Author Topic: Hater's scream  (Read 3714 times)

Offline gjf

  • Comodo Loves me
  • ****
  • Posts: 114
  • Fuimus - non sumus... Carpe diem!
Hater's scream
« on: June 21, 2020, 04:25:22 PM »
Hi All.

Being Comodo user and fan since a very long time (I think it was 2006 or 2007 when I moved here from Kaspersky? cannot remember) I think I can make this post as a scream of hater.

Yes, indeed - I am going to become a Comodo hater from some time.

I always loved this piece of code because there is no really free product with similar features. You really cannot find AV+FW+HIPS free of charge. You can? - OK tell me.

Also I loved it because it is not the product for "home-keepers" - actually it can be set to work in this mode, but also CIS has a number of advanced features that makes it really interesting for advanced users.

Everything I have mentioned is in Past Indefinite. Because latest CIS is going to be a nightmare...

1. Network Zone detection with Global Rules. Host Name is not resolved for ages - and still it is not. OK, I can live with it.
2. OpenVPN client when connected makes HIPS freeze sometimes. I have reported about that years ago. Every new version - still the problem exists. OK I will switch off HIPS when using VPN.
3. WSL settings for FW/HIPS. Why I cannot put into exclusions a group of files or folder with files? Why I need to put a policy for every file inside WSL? OK, it's good - but every update in WSL makes me to create policies again and again. Any idea? No. And let's be honest: do you want to restrict permissions in Linux running in WSL for security reasons? Haha, good luck.
4. WSL 2 does not work when CIS is installed. Never. You can switch it off - no help. Just a full uninstall.
5. Windows 10 global updates can fail with CIS. Why? I don't know, but I could move to 2004 only when CIS was uninstalled.
6. False positives will never be proceeded when you hit "False positive" in AV warning message. Believe me - it's better to add exclusion from the very beginning.
7. ?????.........

What else I should "live with it" in future? Every year and every CIS update brings me new surprises. Yes, I remember - it's free so no warranties, but I think it's better to make it either a fully automotive for "home-keepers" - or put more efforts to support advanced users with advanced usage. Because this "advanced features" make advanced problems with non-expected behavior. Or it simply does not work - maybe it's even better.

Initially Comodo was positioned as a best protection for almost everything - even modern threats. Now it becomes a threat.

Too bad and what a pity for a good old times...

P.S. Please do not forward me to bug reporting. I did it several times in past. And I'm tired of that. This post was just a scream of new hater - nothing more, nothing less...
« Last Edit: June 21, 2020, 04:42:25 PM by gjf »

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 625
  • Paranoid B#st#rd - CIA
Re: Hater's scream
« Reply #1 on: June 21, 2020, 04:34:12 PM »
It is always recommended to uninstall CIS when you install a new version of the OS.

Offline gjf

  • Comodo Loves me
  • ****
  • Posts: 114
  • Fuimus - non sumus... Carpe diem!
Re: Hater's scream
« Reply #2 on: June 21, 2020, 04:49:33 PM »
OK, you've got me! But why it is not recommended by all AV vendors? For instance: when KES made it impossible to update Win10 - MS released an update to make it possible: https://support.kaspersky.ru/12628
CIS just recommends to uninstall itself. Good product, nice support.

You've got me on one point - so here is my answer, also one point: https://github.com/microsoft/WSL/issues/5329

I can give you more - but for what? If you are experienced in Comodo - you will already know what I mean. If not - OK, you will understand in some time of using.
« Last Edit: June 21, 2020, 04:51:55 PM by gjf »

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 625
  • Paranoid B#st#rd - CIA
Re: Hater's scream
« Reply #3 on: June 21, 2020, 05:07:23 PM »
I would suggest this is because Comodo has a more strict approach to controlling systems calls and such opposed to most AV products.

Offline gjf

  • Comodo Loves me
  • ****
  • Posts: 114
  • Fuimus - non sumus... Carpe diem!
Re: Hater's scream
« Reply #4 on: June 21, 2020, 06:34:37 PM »
Yeah the approach is so strict that some applications, standard features and system itself fails to work normally.

