Author Topic: COMODO Internet Security 8.0.0.4337 is released!  (Read 48775 times)

Offline lyn

  • Comodo's Hero
  • *****
  • Posts: 301
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #60 on: November 18, 2014, 10:31:09 AM »
Totally and utterly cleaned comodo off pc! Will try a re install in the suggested manner. However is cis 8 less secure than 7 even if you use chirons guide?

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #61 on: November 18, 2014, 10:37:21 AM »
Default settings are terrible  >:(
Installed on my Virtual machine, run couple of malware files and got infected with CryptoLocker   >:(



Right so the new default configuration keeps track of files downloaded from the Internet or coming from the removable or network based media. We have collected telemetry information for about 2 years and found out that automatically sandboxing unknown executables from these sources will prevent infections.

In your case, you are testing with some VMs and have specific scenarios. You need to fine tune either CIS or your environment. CIS is flexible though. By all means you can simply switch to old way of doing things. All you need to do is to go to Rules #3 in auto-sandbox policy and remove all source criteria.

I attached the screenshot.


[attachment deleted by admin]
« Last Edit: November 18, 2014, 10:39:38 AM by egemen »

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #62 on: November 18, 2014, 10:41:00 AM »
Totally and utterly cleaned comodo off pc! Will try a re install in the suggested manner. However is cis 8 less secure than 7 even if you use chirons guide?

It isn't. If anything, it is more secure because it now automatically virtualize unknowns hence protecting data from ransomware better than before.
« Last Edit: November 18, 2014, 10:46:16 AM by egemen »

Offline lyn

  • Comodo's Hero
  • *****
  • Posts: 301
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #63 on: November 18, 2014, 10:43:35 AM »
cheers egemen

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #64 on: November 18, 2014, 10:45:50 AM »
...as it stands now, CIS defaults does not give an adequate protection against malware downloaded and exported from archives.

The above is what I've been able to gather on the subject, I may of course be wrong.

1 - Nope this is not correct. CIS will track the files downloaded from the internet even if hey are coming from archives.
2 - You do not need to switch to Proactive Security if you need CIS to work like CIS 7. All you need to do is to modify Rule #3 as shown here: https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-8004337-is-released-t108001.0.html;msg784815#msg784815

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4214
  • Lurking
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #65 on: November 18, 2014, 10:50:34 AM »
1 - Nope this is not correct. CIS will track the files downloaded from the internet even if hey are coming from archives.
2 - You do not need to switch to Proactive Security if you need CIS to work like CIS 7. All you need to do is to modify Rule #3 as shown here: https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-8004337-is-released-t108001.0.html;msg784815#msg784815

Correct me if I'm wrong but doesn't CIS detect if files come from the internet by checking the alternate data streams? So what happens when the archive manager extracts the content while also stripping the alternate data streams which by the way is something that is happening.

Edit: See bug 1209

This is a real issue that could lead to infections because of CIS not sandboxing unrecognized files extracted from archives downloaded from the internet, if you find a way to fix that then sure that would be great but at this time it's unreliable.
« Last Edit: November 18, 2014, 10:56:31 AM by Sanya IV Litvyak »
I support privacy and freedom online - eff.org

Offline ............

  • Comodo Member
  • **
  • Posts: 29
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #66 on: November 18, 2014, 10:56:00 AM »
I mean if there are no rules and the app is considered safe, how do I know what is permitted and what is not?

Offline davidepi

  • Comodo Loves me
  • ****
  • Posts: 173
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #67 on: November 18, 2014, 10:59:56 AM »
Correct me if I'm wrong but doesn't CIS detect if files come from the internet by checking the alternate data streams? So what happens when the archive manager extracts the content while also stripping the alternate data streams which by the way is something that is happening.

I downloaded a rar archive from internet, extracted the files inside it and CIS regularly sandboxed all of them (on a real system). I wonder if people who have the problem with non sandboxed files, downloaded the archive from internet or instead they already have the archive on their pc. Or maybe is a problem relative to the virtual machine?

Offline Cassette

  • Comodo's Hero
  • *****
  • Posts: 243
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #68 on: November 18, 2014, 11:00:25 AM »
I mean if there are no rules and the app is considered safe, how do I know what is permitted and what is not?
If it connects to the internet, it's permitted. If it asks, it's not a trusted application. It didn't create rules because you unchecked the box that tells it to. Again, if you don't trust this policy, use custom ruleset and you decide for everything. I use custom ruleset.

Oh, and why it permits Thunderbird and not Firefox? I can only speculate here, but it's possible that Firefox just hasn't yet been added to trusted files because it's newer than the Thunderbird version you're using.
« Last Edit: November 18, 2014, 11:08:10 AM by Cassette »

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4214
  • Lurking
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #69 on: November 18, 2014, 11:02:18 AM »
I downloaded a rar archive from internet, extracted the files inside it and CIS regularly sandboxed all of them (on a real system). I wonder if people who have the problem with non sandboxed files, downloaded the archive from internet or instead they already have the archive on their pc. Or maybe is a problem relative to the virtual machine?

In the bug report it mentions that it doesn't happen with all archive applications and that it may also be dependent on other variables as well, so while it would retain that data for some, it wouldn't for others.
I support privacy and freedom online - eff.org

Offline Drunke

  • Newbie
  • *
  • Posts: 13
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #70 on: November 18, 2014, 11:11:16 AM »
Comodo Leaktest fail, my score 230  :(

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4214
  • Lurking
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #71 on: November 18, 2014, 11:13:39 AM »
Comodo Leaktest fail, my score 230  :(

Are you using the auto-sandbox or HIPS? The leaktest wasn't created for sandboxing and hence the result doesn't really mean anything.
I support privacy and freedom online - eff.org

Offline ............

  • Comodo Member
  • **
  • Posts: 29
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #72 on: November 18, 2014, 11:18:32 AM »
If it connects to the internet, it's permitted. If it asks, it's not a trusted application. It didn't create rules because you unchecked the box that tells it to. Again, if you don't trust this policy, use custom ruleset and you decide for everything. I use custom ruleset.

Oh, and why it permits Thunderbird and not Firefox? I can only speculate here, but it's possible that Firefox just hasn't yet been added to trusted files because it's newer than the Thunderbird version you're using.
Well, that's a bit risky. I can't always rely on assuming that some app is safe, just because I see no alerts. Anyway, I will change to custom ruleset as you suggest. Thanks.

Offline lyn

  • Comodo's Hero
  • *****
  • Posts: 301
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #73 on: November 18, 2014, 11:54:14 AM »
Gui operation still bad  correction awful! Select full scan decide to stop not a chance reboot only solution. This does not happen with cis 7
Edit Full scan seems to be main problem others have gone as far as I can tell.
« Last Edit: November 18, 2014, 12:08:25 PM by lyn »

Offline slickr

  • Comodo Family Member
  • ***
  • Posts: 56
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #74 on: November 18, 2014, 12:28:20 PM »
It seems comodo doesn't protect if the virus comes from attachment in email or through p2p software as well.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek