Comodo Internet Security 6.xx Thread

Discussion in 'other anti-malware software' started by Mops21, Oct 10, 2012.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    In CIS 5 the autosandbox was a policy restriction but the on demand sandbox (right click run this program sandboxed) was a true isolation sandbox.

    In CIS 6 I don't know if now everything remains the same or the auto sandbox is also a full sandbox, and it includes kiosk (user friendly sandbox)
     
  2. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    Thanks guest,
    I could never get the sandbox element to work although i dont know if running a limited user account had anything to do with this.
    What im interested in at the moment is whether the avast issue has been resolved.
     
  3. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    I was talking about TVL too permissive.

    Kiosk is totally virtualized ?
     
  4. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    The TVL can be removed.:thumb:
     
  5. guest

    guest Guest

    Disable TVL: http://forums.comodo.com/defense-sa...-want-to-v5-t62567.0.html;msg441942#msg441942

    Yes totally virtualized
    http://forums.comodo.com/general-di.../sneak-peek-into-comodo-rd-labs-t84214.0.html

    I don't know if you have access to the cis beta forum but here you have all the details of the new sandbox in CIS 6
    https://forums.comodo.com/beta-corn...ing-updated-t87412.0.html;msg629600#msg629600

    By the way a developer has said that the issue discussed here was already fixed.
     
    Last edited by a moderator: Dec 5, 2012
  6. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    I personally commend you, Shaoran, for bringing this vulnerability to everyones attention instead of maybe using it for nefarious purposes... in the true spirit of ethical hacking. Comodo should PAY you for making their product better.

    And I agree with Kees. The thought of killing it with it's own installer brought a smile to my face as well.

    Thank you also for pointing out yet another good reason to just remove that trusted vendor list altogether. It's supposed to add "convenience", but I personally find gaping security holes decidedly inconvenient. To me that list defeats the entire purpose of having D+ to begin with.
     
  7. guest

    guest Guest

    As Shaoran said he does not discover vulnerabilities to report them, according to him he does not have time, but he can spend hours to find them, I guess he makes a different use of the bugs that he discover.

    The TVL has nothing to do with this, if you make trusted IE (without TVL) the effect is the same. But make an app trust does not mean that can do anything. The alternative use the paranoid mode.
    To allow that, you need to allow 3 warnings from IE, nothinig protects you against stupidity, if you uninstall comodo manually you are also unprotected and requires less clicks...
    Nothing can happens if the browser is sandboxed
    Only affects to IE
    If this is really possible the less important thing is that you can uninstall comodo.
    It has to be personalize for a CIS installation
    And a CIS developer says that this was already fixed, and they know about this and right now are working in CIS 6 beta

    http://forums.comodo.com/news-annou...st-a-script-t88594.0.html;msg639801#msg639801
     
    Last edited by a moderator: Dec 6, 2012
  8. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    Can't we modify rules in défense+ to avoïd too permissives rules ?
    Which differences between proactive and IS please ? I don't want paranoïd mode, i use securised mode.
     
  9. guest

    guest Guest

    Here are the differences explained
    http://help.comodo.com/topic-72-1-170-1704-comodo-preset-configurations.html
    I always use proactive, and IMO should be the default because the popups are also minimal.
     
  10. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    "Proactive Security" configuration is the most secure.
     
  11. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    Yep, but no more pop-ups than IS ?
     
  12. guest

    guest Guest

    Yes, but I think you won't notice the difference, or maybe yes but I mean does not end being annoying, It's not like the paranoid mode at all. And after a week or so like it happens with the IS preset CIS is almost silent.
     
  13. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    I'll give it a try. Thanks.
     
  14. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    I like the idea of lockdown mode in ExeRadar Pro. If I first run HIPS in "Safe" or "Clean PC" mode with checked "Create rules for safe applications". Then after routine using of all programs on the computer make HIPS in "Paranoid Mode", and check "Do NOT show popup alerts" and choose "Block requests". Will it be the same "lockdown mode" for CIS?
     
  15. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    I think you should also disable TVL and cloud lookup.
     
  16. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Thanx, that a good idea. Then what about disabling sandbox? In this "lockdown" mode it must be unnecessary.
     
  17. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,975
    Location:
    Boston, MA
    It's going to be as lockdown as it can get. I did this for a repeat client that kept bringing back his desktop infected. I ditched MSE and added CIS. I then placed it in proactive, set it to paranoid and switched off all alerts for D+ and the AV. It's automatically set to quarantine any threats and D+ is set to block and shouldn't make a peep. I'm hoping that will keep him out of trouble.
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    the AV. It's automatically set to quarantine any threats o_O
    danger for any false positive it can send legit files to quarentineo_O
     
  19. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Better to quarantine than to delete.
    You can restore it after confirmed to be FP.
    If you want AV popup, just uncheck "Do not show..." option in AV scanner settings.
     
  20. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,975
    Location:
    Boston, MA
    I haven't had many false positives with the AV so I'm not worried. Worse case is that it holds a system file ransom.
     
  21. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,975
    Location:
    Boston, MA
    Yeah that's the way I feel about it siketa. I'd rather not have this guy seeing any pop ups and just have him wondering why he can't run something. He's the type of client that clicks on every email link, pop up on a porn site. I'm hoping that CIS works out for him. I don't mind charging him every time he brings his machine to me but it takes a while to clean. Twice in one week is too much.
     
  22. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    What a pathetic beta test from COMODO. First they mess up BETA2 to an extent that it's unusable, they remove the download link, they don't provide any updated beta and they don't say a word about it for 2 weeks now. Thats not how you do beta testing for crying out loud. And whats even worse, stupid mods keep on "calming us down" with words that Comodo is doing everything and that they care. How can you possibly know that if they (the devs) haven't commented anything for 2 weeks!? If they'd care even a bit, someone from devs would take 10 seconds of his time and post what the hell is going on. But if you can't take 10 seconds to do that, then you just plain don't care about the entire beta test, the program that you're making or the users who are taking their own time to test your software.

    And whats even funny, well it actually borders to sad but oh well, instead of mods taking an initiative to call for devs attention, they instead want to make you look like you're the only annoying idiotic user who wants some answers after 2 weeks of ~Phrase removed~ silence. Apparently they still don't get it that doing so is not helping anyone. But they seem to know it better than me because they have the "Moderator" badge. Heh, fools...
     
    Last edited by a moderator: Dec 16, 2012
  23. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,284
    Location:
    Hollow Earth - Telos
    That will Teach Them
     
  24. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    No it won't. Because it's the same every single time i get back to them.
     
  25. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Yes, I saw you where questioning why on EARTH it no UP, and they were going to do "disciplinary action". But you are speaking for the hundreds :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.