Comodo Internet Security 10.x Thread

Discussion in 'other anti-virus software' started by Mops21, Dec 22, 2016.

  1. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,559
    Location:
    The etherlands
    I have Comodo Firewall only, but internal updater still not not finding / downloading build 6396 (issued Nov 1).

    I suppose I could download CFW only and install over the top, but IIRC I had problems doing this before.
     
  2. wasgij6

    wasgij6 Registered Member

    Joined:
    Mar 29, 2011
    Posts:
    307
    In the announcement post Umesh said "At the moment we have updated comodo.com for new installations, updates for older CIS versions will be released next week."

    They are going to be pushing 10.0.2 on monday.
    "Hi All,
    Following is final build that will go live on Monday, 13th Nov, 2017 at early US-EST hrs and updates to all older versions will also be released."
    https://forums.comodo.com/beta-corner-cis/comodo-internet-security-v10026408-rc-t120932.0.html
     
  3. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,559
    Location:
    The etherlands
    :thumb: Thanks for that info.
     
  4. wasgij6

    wasgij6 Registered Member

    Joined:
    Mar 29, 2011
    Posts:
    307
    No problem :thumb:
     
  5. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    1,767
    Location:
    Germany
    Hi all

    Comodo Internet Security v 10.0.2.6408 Released

    https://forums.comodo.com/news-anno...et-security-v10026408-released-t120949.0.html

    With best Regards
    Mops21
     
  6. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,559
    Location:
    The etherlands
    Got it now :).
     
    Last edited: Nov 17, 2017
  7. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,732
    Location:
    Europe
    It requires the previous version uninstall ( mine is 10.01.6294 ) or it is possible to install over ?
     
  8. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    530
    Location:
    Croatia
    No need for uninstall, just install over old one.
    After that you have to restart PC.
     
  9. wasgij6

    wasgij6 Registered Member

    Joined:
    Mar 29, 2011
    Posts:
    307
    :thumb:
     
  10. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,649
    The file submission system still doesn't work does it? I have CCleaner files that should be white listed, but were unrecognized anyway, that were auto submitted on 11/3. They still have not rec'd the response that they are safe.
     
  11. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,732
    Location:
    Europe
    Thank you. Bored to get a try with softwares and to have to restore a previous image. :thumb:
     
  12. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,217
    Location:
    Paris
    For those that use my settings only- the internal updater works fine, but please verify the auto-containment (sandbox) setting after reboot as it may have been reset to Partially Limited instead of the previous setting of Restricted (or Untrusted).

    ps- note that there is now a function (they listened!) to delete all the accumulated stuff in Blocked Applications.
     
    Last edited: Nov 14, 2017
  13. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    530
    Location:
    Croatia
    On my PC stay the same:
    cf.jpg

    Where is that options: "delete all the accumulated stuff in Blocked Applications"?
     
  14. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,217
    Location:
    Paris
    DJ- the sandbox change may have been specific to me, but I wanted to make sure that no one else was affected as the proper setting is of paramount importance.

    Regarding the "Blocked Applications"- this would refer to the stuff that accumulates and can be seen on the main GUI (sorry- I am elsewhere so can't give a screenshot)- on the left under Network Intrusions. Previously these had to be left as is even though they may be either have been addressed or ignored. Now they can be cleared; not a big thing by any means, but I am anal and like things clean...
     
  15. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,559
    Location:
    The etherlands
    @cruelsister Mine was also set to 'Partially Limited'.

    Should the Action be 'Run Restricted', or 'Run Virtually' as @Djigi has it?
     
  16. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,732
    Location:
    Europe
    @cruelsister Don't you think that to use DEFENSE+ in Paranoid Mode customized and without auto-containment is a more sure defense ?
     
  17. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    422
    Location:
    Italy
    If you like to get popups, sure :) But if you mistakenly click "allow" when you should click "block", then there's nothing that can save you ;)
    cruelsister's settings give you almost no popups and what you have to do is, if something is running in the sandbox (thus with a green border), ask yourself if it's legit or no. If so, make an exclusion to the auto-containment. If not, just reset the sandbox and delete that app :)
     
  18. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,732
    Location:
    Europe
    Yes, it's an " old " question: to use the auto-containment is more comfortable and not boring, but sandbox were and are vulnerable to some types of attack, while the pure use of an HIPS, highly configured, is more sure.
     
  19. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,217
    Location:
    Paris
    BK- You bring up an excellent question, but sadly I don't feel that anyone can give a definitive answer regarding the safety of a Paranoid Mode HIPS. The reason for this is simply that various people have varying degrees of knowledge; to answer a popup correctly a person MUST know what is being asked prior to making an informed choice. In my setup there are no such assumptions.