Anyway, the nonworking system is very secure - because it's nonworking.

Directed by Robert B. Weide.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5227
Re: Hater's scream
« Reply #5 on: June 22, 2020, 12:02:10 PM »
Quote
1. Network Zone detection with Global Rules. Host Name is not resolved for ages - and still it is not. OK, I can live with it.
Care to elaborate on this? Host name does get resolved so I'm not sure what you mean here.

Quote
2. OpenVPN client when connected makes HIPS freeze sometimes. I have reported about that years ago. Every new version - still the problem exists. OK I will switch off HIPS when using VPN.
Something that Comodo and no one else has been able to replicate, and I have a hard time believing using OpenVPN would somehow interfere with HIPS, if anything I would expect a firewall issue but the firewall driver works with OpenVPN afaik.

Quote
3.WSL settings for FW/HIPS. Why I cannot put into exclusions a group of files or folder with files? Why I need to put a policy for every file inside WSL? OK, it's good - but every update in WSL makes me to create policies again and again. Any idea? No. And let's be honest: do you want to restrict permissions in Linux running in WSL for security reasons? Haha, good luck.
You can and it's called using file groups but even then you won't need to as WSL binaries should always have the same file path, so again can you explain the issue further?

Quote
4. WSL 2 does not work when CIS is installed. Never. You can switch it off - no help. Just a full uninstall.
I'm guessing using the latest 12.2 version you are experiencing this reported issue which they are working on and does not affect the 6882 build.

Quote
5. Windows 10 global updates can fail with CIS. Why? I don't know, but I could move to 2004 only when CIS was uninstalled.
Interesting as many people had no problems performing upgrades with CIS, maybe has to do the method of which the upgrade happens, I know I had no issue when I used the upgrade assistant. But as ReeceN said, the best way to upgrade to newer Windows versions is to uninstall CIS prior the updating, then install after update completes.

Quote
6. False positives will never be proceeded when you hit "False positive" in AV warning message. Believe me - it's better to add exclusion from the very beginning.
Is this from the cloud scanner or actual AV real-time alert? If from cloud file rating yes I know what you mean but it doesn't always happen so it may be hard for them to fix.

Offline liosant

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1595
  • GOD cure me epilepsy and atrophy - Sou brasileiro!
Re: Hater's scream
« Reply #6 on: June 23, 2020, 09:54:56 AM »
in my case:
Cis not exact incompatible with windows updates (only windows update), but PCs olds are outdated about crash computers olds like (laptops olds or news, too to present that behavior or crash...);

NOTE: Windows update there is not authenticity check effective, often files windows update are corrupted. :-\   

sorry my english!

Offline gjf

  • Comodo Loves me
  • ****
  • Posts: 114
  • Fuimus - non sumus... Carpe diem!
Re: Hater's scream
« Reply #7 on: June 24, 2020, 07:03:42 AM »
Care to elaborate on this? Host name does get resolved so I'm not sure what you mean here.
Easy. Create something like that:

In my case www.blahblah.com is not always blocked - especially if IP of host was changed.
Something that Comodo and no one else has been able to replicate, and I have a hard time believing using OpenVPN would somehow interfere with HIPS, if anything I would expect a firewall issue but the firewall driver works with OpenVPN afaik.
In my case working OpenVPN client causes HIPS to hang. FW works well. Yes I know the issue is very hard to replicate because even in my case it happens not always from the very beginning of VPN connection. Whatever - I was ready to give all logs and even remote access to my PC to show. But certainly it was not interesting for Support.
 
You can and it's called using file groups but even then you won't need to as WSL binaries should always have the same file path, so again can you explain the issue further?
I want to add a folder to be excluded from control. Totally. In this case of WSL I have to add new policy rules for apt, for curl, for every binary used in WSL environment - and I don't want it.
I'm guessing using the latest 12.2 version you are experiencing this reported issue which they are working on and does not affect the 6882 build.
So are you telling me to roll back to old version rather than update to new one?
Interesting as many people had no problems performing upgrades with CIS, maybe has to do the method of which the upgrade happens, I know I had no issue when I used the upgrade assistant. But as ReeceN said, the best way to upgrade to newer Windows versions is to uninstall CIS prior the updating, then install after update completes.
I am using a built-in Windows update mechanism. Why other similar products does not require uninstall prior update?
Is this from the cloud scanner or actual AV real-time alert? If from cloud file rating yes I know what you mean but it doesn't always happen so it may be hard for them to fix.
It's a crap named ApplicUnwnt[at]0, Malware[at]0 etc. By the way cloud file rating is disabled - and I don't want it. I want a simple scanner, no heuristics, no cloud. But CIS thinks in it's own way...

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5227
Re: Hater's scream
« Reply #8 on: June 24, 2020, 11:57:56 AM »
Quote
In my case www.blahblah.com is not always blocked - especially if IP of host was changed.
IP addresses that get resolved when you set a host name are static, so of course it won't work if the IP address changes, which is why making rules based on host names is pointless.

Quote
I want to add a folder to be excluded from control. Totally. In this case of WSL I have to add new policy rules for apt, for curl, for every binary used in WSL environment - and I don't want it.
You are expecting CIS to do something that no other security suite does and that is to disable firewall and HIPS monitoring on a per application basis. Again you need to use rules as that is what rules are made for, you don't need to make one for each individual binary, as you can define a whole folder as a file group. Please read the help section on file groups.

Quote
So are you telling me to roll back to old version rather than update to new one?
If you want to specifically use WSL2 then yes, 12.1 should be avoided due to many issues that are fixed in 12.2. But if 12.2 prevents you from using WSL2, then you need to use 12.0.0.6882 until they release a new version that fixes the issue which they said they are working on it.
Quote
I am using a built-in Windows update mechanism. Why other similar products does not require uninstall prior update?]I am using a built-in Windows update mechanism. Why other similar products does not require uninstall prior update?
Because they aren't as advanced as CIS? Don't know why it is such an issue for people to uninstall then re-install for major Windows updates if they don't want to face issues with CIS. Then again many people don't have any problems updating while keeping CIS installed so it is better to take the safer approach.

Quote
It's a crap named ApplicUnwnt[at]0, Malware[at]0 etc. By the way cloud file rating is disabled - and I don't want it. I want a simple scanner, no heuristics, no cloud. But CIS thinks in it's own way...
Sounds like your talking about the real-time AV alerts which if you click Ignore and Report as a False Alert, it will set the file rating to trusted in the file list and you won't get AV detection alerts again.


As for the OpenVPN issue, I believe it has to do with CIS having connection problems performing certificate revocation checks on digitally signed applications when those applications get executed, it is something that currently can not be disabled even if cloud rating is turned off. CIS most likely can not reach OCSP servers when you are connected with OpenVPN thus causing delays with using such signed applications.
« Last Edit: June 24, 2020, 01:03:20 PM by futuretech »

Offline gjf

  • Comodo Loves me
  • ****
  • Posts: 114
  • Fuimus - non sumus... Carpe diem!
Re: Hater's scream
« Reply #9 on: June 24, 2020, 12:20:36 PM »
There are mutually exclusive statements in your reply.

So Comodo is too advanced in comparison with other similar products (Kaspersky for instance) so that's why it requires full uninstall prior Windows update? OK.

But in the same time Comodo cannot dynamically resolve host names like good old Outpost could. But Comodo is more advanced. OK.

Also Comodo way of FW/HIPS working does not allow to work with WSL because of numerous alerts for linux binaries/scripts inside WSL. Also you need to revert back to old versions to work with latest WSL 2. But still Comodo is very advanced. OK.

OpenVPN freeze cannot be fixed by design - but Comodo is ADVANCED! REMEMBER THAT AND LIVE WITH IT!

OK, what I have to say...
« Last Edit: June 24, 2020, 12:34:53 PM by gjf »

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5227
Re: Hater's scream
« Reply #10 on: June 24, 2020, 01:02:46 PM »
Quote
So Comodo is too advanced in comparison with other similar products (Kaspersky for instance) so that's why it requires full uninstall prior Windows update? OK.
Never said it is required, just that it is the recommended safe way of avoiding issues but good job ignoring that other people don't have issues doing Windows upgrades with CIS installed.

Quote
But in the same time Comodo cannot dynamically resolve host names like good old Outpost could. But Comodo is more advanced. OK.
And how did it keep the IP addresses updated? Did it perform name resolution every second? Every time an application made network requests? On every boot up? And how do you know it did? For all you know it behaved the same way and the IP never changed.
Quote
Also Comodo way of FW/HIPS working does not allow to work with WSL because of numerous alerts for linux binaries/scripts inside WSL
Why are you so keen on ignoring the solution that I gave you with using file groups? It is so simple and easy to create a file group and add the folder of the linux distro directory to the file group and use that for HIPS and firewall rules.

Quote
Also you need to revert back to old versions to work with latest WSL 2.
That happens with any software when they get updated, new versions add unexpected bugs that requires using the previous version until a fixed version is released. Even MS releases updates that they have to pull because of issues it causes, which then requires people to do a system restore, but yes make a big deal about it when it happens with CIS.

And by advanced I was referring to what ReeceN said about how CIS hooks into and controls the system and the fact that CIS is designed with default-deny while other security suites are default-allow.

Offline gjf

  • Comodo Loves me
  • ****
  • Posts: 114
  • Fuimus - non sumus... Carpe diem!
Re: Hater's scream
« Reply #11 on: June 25, 2020, 03:31:08 AM »
Never said it is required, just that it is the recommended safe way of avoiding issues but good job ignoring that other people don't have issues doing Windows upgrades with CIS installed.
Are you performing statistics counting? Because in my case I have a lot of similar issues with Windows update. Yeah I can accept a general statistics - but in this case it is a really bad luck for all the people I know.
And how did it keep the IP addresses updated? Did it perform name resolution every second? Every time an application made network requests? On every boot up? And how do you know it did? For all you know it behaved the same way and the IP never changed.
I don't know. Ask ex-Agnitum coders. I think it's better to perform on every application request or add a setting about using cached DNS reply or not. Yes< I know numerous request will affect performance - but why it is not possible to add the setting on per rule basis?
Why are you so keen on ignoring the solution that I gave you with using file groups? It is so simple and easy to create a file group and add the folder of the linux distro directory to the file group and use that for HIPS and firewall rules.
Because I simply don't understand: from one side it is not possible to add folders in HIPS/FW rules - but I can add them to file groups and THEN in HIPS/FW rules. Why it's not possible to simply add folders - it would be user-friendly rather than double action.
That happens with any software when they get updated, new versions add unexpected bugs that requires using the previous version until a fixed version is released. Even MS releases updates that they have to pull because of issues it causes, which then requires people to do a system restore, but yes make a big deal about it when it happens with CIS.
The issue has been reported a month ago. A month, Carl!

And by advanced I was referring to what ReeceN said about how CIS hooks into and controls the system and the fact that CIS is designed with default-deny while other security suites are default-allow.
Please be more detailed. Are you going to say that all other similar products allows actions by default - and CIS doesn't? Even in full automatic mode? Even for Trusted Installers? Interesting...

Also - regarding ApplicUnwnt[at]0, Malware[at]0. Do you know that when I press "Add to Exclusions" these alerts will popup again and again? And really - only "Report as False Alert" helps in this case. What does "exclusion" mean? Why "exclusion" is not stored?

And what does ApplicUnwnt[at]0, Malware[at]0 mean? Just remind you: heuristics and cloud are disabled. Very interesting detect.
« Last Edit: June 25, 2020, 06:48:01 AM by gjf »

