Discussion in 'other anti-virus software' started by LagerX, Jan 27, 2014.
i second that
I believe if you set Comodo firewall to not notify a blocked alert event, applications that have been sandboxed automatically have their internet connections blocked. So even if a keylogger recorded keystrokes it will not be allowed to send them while contained in the sandbox. Please someone correct me if im wrong.
I downloaded the installer again from the Comodo site and this time have the 4115 build - I must have grabbed a mislabeled installer from a third party site. It works fine (the 4101 build worked fine too ) They're still not offering 4115 through the internal updater.
These guys need to learn to upgrade their own product. I had CIS 6 and my upgrade to CIS 7 was like this:
- execute installer;
- need to reboot;
- I do a reboot;
- after restart there's no CIS 7 in my PC; (??)
- I say: oh well, I can do with Windows firewall after all;
- next time I open my PC Comodo is getting installed; ()
- need to reboot;
- I do a reboot;
- I get CIS 7 with none of my old rules; (nothing new here)
I'm confused, sandbox and virtual desktop seems to share the limitations, do they also share what apps within it see from eachother? Or is every app within Virtual Desktop isolated from all others also within Virtual Desktop/Sandbox?
If while using Version 6.XX, did you ever export your configuration settings? If you did, and assuming the export reflects most or all of your Version 6 settings that existed at time of switching to Version7, there still is a quick and painless upgrade that can be made. However, if you DID NOT do an export of settings in Veresion 6, then disregard the rest of this post.
I don't know if you attempted to upgrade 6 to 7 or uninstalled 6 before installing 7; but based on your comments above, it would seem that whichever method you used, CIS is now uninstalled from your system.
1. Install Version 7
2. Allow Comodo to update the AV database and run a quick scan.
3. Once "Quick Scan" has completed, select "Close" on the scan window.
4. Dont't reboot when prompted, but rather chose postpone to the default 30-minute value.
5. Now, from Comodo's main screen, choose "Tasks" > Advanced Tasks > Open Advanced Settings.
6. Choose "Configuration" on left-hand pane.
7. Right-click anywhere in the right hand pane and choose "Import" (Comodo will take you to your Documents folder where you will select the settings file you created back with Version 6. The file has a extension of .cfgx. Select "Open" and the file will be imported into CIS. You will be asked to create a file name for the file being imported. You will get a confirmation message that this was successfully completed.
8. Now highlight the file you just imported, right click the file and select "Activate". Once completed. CIS 7 will now have all your Version 6 settings installed.
If you had a Version 6 configuration file, this process will have you up and running in just a few minutes. Good luck. -SA Jack
That's true for Windows 7, but not for Windows 8
I know all of that because I do back up my configuration for later use. I do this with all programs I use and have a back up function. I wonder how can someone trust this company on security issues when they can't update their software seamless from a version to another. Their update process is worse than Windows Update.
Sorry...I don't use Win8.
Currently the update has been announced on the forums. And the discussion surrounding the release notification recommends uninstalling Version 6 and doing a clean install of Version 7. There was limited mention that it seemed to update OK, but warned of possible problems. Also, it is expected to be available as an update within a short period of time. So when I updated, I felt I was sufficiently forewarned about best practice. I also decided about updating a saved configuration after seeing the users were doing that and everything was working OK. I hated having to do a complete configuration when Version 6 came out, so updating the configuration was a very easy and viable solution.
Not so sure about it. Im afraid ill have problems, just like i had with BD.
Hi, what will be the best setting for autosandbox for a dummy user? Partially limited or fully virtualized?
Any experiences? Thanks
Uninstalled CIS.It was bogging my system quite a lot.It was a good deal heavier when I used my system.Not memory but it was slowing stuff down.
I dont know if it was their AV component or what because it was using the CPU constantly when I downloaded something.
Although I still of the opinion that COMODO v7 is a great success and with a few more program updates it will again become light.They still have some issues to be resolved with the UI and performance.UI lags sometimes dont know why.
They obviously rushed with the beta.I will leave it alone for a while until some fixes are released and everything is green again.But I must say for comodo.
Solution I once cooked up for a trouble some internet surfer (and a dummy user)
a) exclude user area's from sandboxing (so every data is written to real system)
b) run all untrusted as fully virtualized
c) add D+ custom rule to run user area's (folders) as partially limited
Those are no settings for a dummy user. It's best to leave it at default settings in that case imo.
Personally for a "dummy user" i would suggest fully virtualized, provided the trusted vendors is used. That way the user will know if its definitely sus and is automatically isolated without an option to deny or allow. As opposed to dealing with partially limited or other settings where the wrong response to an alert could lead to an infection. Comodo knows if something sus given its vast trusted vendors, let alone their cloud lookup.
I would agree with the use of the Full V setting. At settings other than this assorted junkware, not specifically designated as malicious by Comodo (or anyone else) will install on the system even if these things are unknown. With Full V as was stated above by TS4H. these things will also install, but only virtually- a sandbox purge or reboot will get rid of them totally.
Another reason (and I'll let you decide on the significance) is that malware files are often just the carriers of infection. When run they will create the actual payload files (spawned daughters) in places like Roaming. Although a sandbox setting like Untrusted will prevent the malicious activity of the daughters they mostly still sit inert on the hard drive. Without anything to call them up they aren't any threat but they still remain (and if run directly by the user they will be just sandboxed again). The Full V setting prevents this untidiness by once again allowing the spawned daughter to deposit themselves to their malicious hearts content but in virtual Roaming, from where they can be obliterated.
Hope I didn't confuse the issue.
(You can bring the Reset Sandbox function up to the main GUI quite easily and I strongly suggest doing this no matter which sandbox level you decide on)
I like Blocked setting even more.
Fully Virtualized is not an option for newbs because it can mess things up badly.
I've never found Full V to be any issue at all. Yes, if a malware file is run it will show up on the system (for example if a ransomware file is run the Ransom message will appear instead of being suppressed with, say, Untrusted); although this may be scary, a simple reset of the sandbox makes it vanish, which is kind of a kick.
And a sandbox message will always appear just like all the other settings so nothing is being done by surprise.
Sis I think Rejzor is referring to actual legit files. If an legit file isn't allowed to run for some reason could cause some issue.
That's what I thought also, but consider that if the user installs something that is safe but unknown no matter what sandbox setting is used that installation will present the user with the same popup with the Default action of sandboxing. With all non-Full V settings it may or may not install at all; with Full V it will install and one can see what the program is about then decide to kill it or keep it.
But either way the user is given a choice to believe Comodo or not regarding unknown applications. Also I've yet to have Full V do any damage whatsoever and as I'm sure you know, KJ, it's not been from the lack of trying.
Yes I'm very much aware and try you do. I think that the whole Full V is lost on some people. These folks wouldn't be able to figure out what was going on and get frustrated. Of course most users here would be able to figure it out. I think Rej was referring to less informed users.
I remember there were some problems with Windows Update and Full V before...
Thanks for the feedback.
Btw, for some reason I still feel more comfortable with Sandboxie, when it comes to sandboxing, but I suppose the sandbox in CIS is just as safe and powerful.
I think I have the same problem, looks like a bug.