Author Topic: Please feel free to ask any questions to learn all about Computer Security.  (Read 171166 times)

Offline Lasse88

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 441
In Comodo Firewall Pro V3 there is "HIPS"

But i allready have "HIPS" in my antispyware program (SpywareTerminator)

So does it make any difference if i use the HIPS in the firewall, or the HIPS in my antispyware.?

and if it does make a difference, i would like to know why.
"Wise men speak because they have something to say; Fools because they have to say something." - Plato
"It is better not to speak and be thought a fool, then to open your mouth and remove all doubt." - Mark Twain
"I Reject your reality and substitute my own" - Adam Savage (Mythbusters)

Offline Little Mac

  • Forum Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6303
  • The Colonel told me to.
Here's the difference:  ST's HIPS is an application-based HIPS.  You set the level of intervention you want ST to take (which defines which file extensions it will trigger on), then for every instance, it will give you a popup when a file tries to run.  Obviously, you can tell it not to bother you on each one, for the future.  But you, the user, are still the one with the finger on the trigger.  You have to decide whether d3dim700.dll is safe or not...

The v3 HIPS is more an application/safelist-based HIPS.  Its encrypted safelist contains more than 300,000 applications, and is growing every day.  If an item is on the safelist (ie, it has an exact cryptographic match) it will be approved automatically.  If it is not on the safelist (or doesn't have an exact match), the user will be alerted to approve or deny (just like with ST).

The v3 HIPS should be a much stronger HIPS.  The key would be to disable ST's HIPS, run v3's for a while, and see the difference.

LM
These forums are focused on providing help and improvement for Comodo products.  Please treat other users with respect and make a positive contribution.  Thanks.
Forum Policy

Offline Puniksem

  • Newbie
  • *
  • Posts: 11
  • Smile, a least air is free!
    • PuniksemVille
 (:SAD) Unfortunately I have some bad news about my experience with the CP Firewall...

I have had to uninstall CP products because of increasing system instabilities as a result of Comodo's presence on my system. I have uninstalled CPF and it seems that all has returned to normal now.

However I shall list here my findings, in the hope that someone may have an idea as to why this is happening...

My system is an AMD based Compaq Preserio 1100Mhz CPU. with 1Gb 133Mhz SDRAM which is well in excess of requirements to run any comodo products.

1. Randomly windows would freeze while CPF would HOG 100% CPU resources.

2. Windows media player would stop mid-play and close unexpectedly when CPF hogged system resources. (most annoying mid-film)

3. Following any of the resource hogging sessions, windows explorer would crash completely forcing me to restart the computer.

4. Inherantly windows would then restart & display a series of errors as a result of these random siezures/crashes.

5. Since the removal, and the installation of an alternate firewall & anti-virus, all activity seems to have returned to normal, and has so far remained stable.

The only Comodo product that has remained stable and reliable on my computer is the Password manager, even so while saying that, during startup, it hangs until windows applications are fully loaded.

Can anyone shed some light on these problems, I have noticed that all the problems seem to relate to CPF hogging all available CPU for ages (this has also been reported by other CPF users), then suddenly all tasks and clicks that follow all happen at once after CPU resources return to normal ratios, and then for windows explorer to immediately crash afterwards. Why??

It's a shame because I have had so much faith in Comodo products until now.
Put off today what you can do tomorrow!


Offline stillen

  • Newbie
  • *
  • Posts: 21
This is off topic but here it is.

 My Dlink 4100 router is set to gateway does that mean I need to in to network connection setup home network and connect through a gateway.

Or is that meant for a residential gateway router modem combo.

   thank stillen

 

Offline jelcom

  • Newbie
  • *
  • Posts: 1
Re: Please feel free to ask any questions to learn all about Computer Security.
« Reply #80 on: September 18, 2007, 03:44:50 AM »
I've just switched to Comodo from Sunbelt Software's Keiro.  That application included a 'number-dialled' monitor.  I have broadband, but keep the dial-up modem connected for faxes, and I'm worried about 'premium-rate' diallers.  Am I correct in saying that Comodo does not cover this problem?


Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11451
  • Linux is free only if your time is worthless.;-)
Re: Please feel free to ask any questions to learn all about Computer Security.
« Reply #81 on: September 18, 2007, 04:10:00 AM »
G'day,

CFP does not monitor the modem as such, but there is an executable lurking behind all of these "premium rate" diallers. As such, you would be given the opportunity to ALLOW or DENY the executable before it attempted to dial out.

Having said that, it wouldn't be a bad idea to add a component to CFP that monitored the hardware class that includes analogue modems. Why not add this to the firewall wishlist?

