How should I properly configure Comodo

Hello All.

I am looking for answers on how to properly configure Comodo to guard against malware like keyloggers that try to phone home. I am running Windows XP SP3.
Can a malware like a keylogger for example inject code into firefox's address space and attempt to call home using Firefox's credentials ? Is this possible then should I configure Firefox so that I am prompted for internet access ?

Thanks in advance

Victor

 

I think Comodo will block most operations of that type by default, but you can enhance the protection by enabling options in the Protection Settings dialog of the Application System Activity Control dialog of Defense+ for Firefox.

You will want to enable Interprocess Memory Access , Windows/WinEvent Hooks, and Windows Messages either in the custom settings, or, if you run it using a predefined policy such as Limited or Isolated, you will have to edit the predefined policy. Setting the Windows Messages option active may block web pages being opened from other programs (eg. Windows Mail) if Firefox is the default browser so you will have to set exceptions (add with Modify... dialog). I don't use Learning Mode but this may be a good candidate to set it up so your common browser activities work.

 

I thiink even on default settings( default settings are a bit liberal), CFP will detect execution of keylogger and then any code injection into firefox, so you don,t need to worry.

 

So many options we can't even list them
Yeah, as people said usually by default you should be pretty much protected.

Remember to right click the tray icon and select protection mode to Proactive

 

Thanks for all comments and replies. Much appreciated. Victor.

 

Thanks for the reply. Most of the above settings were already enabled by default. Victor.

 

Do you mean the settings in this window?



Protection Settings - Protection Settings determine how protected the application or file group in your policy is against activities by other processes. These protections are called 'Protection Types'.

I'm using v4 beta and they're all set to inactive by default (I am in Proactive mode). In the Access Rights dialog, they are set to Ask like the rest of the settings.