Offline Xeno

  • Comodo's Hero
  • *****
  • Posts: 888
Re: Hater's scream
« Reply #12 on: June 25, 2020, 08:02:47 AM »
Quote
1. Network Zone detection with Global Rules. Host Name is not resolved for ages - and still it is not. OK, I can live with it.
Care to elaborate on this? Host name does get resolved so I'm not sure what you mean here.
For example:
https://forums.comodo.com/bug-reports-cis/hostname-in-fw-rules-works-wrong-t70877.0.html
https://forums.comodo.com/format-verified-issue-reports-cis/blocked-zones-doesnt-work-normally-with-a-certain-host-name-t86614.0.html
Hostname rules never worked right, it's bug "by design" and devs never want to fix it. Hostname rule works with IP range but not hostname by the fact.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5227
Re: Hater's scream
« Reply #13 on: June 25, 2020, 12:32:13 PM »
Quote
Are you performing statistics counting? Because in my case I have a lot of similar issues with Windows update. Yeah I can accept a general statistics - but in this case it is a really bad luck for all the people I know.
For every 1 person who has issues and make posts about it, there is probably 2 or more who don't face any issues and thus won't say anything, so no I do not have any statistics but I can infer from the many users of CIS and use Windows 10, only a few are vocal about having issues. Also the majority of times it is caused by using incorrect CIS settings like disabling cloud lookup, so CIS doesn't get the chance to rate the new files as trusted thus they become unrecognized. In those cases its is the users fault for bricking their own system because they use settings that they don't understand what that does to overall system stability. Never mind all the complaints you can find of people not being able to upgrade no matter what security software they have because the update themselves are broken.

Quote
I don't know. Ask ex-Agnitum coders. I think it's better to perform on every application request or add a setting about using cached DNS reply or not. Yes< I know numerous request will affect performance - but why it is not possible to add the setting on per rule b
I don't know either but maybe make a wish request for it. I guess not many use host name feature so they really didn't put much thought into it.

Quote
Because I simply don't understand: from one side it is not possible to add folders in HIPS/FW rules - but I can add them to file groups and THEN in HIPS/FW rules. Why it's not possible to simply add folders - it would be user-friendly rather than double action.
Technically you can but it requires you to either type out the folder path and making sure you add the wildcard character at the end, or use browse > application then edit the path so it only contains the folder part and again add the wildcard character. But like I said it is better to use the file group because then you don't need to re-do the manual way of using a folder for each component for av/firewwall/hips/auto-containment rule.

Quote
The issue has been reported a month ago. A month, Carl!
Since Umesh left development has taken a dramatic slowdown which many of us users and moderators are frustrated with.

Quote
Please be more detailed. Are you going to say that all other similar products allows actions by default - and CIS doesn't? Even in full automatic mode? Even for Trusted Installers? Interesting...
For the most part yes if other products don't detect something as malware but is not known or trusted it is allowed to run, whereas CIS will block depending on which modules are being used. Trusted installers works better with trust files installed by trusted installers setting being enabled, but there are times when the parent process is a trusted installer that terminates and then the child process lose there installer status.

Quote
Also - regarding ApplicUnwnt[at]0, Malware[at]0. Do you know that when I press "Add to Exclusions" these alerts will popup again and again? And really - only "Report as False Alert" helps in this case. What does "exclusion" mean? Why "exclusion" is not stored?
Did you check the scan exclusions to see if they do get added? I haven't had that type of issue unless I selected ignore once in the AV alert, once I used add to exclusions it did not alert again.

Quote
And what does ApplicUnwnt[at]0, Malware[at]0 mean? Just remind you: heuristics and cloud are disabled. Very interesting detect.
Those are local signature detection names and for application unwanted you can disable it with Detect potentially unwanted applications in file rating settings.

Offline gjf

  • Comodo Loves me
  • ****
  • Posts: 114
  • Fuimus - non sumus... Carpe diem!
Re: Hater's scream
« Reply #14 on: June 26, 2020, 03:44:42 AM »
[at]futuretech

Xeno reported about issues dd 2011 and 2012.
Umesh worked in that time.
Nothing changed.
I have reported about OpenVPN issue a year ago: https://forums.comodo.com/bug-reports-cis/hips-hangs-when-openvpn-is-connected-m2409-t124050.0.html
Nothing changed except I am over to repeat it again and again that the issue exists.

And yes: I don't want any cloud because of my own development - and I don't want to send any files somewhere. Comodo cannot work normally without it? OK, noted.

And thank you for File Rating Settings - for some reason I forgot to close that hole. Did it already, hope no strange detects in future.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek