Author Topic: Comodo containment and HIPS against recent ransomware  (Read 8855 times)

Offline liosant

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1602
  • GOD cure me epilepsy and atrophy - Sou brasileiro!
Re: Comodo containment and HIPS against recent ransomware
« Reply #45 on: May 15, 2021, 06:20:43 PM »
for fix problem in exclusions of auto containment: https://help.comodo.com/topic-72-1-766-9168-Containment-Configuration.html
"do not virtualize acess to:" ADD ?:\* in protect files

in: https://help.comodo.com/topic-72-1-766-9164-Active-HIPS-Rules.html
ADD ?:\* as "all applications"  and in "files/folders protect" - block  "shared space" and folders than your add...

NOTE: If is user inexperienced, NOT MAKE THIS!

Sorry my english!
« Last Edit: May 16, 2021, 09:44:45 AM by liosant »

Offline HC

  • Comodo Member
  • **
  • Posts: 25
Re: Comodo containment and HIPS against recent ransomware
« Reply #46 on: May 16, 2021, 08:27:18 AM »
Nothing like a troll to brighten up a Friday evening [at]ro.edi LOL.

Anyway, added FutureTech's tweaks to HIPS and no performace impact ;)

Thanks for clarification [at]Cruelsister :D

Adding  ?\:* has a pretty big performance impact in online games and causes lag (FPS goes down dramatically)

Offline Eric Cryptid

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2840
  • Security Saskquatch
Re: Comodo containment and HIPS against recent ransomware
« Reply #47 on: May 16, 2021, 08:34:41 AM »
Adding  ?\:* has a pretty big performance impact in online games and causes lag (FPS goes down dramatically)

I didn't notice any on my old laptop but if your using Containment anyway, you can just add your libraries folder and leave it at that though I would adjust the Run Virtually to "Restricted" or "Block"

Moderator: Any concerns? PM me and/or review the Forum Policy
System: 64 bit Win 10
Realtime Protection:CIS 12

Offline CISfan

  • Comodo's Hero
  • *****
  • Posts: 1510
Re: Comodo containment and HIPS against recent ransomware
« Reply #48 on: May 16, 2021, 09:36:13 AM »
To avoid confusion

It should be this

?:\*

not this

?\:*

Offline liosant

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1602
  • GOD cure me epilepsy and atrophy - Sou brasileiro!
Re: Comodo containment and HIPS against recent ransomware
« Reply #49 on: May 16, 2021, 09:47:08 AM »
To avoid confusion

It should be this

?:\*

not this

?\:*

sorry my mistake... :P ;D

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 639
Re: Comodo containment and HIPS against recent ransomware
« Reply #50 on: May 16, 2021, 09:55:01 AM »
By keeping HIPS off but automatic containment active (with the standard proactive configuration setting), can you be safe against ransoware attacks and / or other attacks (trojans, adaware, etc ..)?
HIPS for me is perhaps a bit complicated and even when I install Comodo Antivirus or CIS on the PC of my inexperienced friends / relatives I prefer not to enable it to avoid that it can be complex to use.
Bye!
Nunzio

Offline CISfan

  • Comodo's Hero
  • *****
  • Posts: 1510
Re: Comodo containment and HIPS against recent ransomware
« Reply #51 on: May 16, 2021, 09:55:13 AM »
sorry my mistake... :P ;D

Can happen.  :) ;)

Offline kyl

  • Comodo's Hero
  • *****
  • Posts: 267
Re: Comodo containment and HIPS against recent ransomware
« Reply #52 on: May 18, 2021, 05:09:24 AM »
when I used these paranoid HIPS settings, HIPS used the PC not me. flood of alerts for every single action then tons of BSODs just unable to use for avarage users like me  :P0l

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 625
  • Paranoid B#st#rd - CIA
Re: Comodo containment and HIPS against recent ransomware
« Reply #53 on: May 18, 2021, 07:18:34 AM »
HIPS used the PC not me

Ha ha ha that's funny!

Yeah well, it does it's job ha ha.

Offline CISfan

  • Comodo's Hero
  • *****
  • Posts: 1510
Re: Comodo containment and HIPS against recent ransomware
« Reply #54 on: May 18, 2021, 10:56:08 AM »
Why not let HIPS eat the idle CPU cycles? There are plenty of them! Ha ha ;)

Offline kyl

  • Comodo's Hero
  • *****
  • Posts: 267
Re: Comodo containment and HIPS against recent ransomware
« Reply #55 on: June 09, 2021, 04:47:23 PM »
except a 3 letter agency who now has our code($)!


3 letters like "kyl" ??? :P0l
 :P0l
 :-TD

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 639
Re: Comodo containment and HIPS against recent ransomware
« Reply #56 on: July 05, 2021, 03:37:57 AM »
Do you think CIS would be able to protect individual users from this latest major ransoware attack via Kaseya?

https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021
Bye!
Nunzio

Offline Eric Cryptid

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2840
  • Security Saskquatch
Re: Comodo containment and HIPS against recent ransomware
« Reply #57 on: July 05, 2021, 01:38:35 PM »
Do you think CIS would be able to protect individual users from this latest major ransoware attack via Kaseya?

https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021

I'm no expert but I'd say Yes. Anything unknown/untrusted gets put in containment and therefore doesn't infect your system. I prefer to run CIS in Proactive mode with Unknown Containment level set as "Restricted" but CIS will protect you from unknows including latest Zero-Day and any ransomware but CruelSister can confirm.

Moderator: Any concerns? PM me and/or review the Forum Policy
System: 64 bit Win 10
Realtime Protection:CIS 12

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26225
Re: Comodo containment and HIPS against recent ransomware
« Reply #58 on: July 05, 2021, 01:57:14 PM »
I expect that with the Cruelsister settings CIS will be able to stop it. I'd love to hear from Cruelsister herself. :)

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 639
Re: Comodo containment and HIPS against recent ransomware
« Reply #59 on: July 05, 2021, 02:09:24 PM »
I'm no expert but I'd say Yes. Anything unknown/untrusted gets put in containment and therefore doesn't infect your system. I prefer to run CIS in Proactive mode with Unknown Containment level set as "Restricted" but CIS will protect you from unknows including latest Zero-Day and any ransomware but CruelSister can confirm.

I still have some doubts about the containment approach.
For unrecognized applications it is better to set it to "run limited" or "run virtualized?
If it is set to "run virtualized" in the options should you put the check mark on "set restriction level" to "partially limited" or "limited"?
Bye!
Nunzio

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek