Serious Discussion Comodo Internet Security 2024 Beta is now available

[Pico]

.I think the event is that they are not organized enough, they cannot manage the process well.look at the forum section, one person is trying to answer dozens of people and is inadequate.pity.

The person answering dozens of CIS users on Comodo Forum regarding CIS 2024 Beta issues was pretending being Comodo/Xcitium staff...
He got banned...

This user is suspended until Sep 1, 2023 2:00 pm.
Reason: Impersonating Comodo/Xcitium Staff

Hilarious

 

[vaccineboy]

The person answering dozens of CIS users on Comodo Forum regarding CIS 2024 Beta issues was pretending being Comodo/Xcitium staff...
He got banned...

This user is suspended until Sep 1, 2023 2:00 pm.
Reason: Impersonating Comodo/Xcitium Staff

Hilarious

Just another day in the dysfunctional land of Comodo.
So when he said Comodo is aware of the bug and is fixing it, apparently Comodo is not aware and not fixing. Thanks for keeping the hope high.

 

[Chuck57]

Just another day in the dysfunctional land of Comodo.
So when he said Comodo is aware of the bug and is fixing it, apparently Comodo is not aware and not fixing. Thanks for keeping the hope high.

LOL...... I was basing my assumptions of bug fixes on his comments, starting from the day the beta was released. Took them long enough to catch him. They must not check their forum very often.

 

[simmerskool]

LOL...... I was basing my assumptions of bug fixes on his comments from the day the beta was released. Took them long enough to catch him. They must not check their forum very often.

...that's why when @Decopi suggested I go read the comodo forum, I didn't! (no offense intended) meanwhile CF 2024 beta running ok here on VM no obvious bugs... is it safe?

 

[Jonny Quest]

The person answering dozens of CIS users on Comodo Forum regarding CIS 2024 Beta issues was pretending being Comodo/Xcitium staff...
He got banned...

This user is suspended until Sep 1, 2023 2:00 pm.
Reason: Impersonating Comodo/Xcitium Staff

Hilarious

They must be hard up for help over there, only suspending them for ~2 weeks. IMO, it probably should have been a Ban.

 

[simmerskool]

quick comment re CF beta: I see the CF firewall blocked some microsoft exe, eg smartscreen.exe I did not get any notification of that firewall block, perhaps due to @cruelsister's settings, or perhaps default not to alert user to that? That is something I would have wanted to know without having to go searching for it. So is that an anomaly, buggy, or bug???

 

[simmerskool]

quick question: what's the recommended usage of "Run Virtual Applications" -- I vaguely recall not really necessary with @cruelsister settings, most obvious comes to mind would be to use for browsers? there's some sandboxing with chromium browsers... I've always run CF with cruelsister config -- set it and forget it mentality.

 

[ForgottenSeer 100397]

quick comment re CF beta: I see the CF firewall blocked some microsoft exe, eg smartscreen.exe I did not get any notification of that firewall block, perhaps due to @cruelsister's settings, or perhaps default not to alert user to that? That is something I would have wanted to know without having to go searching for it. So is that an anomaly, buggy, or bug???

Are you referring to the "Blocked Applications" section? Sometimes it includes trusted apps. You can search for the blocked app in the File List under Settings. I have smartscreen.exe on the list with trusted status.

 

[Zappathustra]

Is it stable enough for a production system? Is there any tweak necessary for protection (aka Cruelsister's settings)?

No and Yes.

 

[ForgottenSeer 100397]

quick question: what's the recommended usage of "Run Virtual Applications" -- I vaguely recall not really necessary with @cruelsister settings, most obvious comes to mind would be to use for browsers? there's some sandboxing with chromium browsers... I've always run CF with cruelsister config -- set it and forget it mentality.

I stick to the default setting of "Run Virtually" and haven’t felt the need to limit the containment as suggested by @cruelsister. The default had a small problem that was fixed. For instance, ransomware could leave a ransom note on the desktop. The "Run Virtually" function is fully virtual, and the optional levels impose the chosen restrictions on the contained apps.

 

[simmerskool]

Are you referring to the "Blocked Applications" section? Sometimes it includes trusted apps. You can search for the blocked app in the File List under Settings. I have smartscreen.exe on the list with trusted status.

yes, correct. It is/was curious to me that smartscreen.exe would be in CF list of Blocked apps, and yes I had already changed it to trusted along with a few others I double checked.

 

[Nightwalker]

quick question: what's the recommended usage of "Run Virtual Applications" -- I vaguely recall not really necessary with @cruelsister settings, most obvious comes to mind would be to use for browsers? there's some sandboxing with chromium browsers... I've always run CF with cruelsister config -- set it and forget it mentality.

I noticed that when I used Comodo with CF settings some years ago, never understood why.

 

[ErzCrz]

Setting as Restricted blocks network connection and more secure which is why CG sets run virutally as Restricted.

Smartscreen etc are HTTPS blocks and something that has been an issue with use on Win11. You can create outbound TCP to port 443 rules for these applications. I have mentioned it as something they need to fix as the HTTPS preset in CF is only UDP so you can just amend that preset to UDP or TCP.

Not currently running CF but I did some tweaking with it recently.

• Run Virtually - The application will be run in a virtual environment completely isolated from your operating system and files on the rest of your computer.

• Run Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications, like computer games, may not work properly under this setting.
• Block - The application is not allowed to run at all.

 

[Pico]

Setting as Restricted blocks network connection and more secure which is why CG sets run virutally as Restricted.

Smartscreen etc are HTTPS blocks and something that has been an issue with use on Win11. You can create outbound TCP to port 443 rules for these applications. I have mentioned it as something they need to fix as the HTTPS preset in CF is only UDP so you can just amend that preset to UDP or TCP.

Not currently running CF but I did some tweaking with it recently.

• Run Virtually - The application will be run in a virtual environment completely isolated from your operating system and files on the rest of your computer.
• Run Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications, like computer games, may not work properly under this setting.
• Block - The application is not allowed to run at all.

Why would one ever need or have to use 'Run Restricted' for apps running in a Containment???
The apps run in containment what's the point?
Can they escape from Containment somehow when use 'Run Virtually''?

 

[ErzCrz]

Why would one ever need or have to use 'Run Restricted' for apps running in a Containment???
The apps run in containment what's the point?
Can they escape from Containment somehow when use 'Run Virtually''?

I think @cruelsister mentioned it in one of her videos some years ago but can't recall which. Often the default suggested option is to run a program partially limited and then you have to deal with firewall prompts. Setting the default containment to Restricted makes things simpler but if you want to just deal with the containment prompts, that's fine. the CS approach is simple bulletproof configuration.

The default it Partially limited and less secure as I've mentioned but choice is yours.

• Partially Limited - The application is allowed to access all operating system files and resources like the clipboard. Modification of protected files/registry keys is not allowed. Privileged operations like loading drivers or debugging other applications are also not allowed. (Default)

• Limited - Only selected operating system resources can be accessed by the application. The application is not allowed to execute more than 10 processes at a time and is run without Administrator account privileges.
• Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications, like computer games, may not work properly under this setting.

• Untrusted - The application is not allowed to access any operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications that require user interaction may not work properly under this setting.

 

[simmerskool]

Why would one ever need or have to use 'Run Restricted' for apps running in a Containment???
The apps run in containment what's the point?
Can they escape from Containment somehow when use 'Run Virtually''?

sure, and ideally if "run restricted" is the selected setting then a good coder might nullify (gray out) Run Virtual Applications.

 

[simmerskool]

I think @cruelsister mentioned it in one of her videos some years ago but can't recall which. Often the default suggested option is to run a program partially limited and then you have to deal with firewall prompts. Setting the default containment to Restricted makes things simpler but if you want to just deal with the containment prompts, that's fine. the CS approach is simple bulletproof configuration.

The default it Partially limited and less secure as I've mentioned but choice is yours.

sounds like my memory too although mine is (was) a tad more faded.

 

[simmerskool]

Please, allow me to disagree here.

which is better... it depends. I appreciate that Comodo corporation publishes "official" announcements on its forum (or website); however, I find I get good info here regarding CF and other computer related topics too.

 

[ForgottenSeer 100397]

The “Restricted” level probably doesn’t block connections or suspend firewall prompts. The help files don’t mention it either. @cruelsister posted a video of CFW Beta 2024. The test has firewall prompts for powershell.exe, svhost.exe, and coinminer.exe with containment set to restricted.

 

[Pico]

When apps run contained they can perform read operations from the host (like read access to file system and resources) but they cannot perform permanent write operations to the host as these write operations are isolated from the host.
In other words, contained apps can never make permanent changes on the host and as long as contained apps cannot call home (FW set to block inbound and block outbound connections for all contained apps) than I still don't see the need why using 'Run Restricted' or any other limiting setting.

What am I missing in using these limiting settings?