Discussion in 'other anti-malware software' started by Mops21, Oct 10, 2012.
They're not silly at all.
Usually you'll get notifications a couple of days after v6 goes final.
Thank you andy much appreciated.
After about 1 hour's browsing,if this helps.
The sandboxed applications can not create any files in the desktop or start menu.
Why does CIS V6 add the two lines to the protected files?
Are they necessary for prevention of malwares?
Nice nice nice..
Im using Comodo since version 3 and i like v6 a lot, all of it , especially the kiosk.
I use CIS firewall to block non VPN connections on an per application level pretty much as shown here http://www.bolehvpn.net/forum/index.php/topic,5798.msg32701.html
I have tried applying this to V.6 beta with no success, apart from the differences in the interface the settings seem the same.
Has anyone been able to block non VPN with V.6 beta and how,
I know this is a beta version but I imagine the firewall settings will be the same come final release.
Actually there seems no popups at all in version 6 except Elevated Privilege Rights i.e Unlimited Acccess Popup. I tested it a lot with default settings & no popups at all except Unlimited Access Popup, this is good especially for average users.
Thats what the beta is for, agreeing, disagreeing, suggesting, improving, etc....
Norton DNS blocks it or VT reports malware is not a sure sign anything is malware.
Have you ever tried submitting items to your favourite AV or security providers to verify if the item you think is safe but VT, etc... reports malware.
Just try it & you will be shocked & surprised.
Quite a few times you will see that the item is safe.
PUP, Commercial Keylogger, etc...., every security providers treats them their own way. That why at Virustotal you will see some detects them as PUP, some detects as trojan & some dont detects them. Any doubt just send them to your security provider to verify & you will know what & why.
I dont know if its the same test but I think its the same test i.e part 2 & the item in concerned is spy keylogger from soft spy.
I dont know if its a malware or not but I guess its a PUP as VT reports or a commercial keylogger & not actually a malware.
As far as Comodo, spy keylogger was not detected but it was not started automatically after restart so I guess it cant do any things.
But if anyone thinks it should be detected should submit it to Comodo with your comment.
How is compatability between the comodo virtualization ,and programs that interact with the browser such as password fillers,avs etc.?Sandboxie has a comapatability list for ease of use .Does comodo have or will have such a compatability list ,so that you can continually browse sandboxed with ease or is comodos virtulaizartion meant for short term browsing such as online banking transactions etc?
This is a good question to ask in Comodo's forums.
But no, it does not have a compatibility list, although you can select what kind of virtualization you wish to have more compatible settings.
Although I feel that testing an initial Beta of a security program may be unfair, I really wanted to check on thing out stat, and that is how CIS6 would deal with a type of malware that it had problems with in the past- ransomware encryptors (aka GpCode).
First off I tried to find a recent sample- to no avail. Fortunately I had a few samples from our Zoo. I picked one and ran it:
1). being an old sample, as soon as I ran the sample the AV popped up informing me that the sample was a trojan. Fine. So I then shut off the AV and ran the sample again:
2). On run, the Cloud scanner popped up telling me that the sample was a trojan. So it seems the cloud scan work with or without the actual AV activated. Fine. So I now (with the AV still deactivated) blocked all network activity. I reran the sample:
3). With CIS6 at default settings, files were encrypted- Fail.
4). Running the sample in Virtual Kiosk- Files were encrypted- Fail.
Am hoping that the former workaround can be included stock in subsequent betas.
(Note- this message has been posted earlier today on the CIS6 forum, with a link to the malware submitted for testing by the Mods)
Do the adjusted settings in v5.10 suggested by chiron not work in this version?
Sorry i havent tried the beta version.
Yes, you can repeat the fix that was done in version 5 in CIS6 (see exactly how at: https://forums.comodo.com/beta-corner-cis/malware-encrytors-redux-t87503.0.html), but I was hoping that this protection could be done stock.
However setting the sandbox to a higher level (my preferred is Untrusted) will stop the encryptor without any further messing around.
GUI is not polished. It,s a bit immature looking( rather a bit ugly).
There are more usability issues than previous version 5. More cumbersome to reach the advanced settings and to reply the pop up alerts. It is esp evident if you use it as a pure classical anti-executable HIPS only( no sandbox etc) with paranoid mode.
If you want to Block an action, you need two clicks for BLOCK, rather than one as in version 5.
Did not yet tried any dll exploit. Not sure if they have fixed it or not? Of course they never intended to fix gpcode like ransomware bypass.
On windows 8, I plan to add Sandboxie as there will be no GesWall available but seems they will not be compatible.
Im sticking with v5.10 for as long as i can to be honest.
The new version seems a bit more complicated to me although that is just my first initial impression.
Still it is a beta although i dont think the GUI will be changed.
Just started with the Beta a couple of days ago...really like some of the options. So far, no problems other than a learning curve for my lack of familiarity with Comodo.
Raider- You are in the best position to be. You have the same learning curve with the new interface as do the old hands, yet you are unburdened by any past prejudices.
Just remember to set the Defense Plus Behavior Blocker Auto-Sandbox setting to ANYTHING other than the default "Partially Limited" or "Blocked". You won't notice any difference, but malware will (as they will be stopped from messing with your system and assuredly giving you a migraine).
if you look this video start at 23:45. and keep looking all the time. untill 24:48
he did test Fake av, in sandbox, and i woundering if it did get true sandbox be he are fast to killing the process.
Another video just posted:
If only he had delete the quarantine files (yes its possible if he clicked the file and presses the reversed V button under in the screen en clicked delete) we had a better look at the real leftover's. But i think non of the lefovers where quarantined files in quarantine. Maybe there was ah malfunction and it did not quarantine the files when he pressed clean.
Definitely something wrong in the second part, no autosandbox alert?
Fake AV was there & other malware & no autosandbox alert was there but MBAM didn't showed any active malware?
thats problary why languy did stop the Fake av so fast in hes test :O
I'm getting the same impression. Unless they come up with some "slim" version(s), I just don't need all that bloat. There's no way that Kiosk can take the place of Sandboxie. The BB would just be overlap/bloat as well for me. Things seem unnecessarily complicated. And when I hear "hardly any popups", I think to myself, "hardly any protection", and envision a product catering to the masses instead of it's loyal fan base. I want to know what's happening on my box. I want those popups.
This is what they call "progress" these days.
I'm about to stop by the LooknStop forum and retract some previous statements... if this is the future of firewalling, I may be sticking with a legacy app myself for quite some time. Comodo 5.10 will become the new Kerio 2.whatever... book it.
Stop using word "bloat" if you clearly don't know what it even means. Sandbox is there, Virtual Kiosk is just an interface for it. Other than that it's basically exactly the same thing as CIS 5. Except that it protects from more malware with way less popups. Not to mention its lightyears faster than horribly slow CIS5 antivirus scanner.
I know settings look stupid with all the buttons for touch control but frankly you don't really need to fiddle with them. I've only disabled admin rights popup for installers and set i to Limited instead of Partially Limited. All known is allowed, all unknown is automatically sandboxed without a single question.
Can't get any easier than that and something i wanted to see in CIS5 but they never made it. Because of the way how simple it is now i'm thinking of migrating all systems to Comodo. It's realyl the only security program that actually reinforces the OS. I just wish they'd get some sort of HTTP scanner running or at least their Secure DNS more active to monitor the connections and network addresses to further aid the analysis of unknown stuff and its behavior.
Separate names with a comma.