What on earth has happened to viable HIPS software availability?

The current ver. of it in EAM/EIS is quite good. Emsisoft has tied it in with a very aggressive reputational scanner. If there is any doubt about the process, a hook will be set in the process and the behavior blocker will start monitoring it. If there is any weakness, it is hook based monitoring and recent malware have been going after those to disable them. I believe SpyShelter is also hook based?

 

Yes, from what I've seen it seems to be a quite good HIPS/BB, but I prefer a standalone HIPS. I'm not sure how SS works, it doesn't seem to be using any user mode hooking, all of the monitoring is done with the driver.

 

if i had to chose between SpS and Comodo , i will go comodo despite all the bugs it has...but for you @Rasheed187 SpS will be the best choice, it process logging seems to be the best among "home user" products.

 

I like to add my two-cents that with occasional experience from running Comodo I too like it's approach and the HIPS of it I can't complain so mush but always seem to run into that age old problem with it of just being a bit too heavy to suit. I could be wrong about it now, I dunno, but after several tries with it over the years I haven't dismissed it completely (yet) but I also am not as sold on it yet as I might like to be.

What are some the Cons of Comodo that keep some peeps away from it?

 

I don't know Comodo but I did know Kevin ( BoClean). And so after they scarfed up Kevin and they had a spat I would never touch Comodo again.

 

1- Recurrent never fixed reported Bugs (like the "rules disappearance", etc...)
2- The not so effective features (aka bloat) added at each new big versions (geekbuddy, shopping feature, "Trustconnect" thingy, etc...)
3- The fancy CEO's claims and its fanboys attitude.

 

Yup, in other words all of same old gripes that still after all these years remain the same.

That pretty much sums it up. For me that BLOAT alone was always a deal-breaker and now with much better options available it's a no brainer to choose ever more wisely. right?

 

Exact; there is no chances that Comodo will ever go back to my main machine.

 

Me too. Cis Defense+ is almost the only one classical HIPS remained: it's strong and enough granular, and the one real bugs that I experimented in these years are sometimes updating to a new version alone uninstalling the previous. It's actually powerfull if you use it alone the sandbox: we talked about it here in Wilders some time ago.

 

So I just for the first time by the way watched cruelsister's test of that particular Comodo FW and it's handling of the Mr Crypto's various types of variety in what it is fashioned for and if it's any indication of how effective Comodo D+ must be, isn't it a worthwhile program after all?

Am I missing something? Her results on video and the making of some adjustments by her while the crapware attempted it's intrusion stages, seem to beat back each forced attempt for it to find some channel to press ahead but was met with an inert and neutralized code path which failed.

Correct me if I missing something but I haven't bothered with Comodo for quite some time but now I am myself interested in putting it through some similar paces to see if what I seen in the video is every bit a show stopper for those baddies as evident what the result ended up being.

 

nowadays comodo strength is about the auto sandbox rather than the hips.
if you want something not as bloated as comodo internet security (or comodo firewall), they also offer comodo cloud av (full cloud realtime av + auto sandbox + viruscope)

 

Another problem is the whitelisting of potential malware.

https://malwaretips.com/threads/malware-bypass-comodo-firewall-cs-settings.70965/

luckily , i found out the issue quite fast , a whitelisted item bypasses all comodo protections unless the HIPS is set on Paranoid or the cloud lookup is disabled.

 

It's the configuration I always used CIS.

 

t

Against my better judgment maybe but I installed the same build as cruelsister points out in her YT tests and am going to see how far I can get this time without becoming frustrated.

A lot of important settings will I need to be sure are set properly but I am on first run of things and seem to be getting the configuration one by one put together without hassle.

I already like the fact that the HIPS is going to work popping up and giving me choice to establish first series of rules etc.

Damn I missed HIPS badly, this is bringing it all back again. Hah ha, ERP is doing just fine together with it too so far.

 

Well that didn't take too long.

It affected a log in site I always go to and when typing in username and PW it totally lost focus.

I need to set time aside to get to try this out away from the production machine.

Oh well, so much for the brief trip down memory lane anyway.

I am a HIPS fanatic so will have to play with this one again

Now I know why Pete is so adamant with the simples like Appguard and Excubits combos etc.

 

it looks like a human mistake on valkyrie

on VS comodo AV got it

**VT results removed as per Wilders TOS
https://www.wilderssecurity.com/thr...otti-virus-total-results.180057/#post-1040840

 

So do i

 

Yes, after Geek Buddy I lost trust in them. And my system always started to act weirdly when Comodo was installed, plus in order to make the HIPS shut up, you will have to trust almost everything on the system, which is way too risky.

Did she test the sandbox or the HIPS? Because Sandboxie will also block all ransomware.

 

Man am I behind times. She has a series of some vids to check out on safety apps but here is the one in question.

It was the one I was most interested in lately due to ransomware on the loose and some curiosity is Comodo was up to task or not.

https://www.youtube.com/watch?v=TCOJ1W5GEDo

 

I noticed she didn't enable HIPS

 

She can better explain the reasons on that but what's interesting to me is that she run RESTRICTED compared to a different tester who ran VIRTUALIZED but both seemed to do ok on trapping the offending potential changes of nasty Ransomware variants.

Sorry that I am much too green with the CFW HIPS right now and is why i'm determined more than ever now to set up a dedicated HD just for this HIPS and stop taking chances on my production machine with it.

It's highly likely I didn't have it configured right anyway to run as expected anyhow.

 

With my settings when i used Comodo in paranoid mode , i installed it after a clean install of the OS , cleared totally the Trusted Vendor List , then whitelisted all running processes and my hardware vendors. later, i added my softwares vendors.

@cruelsister settings is all about the sandbox used as main protection , she disable the HIPS , because she doesn't like it.
But the HIPS is never really disabled, just silenced unless the other modules can't rate the file , my test & explanation here : https://malwaretips.com/threads/com...andbox-bb-hips-interaction-explanation.11819/

The Run Virtually Action of the Auto-Sandbox is the exact same thing as the Run Restricted Action with a slight difference: Run Restricted = Run Virtually+ Restriction Level (possible restriction levels: "Partially Limited", "Limited", "Untrusted", "Restricted"). This means that the Run Restricted Action is actually a part of Run Virtually, and it exists only as a quick option (shortcut) to set the Sandbox to both virtualize and restrict specific actions of an item. Users can disable the restriction using Run Virtually whereas with Run Restricted it cannot be disabled

 

https://malwaretips.com/threads/malware-bypass-comodo-firewall-cs-settings.70965/

 

i know very well , i pinpointed the cause which the tester wasn't fully aware due to his inexperience with Comodo but at least, he discovered this vulnerability, which is a good thing.

And from Comodo mods, it wasn't the first time.

 

@guest has the settings down that's for sure. Took some tips and had another crack at it. Why?

Because HIPS are so telling (details) as well as rule setting (locking down with or w/o alerts. I tend to favor a chatty one. They can be made -Silent too.

In my brief run around with CFW only, I like the firewall best because all the other aside from maybe (HIPS/Sandbox) exhibits way to much weight.

IF that program was as paper thin and light as EQSecure was in it's hey day, it would be a no brainer to stick it in with the rest of my security mess, but............no can do As-Is.

I know plenty like it just as it is while it goes from one to the next release and all, but I quickly realized that I am strictly a streamline and lightweight typeee!

Suppose it depends on what runs best and stands up best with your current machine's energy level.