should use and what the consequenses of using basic mode was. On their forums, they explain the basic mode was there for users who used a separate 3rd party HIPS or alternative Malware protection product.

To make a bad car analogy, my Subaru has a fuse that will disable AWD when pulled. If I then pull that fuse, should I complain that Subaru's *DON'T* have functioning AWD?

 

Re: after several trials, end result :comodo 3.0 is easily killable

Hello,

Thank you for reply, and sorry for my late reply (problem with ISP)

I will take time to look at this, maybe I am too blinkered in what I have seen before. I will try and find time to look (and probably learn) more on this.

 

Hi,

KIS7 has also an option to enable or disable self protection.
Settings > Service > Enable Self-Defense

Cheers