    But let's also look when Paranoid Mode is enabled without the sandbox for two different types of files:

    1). A typical malware file- With Paranoid Mode (hereafter PM) on and the file is run you will get AT LEAST 2 popups- one for Explorer is attempting to run a file, then a popup for what that malicious file is attempting to do (and there may be multiple popups here depending on how the malware is constructed). However you will also notice that the HIPS description will state that the file is unknown and is trying to do whatever. In this case with the HIPS off and Containment on that file would have just been sandboxed (you can get a popup telling you this if you don't shut it off, but no choice on the Users part is needed).

    Either way the malware would have been stopped. But which method is more elegant?

    2). For fun, try to open a file manager like my favorite xplorer2. As a file manager must touch just about everything on a system, PM will give popups beyond number. I always give up after 25, and you can see an issue here if something malicious would be dropped after I shut down PM in despair. On the other hand Containment just allows it to run.

    You also state that sandboxes are vulnerable (before beginning, please note that when you read about a sandbox "bypass" it refers more to the malware fooling the sandbox user that the file is safe and not that it will break out on its own). Note that various sandboxes work by differing methods and also for different uses.
    Consider a sandbox that is used for forensic analysis- evasion techniques like counting the number of Documents on a system, activating only after a number of right-Clicks, or the hated Sleep Skipping may lull a person into thinking the file is safe. For the comodo containment system, these files just won't run and should be considered malicious. A person should no more take something out of containment that will not activate any more than he would run file after Avast tells you it is malicious.

    Finally note one thing- on a VERY VERY broad basis malware will attempt to do one of two things- either trash files directly or steal information. So please consider the worst thing possible for Comodo at my settings- that of a highly signed malware file.
    a).- File Trashing- one should ALWAYS have a current image that can be restored- not so much for the non-existent ransomware file signed by Microsoft, but for the more common occurrence of hard drive failure.
    b). Data Stealers- Note that my settings also has the Firewall on. For the paranoid it should be set at Custom so every outbound connection can be accepted/denied on a case by case basis. Remember that a data stealer that can't connect back to Command is just another piece of junk.

    Although there could be much more said, what it really boils down for me is that I want to use my computer for High and Noble purposes like shopping and watching cooking videos. I have neither the time nor the desire to acknowledge innumerable security popups.

    (pardon the length of this post- this is also why I don't speak on my videos. They would extend over hours...)
     
  20. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,732
    Location:
    Europe
    A lot of users complain that the HIPS pop ups are too many and boring, but I don't understand: once the HIPS is installed it needs basically to set the rules for the other installed programs: ok, this is boring and, if you want to get the highest protection, it requires time and work; but once it is done, how many new softwares do you install every day or every week to require a new , boring work ?

    Anyway, about Cis Defense+, I never used the sandbox now auto containment, but I know, and I read in the forum, I believe in this thread, that in some situation the sandbox decides over the HIPS ( sorry for I don't remember the details ): and I trust Defense+ more than the auto containment.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,869
    Location:
    The Netherlands
    Very interesting post! So if I understood correctly, you're not a fan of user controlled HIPS, but you really love auto-containment. If I didn't have such bad experiences with Comodo in the past, I surely would have tried it. What about Comodo Cloud AV, does it have the same strength when it comes to sandboxing?
     
  22. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    761
    I believe it's the same..just without the firewall.
     
  23. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    422
    Location:
    Italy
    https://antivirus.comodo.com/cloud-antivirus.php
    Go to the FAQ
    In CCAV the sandbox protection level is not customizable like in CIS, but the default level is higher than CIS' default level (something between limited and restricted)
     
  24. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,217
    Location:
    Paris
    I just tried the current CCAV and I have to say that I don't hate it anymore. They made a couple of important enhancements since I last danced with it that I find optimal:

    1). the Containment level is now somewhere between Restricted and Untrusted.

    2). Under Sandbox settings there is now Network Traffic Control options. This is of paramount importance. Previously sandboxed RATS could connect out to control. Now (I tried a current Volgmer RAT variant) the request for OutBound connection was just totally denied.

    Thank you Rasheed for asking me about CCAV; I had no idea of the improvements (it still is clunkier than CF, but on a modern system (non-POS) it would not be an issue.
     
  25. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    422
    Location:
    Italy
    Glad to hear that :thumb:
    The new fileless malware protection feature is also very good
     
Loading...