Comodo Internet Security 6.xx Thread

Discussion in 'other anti-malware software' started by Mops21, Oct 10, 2012.

Thread Status:
Not open for further replies.
  1. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    Oddly today the boot up times seems a bit more snappy.
    Strangely IE got sandboxed as an unrecognised file.o_O
     
  2. Jaspion

    Jaspion Registered Member

    Joined:
    Nov 23, 2012
    Posts:
    195
    Location:
    Brazil
    It's not a configuration, you just click where it says "Realtime Protection: Active/Disabled" and it will show you the components and whether they're enabled.
     
  3. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    Thanks just done it.didnt realise you could do that.lol:thumb: :ninja:
     
  4. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    Thanks for the tip RejZoR :thumb:
     
  5. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    I many times heard that the sandbox in CIS is not a fully real sandbox like the Sandboxie. Then maybe someone can explain me one important for me question.

    I adjusted the Sandbox to run browsers there and assigned restriction level as "Partially Limited". Then does it mean that all the changes in these sandboxed browsers and the OS, the disks (excluding the Shared Space) are erased after restart of Windows or resetting the Sandbox?

    I mean I want to use COMODO's sandbox like the Sandboxie with its "Delete" button. When all traces in and outside the browsers are cleaned after deleting the sandbox.

    Thank you
     

    Attached Files:

  6. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    CIS has 2 types of "sandbox":
    1) Kiosk is fully virtualized environment. You can delete its content and it is pretty much same as Sandboxie.
    2) Autosandbox. Unknown files are run with dropped rights and different levels of restrictions. You can make a registry entry to enable Fully Virtualized setting for it. After that, it is deleted after restart and there are no more malware leftovers.
     
  7. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,253
    Location:
    North Texas
    Thanks for the info!:thumb:
     
  8. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Then what about the sandboxed browsers in my previous post?
     
  9. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    I just click the comodo dragon icon at the bottom of the gadget and dragon opens virtualized.I assume it is virtualized .The green border is around the browser.

    I donr see how you can run your browser "partially limited."o_O
     
  10. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Not from the gadget, in the "Advanced Settings" ->"Defence+"-> "Sandbox". Only the inconvenience is that they always are automatically sandboxed.
     
  11. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    Ive never configured my browser like that i always press the gadget icon to open browser.

    Have you tried just removing them from the sandbox.
     
  12. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    You can enforce it through Advanced Settings -> Sandbox.

    I have all Internet Explorer executables set to "Limited" since i don't use IE. Same for Windows Media Player executables. And Windows Sidebar as well.
    Just to be sure.

    Any other idea wha to limit as well in order to reinforce the OS ?
     
  13. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    ok thanks for that.
    So when i open my browser from the gadget is it fully virtualized or not?
    I didnt realise you could set restrictions on the browser like that.
    I have the autosandbox set to fully virtualize after adding the registry key.

    Do you have the hips enabled as ive disabled it .
     
  14. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    You can check restriction level in KillSwitch, column "Restriction". No need to have HIPS on for sandboxing.
     
  15. guest

    guest Guest

    on my system (win8x64), sandboxed "zemana keylogger test" can capture keystrokes. without sandboxing (when disable BB), CIS HIPS can stop it.

    i disabled whitelist, checked again but same result.

    i dont know why.
     
  16. Jaspion

    Jaspion Registered Member

    Joined:
    Nov 23, 2012
    Posts:
    195
    Location:
    Brazil
    Would you please make this post @ the Comodo Forum? I'm sure they'll appreciate it, and we may all have a better CIS for that.
     
  17. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Be aware that while Full Virtualization does prevent operating system wide modifications, it does absolutely nothing against data leaking as virtualized environment just copies everything from the actual host. So technically if you run a data miner trojan inside fully virtualized sandbox, it will still steal easily.
    You still need full virtualization + restriction. Full virtualization ensures system cannot get actualyl compromised and restrictions prevent apps running virtualized to access off limits data.

    Full virtualization through VMWare is not affected as there you run a physically separated OS. Sandboxie, BufferZone and Comodo's general full virtualized sandbox are however affected. You can minimize the damage if you quickly go and reset the sandbox if you find out that you run a data miner trojan, but that won't ensure anything.
     
  18. Jaspion

    Jaspion Registered Member

    Joined:
    Nov 23, 2012
    Posts:
    195
    Location:
    Brazil
    RejZor is right.

    What Comodo needs to add to CIS is a way to use restrictions inside the sandbox.
     
  19. guest

    guest Guest

    Yes, There is no way to prevent data leaking as virtualized environment on current version.
    HIPS doesnt check sandboxed apps.
     
  20. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Actually it does (like it did in CIS 5.x), but you have to enable it manually.
     
  21. Jaspion

    Jaspion Registered Member

    Joined:
    Nov 23, 2012
    Posts:
    195
    Location:
    Brazil
    Could you please show us where the setting is?
     
  22. Jaspion

    Jaspion Registered Member

    Joined:
    Nov 23, 2012
    Posts:
    195
    Location:
    Brazil
    Did you try with the virtual keyboard?
     
  23. guest

    guest Guest

    where is virtual keyboard?
    it is not releated with virtual keyboard.
    it is releated BB and virtualization.
    BB has problem, untrusted auto-sandboxed exe can capture keystrokes
    and HIPS doesnt protect against auto-sandboxed/fully virtualized process.

    if i disable BB autosandbox function, HIPS can stop keylogger. Otherwise BB run it untrusted process but it can log successfully and HIPS doesnt show any alert.



    https://forums.comodo.com/leak-test...h/zemana-can-capture-keystrokes-t89907.0.html
     
  24. smage

    smage Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    378
    Hi can you check if Zemana is able to capture keystrokes if you use the virtual keyboard in virtual kiosk.

    Thanks
     
  25. guest

    guest Guest

    Nope. Cant catch if you use vk.
    Off course, there are special sniffers for catching virtual keyboard.
    In this case we talking about diffierent things.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.