Cheers,
Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline nevermorestr

  • Newbie
  • *
  • Posts: 2
nevermorestr

Just out of interest, why do you use Adblock and Proxomitron? Prox will do everything Adblock does and more...

Sorry about not answering months sooner but frankly I forgot that I had posted in here.

Yes, it is as Soya Lv. ∞ had commented:

Probably because Prox is harder to use.

I know there are multitudes of filters (above and beyond the "stock" ones) for Proxomitron but I'm not that computer literate to understand how they all work. I found that with minimal changes in the default settings of Prox (plus a couple of fan mades) along side Adblock Plus, pretty much suits my tastes in striking a balance between good ad blocking and browser usability.   

Offline Huskie

  • Newbie
  • *
  • Posts: 3
Re: Please feel free to ask any questions to learn all about Computer Security.
« Reply #83 on: November 29, 2007, 08:25:32 PM »
Indeed we will protect against that too with v3!

CFP v3 will be the First line of defense against malware!

CFP v3 will create a quantum shift in the security market from AV being your first line of defense to CFP v3 being your first line of defense against Malware! The time for allowing everything and only catch whats bad (if you know what is bad that is) (eg: AV products today..) is passed its sell by date! we need a proper protection.. we need CFP v3!!

Melih
Im just wondering if Spyware Doctor has said Comodo has a Backdoor.Hackdoor trojon virus inside its directory and is this a Spyware Doctor problem or is there any other instances where someone has recieved this message? plz hlp

Offline Huskie

  • Newbie
  • *
  • Posts: 3
Re: Please feel free to ask any questions to learn all about Computer Security.
« Reply #84 on: November 29, 2007, 08:32:09 PM »
I had compromised computer issues and had installed comodo and uninstalled spyware doctor to see what happened in the past spyware doctor slowed computer down heaps and i did not trust so i uninstalled it and just recently re installed and its said Backdoor.Hackdoor trogen viris inside comodo directory with 75 other spyware files and (Keenvalue) is adware used by euniverse also detected? Im wondering what do do?

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11451
  • Linux is free only if your time is worthless.;-)
Re: Please feel free to ask any questions to learn all about Computer Security.
« Reply #85 on: November 29, 2007, 08:54:54 PM »
Im just wondering if Spyware Doctor has said Comodo has a Backdoor.Hackdoor trojon virus inside its directory and is this a Spyware Doctor problem or is there any other instances where someone has recieved this message? plz hlp

Can you please report this as a false positive to Spyware Doctor?

Thanks in advance.
Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline Matty_R

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2527
  • How long is a piece of string?
Hi folks,

I`ve just been looking over my dad`s computer which has CA security suite on it(i tell him it`s not great but he paid for it so he`s gonna damn well use it).Anyway while looking through the "application rules" section of the firewall i noticed 2 entries one for iexplore.exe and one for iexplore.exe_1 .Now this seems not right so i`ve tried a few things to find any problems.First off i downloaded CBOclean which pulled up 1 file but after checking this out it is the driver for the CA HIPS and it seems clean according to the online sites.Also scanned with the latest Avira(nothing)
Searching his computer i can find no referance to this _1 file and in the application rules you cannot specify the full path.Google comes up with only 1 find for this,in Chinese, so i`m at a bit of a loss as to what to try next or where to look for it.Gonna do a Hijack this later today,if anyone has any ideas which might be helpful like a search tool,i`d be grateful.
Also the CA help forum was about as useful as binoculars to a blind man.

Regards, Matty
A couple of computers :P

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11451
  • Linux is free only if your time is worthless.;-)
Hi Matty,

I can't find any other reference to "iexplore.exe_1" anywhere. I'm just wondering if it's their way of storing a second entry for "iexplore.exe".

Do any other executables have more than one entry?

Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline Matty_R

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2527
  • How long is a piece of string?
Yeh, i was thinking it could be something along those lines,no others have multiple entries, there`s only about 7 in total.I deleted it once but it just came back with no alert after he`d been to a site where he needed to answer an alert about cookies.I don`t think it`s infected because it`s behind a router with SPI and he`s not into p2p or porn or the dark side of net,like`s playing freecell though.
I`ll see what the CA forum comes back with but finding no referance for iexplore.exe_1 being malware reasures me a bit.
Regards, Matty
A couple of computers :P

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Hey Matty!
Got an Idea you might be able to try, Try creating another rule that you already have, for example, if you had "Internet Freecell?" that already had a rule that was allowed, what happens if you try to create another rule for the same program? it might result in a new suffix to differentiate the two.
Windows 7 x64
AMD FX 8120, 8gb ram, ATI 6870 1gb

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek