Comodo Internet Security Premium V4.1 Preview

Discussion in 'other anti-malware software' started by Brocke, May 31, 2010.

Thread Status:
Not open for further replies.
  1. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    225
    Location:
    Romania
    I'm perfect fine with 4.1.
    I want a game mode and as Brocke said more info in main screen instead Tip of the day and Highlights.
     
  2. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,106
    Location:
    Europe, UE citizen
    I do so to have a second av for an on-demand scan, as J_L said.
     
  3. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    2,151
    yes i mean having another AV never hurts
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    4.1 is a satisfactory update personally. Never chose to install toolbars and the like, so that didn't make much of a difference for me. Do like the new SandBox options in alerts though.

    What's missing is a way to show sandboxed processes, which is essential imo, especially since most programs are sandboxed when you first run them and the notification can be a bit slow.
    Actually, can you configure it to prompt you before sandboxing? Will that lower the security? (excl. user mistake)
     
  5. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,106
    Location:
    Europe, UE citizen
    Off Topic: Suggestion to Admin and Mods: :D :D

    Why not create a virtual thread, encrypted, where CIS haters can to attack, to criticize and to tell all the tales and the fables they want, like a real sandbox ? :D :D

    Please, today is Sunday, I'm joking. :)

     
  6. ratwing

    ratwing Guest

    blacknight:


    Good idea!! or maybe a create a COMODO FORUM!!

    A place where the faithful could fellowship,socialize,sip the wonderful cool-aid,and bask in the effulgence that is Guru Melih.

    I mean there has to be a reason you guys are trying to figure out this CIS albatross here,rather than on Comodo forums.

    Could it be that even you, get a little tired the fanaticism,and slogan chanting?

    Oh,and by the way,"a real sandbox" is one concept, it is clear, Comodo will never understand.
     
    Last edited by a moderator: Jun 6, 2010
  7. ace55

    ace55 Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    91
    I don't understand why a "game mode" is such an oft requested feature. Frankly, if you're finding yourself wanting to ignore alerts, you're doing it wrong. You should only see alerts when you have just installed an application or in the event of comodo catching an attack in progress. Either way, the situation warrants your attention.

    Am I missing something?
     
  8. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    225
    Location:
    Romania
    You didn't try a game with CIS running don't you? :)
    When you first launch a game you don't receive nothing just a black screen. The only way to get rid off that black screen is to reset your rig.
    But if you put D+ in Training mode before launching game everything is fine, after 2-3 minutes playing the game you can put D+ back on your security mode without problems and game will launch perfect afterward.
    Usually I do that D+ "trick" but sometimes I forget and I end with a hard reset that's why I want a Gaming mode (BTW gaming mode is on the way but I don't know when).
    Outpost have it so I want it on CIS too. ;)
     
  9. ace55

    ace55 Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    91
    I do game quite often and never close CIS. I am all too familiar with the black screen and it caused me no end of frustration when I was new to the program!

    All you have to do to prevent this black screen, however, is create a predefined rule allowing an interprocess memory access to c:/windows/system32/csrss.exe and apply that rule to every fullscreen game before you launch it. You have to open the CIS UI, add a new application to Defense+ manually, and then apply this predefined rule to it. A little extra work, yes... However it is worth it to not have the gaping holes in your security left by training mode. Take a look at your rules sometime, I guarantee you you will be alarmed. If I recall correctly, Training Mode will allow all interprocess memory accesses because the game requires one to csrss.exe. This is a HUGE hole in your HIPS, as the game you are running could potentially execute code in a remote thread in another process (say, something you have set as a Windows System Application) thus completely bypassing any restrictions on itself. I never use Training Mode - its just not granular enough for me. Also, csrss.exe requires no rules itself, at least in the proactive configuration, so allowing this memory access does not create a significant hole in your ruleset! I cannot remember if csrss.exe is marked as a windows system application by default... If it is, I removed this rule and never saw a single prompt for it. I run in paranoid mode too, so there is no chance that CIS is trusting csrss and blindly allowing all its actions.

    It seems that we have different interpretations of the phrase 'game mode'. I blame Zone Alarm for mine. I think it means alert suppression so you aren't distracted or tabbed out while gaming. You seem to just want a solution to the black screen problem. A game mode per se seems unnecessary to me, given the solution above. What does Outpost have? I briefly tried their product, but must have overlooked this option.

    I do think that newer users should be spared the inevitable black screen when they first launch a game and the temptation to use training mode. It would be easiest if Comodo simply modified the default configuration to allow all applications to access csrss.exe in memory. In fact, you should probably do this instead of my suggestion above. There is an all applications rule under Computer Security Policy which you can modify. If you add the interprocess memory access to csrss.exe here, it will globally allow it for all applications. This saves you a fair bit of tedium, although I still prefer to only allow csrss.exe access in applications that actually need it. Whatever you feel comfortable with.

    Now that I think of it, perhaps I should post this over on the Comodo forums. This does seem like a good change to the ruleset and, if I recall correctly, a sticky there was recommending full blown training mode for all games to get around this problem. For shame!
     
  10. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    225
    Location:
    Romania
    Yep, a little extra work for nothing. :)
    It's a game, is trusted so I don't need to manually configure it.
    I dunno what gaping holes I can have for 2 minutes of Training Mode until game is properly seen by D+. :doubt:
    TBH I'm not paranoiac about my computer security.

    It is in default group Windows System Applications
    csrss.png

    Outpost asks me if I want to enter in Entertainment Mode
    Yep, that's all I want, a rule for games to run from the first time I launch them without me making manually rules for them. :)

    But I'll try your suggestion about allow all applications to access csrss.exe in memory. Thanks for idea. :thumb:
     
  11. ace55

    ace55 Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    91
    Yeah, the game is trusted, but if its an online game its net-facing and thus handling untrusted input. The gaping hole doesn't come from the 2 minutes in training mode but from the misconfigured rules that result. If there ever was an itw exploit exploiting games, they would probably just use the old download and execute shellcode, so you'd be protected anyway, as training mode acts properly on that parameter. It just depends how paranoid you want to get if this concerns you or not! :)

    Thanks, that is very interesting. Perhaps it is necessary on 32 bit but not 64, or maybe just a less than ideal configuration by Comodo.

    Ahh, so this is the Game Mode I am used to. Does Outpost have the black screen problem as well? If not, perhaps this game mode also allows the interprocess memory access to csrss.exe on the fly if it detects an application is going fullscreen. Interesting.

    You are very welcome. :)
     
  12. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,785
    It's nice, but well known, safe programs still cause too many pop-ups. Also, I would like a skin that has version 3s color scheme, which was way better than the all too common, boring red one they use now.
     
  13. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    225
    Location:
    Romania
    Nope, games runs fine from first launch.
    Now I put that rule in All applications but I don't have any game installed ATM. I'll keep an eye on first game launched to see what's happening. :)
    Choose one. ;)
     
  14. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,785
  15. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,292
    Location:
    USA,IA
    i used to have secunia psi installed on a win7 32bit computer and well CIS says the PSI.exe needs to be sandboxed. well ive uninstalled it and when you clean the path link it even says it cant find it.

    why in earth if its not even installed why is it asking to sandbox? there are no registry keys or left over. i even used revo uninstaller to remove it. no go.

    any ideas?


    thanks
    Brock
     
  16. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    976
    You can use standard windows xp theme files (*.msstyle) as Comodo themes.
     
  17. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    just one quicky... I am not at the moment near my VM where testing CIS and would like to know does adobe reader runs fine in CIS sandbox? Iam not interested in printing from sandboxed reader just viewing simple pdfs (maybe few pictures in it and text) from web browser and off line
     
  18. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    976
    You still can't manually sandbox an application from a shortcut. You have to right-click directly on the executable. You also can't sandbox an app by right-clicking and sandboxing an associated file.
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    will the sandbox work if i only install the antivirus with D+?thanks
     
  20. arjunned

    arjunned Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    191
    Yes. :)
    The Sandbox component is on by default. You can Disable/Enable whenever thru the CIS tray icon.
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    thanks:)
     
  22. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,579
    Location:
    Romania
    Yesterday happened a very frustrating thing.While i was creating rules for programs i started Wondershare Photo Story,two pop ups from Comodo came.One from D+,the other from sanbox.By mistake,i hit block in the D+ window and allow in the sandbox's one.Now,the big problem is that the program wouldn't start at all.I've searched it in My pending files,in My blocked files,nothing.I've deleted the file from My own safe file(from an odd reason it was there),and i tried again.Nothing.The program was still blocked.I've decided to uninstall and the reinstall the program.Done.Start the program,D+ pop up,allow it,sandbox pop up,allow,and the program is still blocked although it appear again in My own safe files.What the heck? o_O o_O
     
    Last edited: Jun 9, 2010
  23. guest

    guest Guest

    Check if in the Computer security policy the program is blocked, and then remove the rule (or modify it) and try again
    Defense+ -> Advanced -> Computer security policy
     
  24. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,579
    Location:
    Romania
    It was there.Damn,i missed that part.:D Thanks.:thumb:
     
  25. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,257
    Location:
    New England
    Since 4.1 is no longer just a "preview" and it looks like a second 4.1 version has just been released, let's close this thread and move into the new one:

    CIS v 4.1.150349.920 Released
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.