Author Topic: HIPS modes Help  (Read 374 times)

Offline 5Lqep

  • Comodo Member
  • **
  • Posts: 30
HIPS modes Help
« on: June 15, 2022, 01:50:59 AM »
Help
« Last Edit: July 14, 2022, 09:51:37 AM by 5Lqep »

Offline C.O.M.O.D.O RT

  • Comodo Staff
  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 855
Re: Some programs bypass HIPS and Firewall.
« Reply #1 on: June 15, 2022, 06:45:46 AM »
Hi 5Lqep,

Thank you for reporting, could you please provide us the below details ?
1. CIS version ?
2. Win version along with system bit type ?
3. MP3 tag version ?
4. Are you using any other security software other than CIS ?
5. HIPS mode ?
6. Firewall mode ?
7. Any related screenshot ?

Thanks
C.O.M.O.D.O RT

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5349
Re: Some programs bypass HIPS and Firewall.
« Reply #2 on: June 15, 2022, 07:49:24 AM »
Please read the help documentation to get a better understanding on how HIPS firewall and file rating works. The application is trused and HIPS and firewall are both in their default mode of safe mode which means it will not show alerts for trusted rated applicatins. Only creating an ask rule in firewall application rules will force a firewall alert for trusted rated applications in safe mode, it does not happen for HIPS when you set the rule to all ask when in safe mode. If you want HPS alerts then set HIPS to paranoid mode, for the firewall either add an ask rule for the application or set the firewall to custom ruleset mode.  https://help.comodo.com/topic-72-1-766-9024-Introduction-to-Comodo-Internet-Security.html
« Last Edit: June 15, 2022, 07:52:59 AM by futuretech »

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5349
Re: Some programs bypass Firewall
« Reply #3 on: June 16, 2022, 09:15:06 AM »
Do you know for sure it is actually connecting out? Check the active connections using view connections firewall task, or use TCPView from sysinternals to see if it has active connections. I doubt it does and it did DNS lookup using the DNSRPC service which can only be blocked by HIPS.

Offline 5Lqep

  • Comodo Member
  • **
  • Posts: 30
HIPS paranoid without windows apps
« Reply #4 on: July 14, 2022, 09:50:48 AM »
Do you know for sure it is actually connecting out? Check the active connections using view connections firewall task, or use TCPView from sysinternals to see if it has active connections. I doubt it does and it did DNS lookup using the DNSRPC service which can only be blocked by HIPS.


How to have paranoid mode where "trusted programs" are ignored but windows programs are allowed. [at]futuretech
« Last Edit: July 14, 2022, 10:06:58 AM by 5Lqep »

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5349
Re: HIPS modes Help
« Reply #5 on: July 14, 2022, 12:04:08 PM »
I have no idea what you are asking seeing as you edited and deleted your posts so all information is lost as to what you need help with. Please explain what is the issue you are having and what are you trying to accomplish with regards to HIPS. I can only guess based on your post history that you need help understanding file groups. https://help.comodo.com/topic-72-1-766-9180-File-Groups.html

Offline C.O.M.O.D.O RT

  • Comodo Staff
  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 855
Re: HIPS paranoid without windows apps
« Reply #6 on: July 15, 2022, 03:28:48 AM »

How to have paranoid mode where "trusted programs" are ignored but windows programs are allowed. [at]futuretech
Hi 5Lqep,

Thank you for reporting, kindly provide us exactly what you did and what happened ?
So that we will check and update you.
Hi [at]futuretech Thanks for supporting.

Thanks
C.O.M.O.D.O RT

Offline 5Lqep

  • Comodo Member
  • **
  • Posts: 30
Re: HIPS modes Help
« Reply #7 on: July 15, 2022, 08:38:05 AM »
I have no idea what you are asking seeing as you edited and deleted your posts so all information is lost as to what you need help with. Please explain what is the issue you are having and what are you trying to accomplish with regards to HIPS. I can only guess based on your post history that you need help understanding file groups. https://help.comodo.com/topic-72-1-766-9180-File-Groups.html

I asked Some apps and Windows System Apps don't ask for HIPS. You told me to use Paranoid Mode because Windows System and some apps like mp3tag are in Whitelist.
I am asking how to have the whitelist only have Windows System apps and get HIPS for all other 3rd party Apps. Also where can see that whitelist.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5349
Re: HIPS modes Help
« Reply #8 on: July 15, 2022, 09:45:05 AM »
The file list shows the ratings of applications which if they have a trusted rating means they won't trigger alerts in safe mode for HIPS or firewall. Information about the file list and what you can do here is explained in the help link here: https://help.comodo.com/topic-72-1-623-8441-File-List.html (note i am linking the help for the previous CIS version because somehow the help page for ver 12 is missing but it is mostly the same.) You could put HIPS back to safe mode and change file rating of all 3rd-pary apps so you get alerts, you can also disable file rating lookup and change all vendors rating to unrecognized in vendor list. File rating help page: https://help.comodo.com/topic-72-1-766-9179-File-Rating-Settings.html

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek