Author Topic: Whats your method for locking down CIS  (Read 1691 times)

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2325
Whats your method for locking down CIS
« on: August 12, 2022, 12:11:15 AM »
How do you guys and gals lock down your machine I seen cruelsisters way which is very good :)  heres a more different approch to this
***warning this is mostly for desktop and laptop in the house.  If you take your computer somewhere else {like a friends house or school}  youll be locked out and have to create a new set of rules for that place
cmd ipconfig /all will have the info needed.

this is how i lock down comodo.  these  are my notes. (there will be grammar error, but this is from my own notes.  Theres more to add thats not on here and missing

under setting --> firewall--> Application rules --> add ---> browse --> running process -->
now do the same for in running process for
"winlogon.exe
"smss.exe"
"csrss.exe"
"wininit.exe
"dwm.exe"
"services.exe"
"searchindexer.exe"
"taskhost.exe"
"lsass.exe"
"lsm.exe"
"explorer.exe"

Now were are done with running process

same as before but click on "files" and change it to "web browser"
go to C:\Program Files (x86)\Internet Explorer\iexplore.exe
      C:\Program Files\COMODO\Dragon\dragon.exe
do the same for all the other browsers too like firefox.exe, chrome.exe, opera.exe
if you have firefox add plugiin-contaner.exe and maintenceservice.exe

after this make sure your printer works good, and any messengers, browsers, any browser sync issues, cloud services, google chromecast, firestick if it applys to you (If not check the logs).  There shouldn't be a issue


---------------------------------------------------------

under setting --> firwall--> Application rules --> add ---> browse --> running proccess --> click "svchost.exe (there will be several rules for this)

Click on custom rule set --> click "add" -->
Click    actions"allow",
         protocal"UDP",
      Description"In or Our"

Source Address"IPv4 Single Address"
             IP"000.000.000.000"

Destitination Address"IPv4 Single Address"  (Note, All bits turned on)
             IP"255.255.255.255"

Source Port"A Single Port"
    Port"68"

Destition Port"A Single Port"
       Port"67"
Click "OK" (This allows network adaptor to request an ip address from the router)

Now click "Add"
 -------------------------------
Action"Alllow"
Protocal"UDP"
Destiation: In or out
Source Address"IPv4 Subnet Mask"
IP"192.168.001.xxx"  (This is mine, you need to got to "CMD" type in ipconfig /all to find YOUR local ip address and mask)
Mask"255.255.255.000 (This is mine, Yours may be different)

Destitonation Address"IPv4 Single Address" (This is your gateway address, check your ipconfig /all to find  it)
IP"192.168.001.xxx"
Source Port"A Single Port"
Port"68
Destination Port"A single Port"
Port"67"
Click"OK"

-----------------------------
another rule

action"allow"
Protocal"udp"
direction "out"

source address "ipv4 subnet mask"
ip: 192.16.1.68   (this is your local area network
mask:255.255.255.000

DESTINATION ADDRESS: IPV4 SINGLE ADDRESS
type:  1.1.1.1  (THIS WILL BE YOUR DNS ADDRESS)


SOURCE PORT: n/a
Destination Port: 53
---------------------------------
another rule


action"allow"
Protocal"udp"
direction "out"

source address "ipv4 subnet mask"
ip: 192.168.1.xxx   (this is your local area network
mask:255.255.255.000


SOURCE PORT: n/a
Destination Port: 53

DESTINATION ADDRESS: IPV4 SINGLE ADDRESS
type:  1.0.0.1  (THIS WILL BE YOUR DNS ADDRESS)

---------------------------------

another rule


action"allow"
Protocal"tcp"
direction "out"

source address "ipv4 subnet mask"
ip: 192.168.001.xxx  (this is your local area network
mask:255.255.255.000

destination address n/a any address
SOURCE PORT: n/a
DESTINATION port:80

------------------------------
another rule


action"allow"
Protocal"tcp"
direction "out"

source address "ipv4 subnet mask"
ip: 192.168.1.xxx   (this is your local area network
mask:255.255.255.000

destination address :n/a any address
SOURCE PORT: n/a
DESTINATION port:443
-------------------------------
 
another rule  Log as firewall event if rule is fired


action"block"
Protocal"icmp"
direction "in or out"



------------------------------

another rule   Log as firewall event if rule is fired


action"block"
Protocal"ip"
direction "in or out"
--------------------------------------------------------
« Last Edit: August 12, 2022, 01:39:05 AM by jay2007tech »
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline ZorKas

  • Comodo's Hero
  • *****
  • Posts: 2228
Re: Whats your method for locking down CIS
« Reply #1 on: August 12, 2022, 05:05:46 AM »
Thank you for the info  :-TU

Windows 10 Pro x64 21H2 Build 19044.2075 - Windows 11 Pro x64 21H2 Build 22000.1042 - Linux Emmabuntus x64 ED4 - Comodo CIS Pro v.12.2.2.8012

Offline victorlopes

  • Comodo Loves me
  • ****
  • Posts: 121
Re: Whats your method for locking down CIS
« Reply #2 on: August 12, 2022, 09:28:13 AM »
i do something like this on my machine, but does it have any value these days as cis seems to be abandoned? sorry to ask but some mods are just locking down topics and ereasing posts when we complain about the lack of infos regardless cis.

Offline Eric Cryptid

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2911
  • Security Saskquatch
Re: Whats your method for locking down CIS
« Reply #3 on: August 12, 2022, 01:49:31 PM »
How do you guys and gals lock down your machine I seen cruelsisters way which is very good :)  heres a more different approch to this
***warning this is mostly for desktop and laptop in the house.  If you take your computer somewhere else {like a friends house or school}  youll be locked out and have to create a new set of rules for that place
cmd ipconfig /all will have the info needed.
I did some of this tweaking the other month and then just reverted to Proactive with Containment level set as "Restricted". Think I'll save my config and give this another go :D

Moderator: Any concerns? PM me and/or review the Forum Policy
System: 64 bit Win 10
Realtime Protection:CIS 12

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2325
Re: Whats your method for locking down CIS
« Reply #4 on: August 12, 2022, 04:08:28 PM »
its very easy to make a error.  This is my setup.  I still left a few thing out

Quote
i do something like this on my machine, but does it have any value these days as cis seems to be abandoned? sorry to ask but some mods are just locking down topics and ereasing posts when we complain about the lack of infos regardless cis.
abandoned or not  it works with windows 11 unless you got bug issues.  Malware dont really change much over the past 10 years.  The technique change.  The last real creative malware i seen is "tdss"(rootkit) and "karpinger"(bios rootkit + it had audio advertisting, but thats another story)

While nothing is perfect, comodo still has the best firewall, defence + (hips) and auto-sandbox on the market. And there "bank mode" software.  kind of (comodo secure shoppig).   Comodo has everything you need.  You just have to learn the detail of each mechanism. 

In other words (from my point of view only)  If your not happy with the default settings,  then you need to learn how to lock it down.   If neither helps maybe you should try some other software.  Im not sure what to say.  Yes, I agree development is  years slow and nothing has changed.  Comodo's technology is still years ahead of the competition.  Unless your suffering from bug issues.  As of August 12, 2022 .  How many malware can bypass comodo without the human being the weak point
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline prodex

  • Comodo's Hero
  • *****
  • Posts: 629
Re: Whats your method for locking down CIS
« Reply #5 on: August 12, 2022, 04:38:52 PM »
Thank you for your effort. I'm thinking of going back to comodo, applying your suggestions - feeling more protected.

And you are certainly not a fanboy, thxs for your post above, too.
« Last Edit: August 12, 2022, 04:43:22 PM by prodex »

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2325
Re: Whats your method for locking down CIS
« Reply #6 on: August 12, 2022, 08:14:55 PM »
Quote
applying your suggestions - feeling more protected.
I just created the topic to learn other other ways of locking down the system.  For my way, it is complete overkill and no really needs to lock it down like that.  I just do it for fun and learning and see how far i can go without breaking stuff. (Remember, this works for my setup.  Every is different (like adding printers, chromecast, useing bluetooth)  it can mess with your machiine just be carefull

Quote
And you are certainly not a fanboy, thxs for your post above, too.
thanks :Beer  fyi if you ever find a better software out there, you have my undivided attention :)  Anything better would just be pulling the cable modem power adpater
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline victorlopes

  • Comodo Loves me
  • ****
  • Posts: 121
Re: Whats your method for locking down CIS
« Reply #7 on: August 12, 2022, 09:38:55 PM »
its very easy to make a error.  This is my setup.  I still left a few thing out
abandoned or not  it works with windows 11 unless you got bug issues.  Malware dont really change much over the past 10 years.  The technique change.  The last real creative malware i seen is "tdss"(rootkit) and "karpinger"(bios rootkit + it had audio advertisting, but thats another story)

While nothing is perfect, comodo still has the best firewall, defence + (hips) and auto-sandbox on the market. And there "bank mode" software.  kind of (comodo secure shoppig).   Comodo has everything you need.  You just have to learn the detail of each mechanism. 

In other words (from my point of view only)  If your not happy with the default settings,  then you need to learn how to lock it down.   If neither helps maybe you should try some other software.  Im not sure what to say.  Yes, I agree development is  years slow and nothing has changed.  Comodo's technology is still years ahead of the competition.  Unless your suffering from bug issues.  As of August 12, 2022 .  How many malware can bypass comodo without the human being the weak point

thank you for your reply. sadly i had some problems with win 11 and had to leave comodo.. but then, i had to go back to win 10 (problems with the vpn client used by the company im working) and now im back with cis with cruelsister + mine configs... some bugs here but they are not that scary on my win 10 this time, so... i can live with it for now.

Offline ZorKas

  • Comodo's Hero
  • *****
  • Posts: 2228
Re: Whats your method for locking down CIS
« Reply #8 on: August 13, 2022, 04:24:35 AM »
Anything better would just be pulling the cable modem power adpater

 :-TU

Windows 10 Pro x64 21H2 Build 19044.2075 - Windows 11 Pro x64 21H2 Build 22000.1042 - Linux Emmabuntus x64 ED4 - Comodo CIS Pro v.12.2.2.8012

Offline prodex

  • Comodo's Hero
  • *****
  • Posts: 629
Re: Whats your method for locking down CIS
« Reply #9 on: August 13, 2022, 05:44:58 AM »
https://forums.comodo.com/news-announcements-feedback-cis/questions-regarding-development-of-cis-t127440.330.html

Quote
prodex
Posts: 622
Re: Questions regarding development of CIS
Reply #338 on: August 05, 2022, 03:38:48 pm

I rely on this statement. I don't need new buttons or so ("beautyfication" etc). I trust this statement because the protection is still obvious and the most importzant feature for me. And this statement of a member of the team, who participates as a moderator in meetings and has insight into development status throug exchange among themselvels, I think so.

Thus I am with Avos of the same opinion.

... fyi if you ever find a better software out there, you have my undivided attention :)  Anything better would just be pulling the cable modem power adpater

No, I wasn't looking for a better one, but for a software that is updated for security reasons (hackers are very good programmers). I installed ZoneAlarm, but now I'm back to comodo, again. I feel "better" - PC was always reliably protected , so long.

Anything better would just be pulling the cable modem power adpater

No, better it is to be attentive! Life is dangerous even without the Internet, as well, as far as criminals or scammers are concerned. I've gotten various configurations and load them depending on what I'm doing. But most I use cruelsister's configuration or a modified proactive.
« Last Edit: August 13, 2022, 06:06:17 AM by prodex »

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2325
Re: Whats your method for locking down CIS
« Reply #10 on: August 13, 2022, 09:45:07 AM »
Quote
I wasn't looking for a better one, but for a software that is updated for security reasons (hackers are very good programmers).
I totally agree with you.  :-TU  For CIS, currently,  I can count with 1 hand on how many malwares out there can bypass comodo's security.   The weakest link is the human operating the machine.  Comodo is still the most secure setup on the market currently (as a bonus, CIS is free) .  If that isnt good enough, you can always tweak the setting to meet whatever standard you feel is needed and  some people do that too. 
Most of the them follow cruelsisters method of tweaking it 
Based on this link  https://www.youtube.com/watch?v=vktNQCwB2UY

Currently, most of the important thing comodo needs to do is the bug fixes that a few people are experiencing.  Also it should announce that it works for windows 11.  Everyone that i know (in the real world outside the internet) that has comodo on there windows 11 machine is working fine, but on the next comodo release (whenever that is)  should be announce by comodo saying its compatable with windows 11     

It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline C.O.M.O.D.O RT

  • Comodo Staff
  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 917
Re: Whats your method for locking down CIS
« Reply #11 on: August 16, 2022, 06:12:55 AM »
How do you guys and gals lock down your machine I seen cruelsisters way which is very good :)  heres a more different approch to this
***warning this is mostly for desktop and laptop in the house.  If you take your computer somewhere else {like a friends house or school}  youll be locked out and have to create a new set of rules for that place
cmd ipconfig /all will have the info needed.

this is how i lock down comodo.  these  are my notes. (there will be grammar error, but this is from my own notes.  Theres more to add thats not on here and missing

under setting --> firewall--> Application rules --> add ---> browse --> running process -->
now do the same for in running process for
"winlogon.exe
"smss.exe"
"csrss.exe"
"wininit.exe
"dwm.exe"
"services.exe"
"searchindexer.exe"
"taskhost.exe"
"lsass.exe"
"lsm.exe"
"explorer.exe"

Now were are done with running process

same as before but click on "files" and change it to "web browser"
go to C:\Program Files (x86)\Internet Explorer\iexplore.exe
      C:\Program Files\COMODO\Dragon\dragon.exe
do the same for all the other browsers too like firefox.exe, chrome.exe, opera.exe
if you have firefox add plugiin-contaner.exe and maintenceservice.exe

after this make sure your printer works good, and any messengers, browsers, any browser sync issues, cloud services, google chromecast, firestick if it applys to you (If not check the logs).  There shouldn't be a issue


---------------------------------------------------------

under setting --> firwall--> Application rules --> add ---> browse --> running proccess --> click "svchost.exe (there will be several rules for this)

Click on custom rule set --> click "add" -->
Click    actions"allow",
         protocal"UDP",
      Description"In or Our"

Source Address"IPv4 Single Address"
             IP"000.000.000.000"

Destitination Address"IPv4 Single Address"  (Note, All bits turned on)
             IP"255.255.255.255"

Source Port"A Single Port"
    Port"68"

Destition Port"A Single Port"
       Port"67"
Click "OK" (This allows network adaptor to request an ip address from the router)

Now click "Add"
 -------------------------------
Action"Alllow"
Protocal"UDP"
Destiation: In or out
Source Address"IPv4 Subnet Mask"
IP"192.168.001.xxx"  (This is mine, you need to got to "CMD" type in ipconfig /all to find YOUR local ip address and mask)
Mask"255.255.255.000 (This is mine, Yours may be different)

Destitonation Address"IPv4 Single Address" (This is your gateway address, check your ipconfig /all to find  it)
IP"192.168.001.xxx"
Source Port"A Single Port"
Port"68
Destination Port"A single Port"
Port"67"
Click"OK"

-----------------------------
another rule

action"allow"
Protocal"udp"
direction "out"

source address "ipv4 subnet mask"
ip: 192.16.1.68   (this is your local area network
mask:255.255.255.000

DESTINATION ADDRESS: IPV4 SINGLE ADDRESS
type:  1.1.1.1  (THIS WILL BE YOUR DNS ADDRESS)


SOURCE PORT: n/a
Destination Port: 53
---------------------------------
another rule


action"allow"
Protocal"udp"
direction "out"

source address "ipv4 subnet mask"
ip: 192.168.1.xxx   (this is your local area network
mask:255.255.255.000


SOURCE PORT: n/a
Destination Port: 53

DESTINATION ADDRESS: IPV4 SINGLE ADDRESS
type:  1.0.0.1  (THIS WILL BE YOUR DNS ADDRESS)

---------------------------------

another rule


action"allow"
Protocal"tcp"
direction "out"

source address "ipv4 subnet mask"
ip: 192.168.001.xxx  (this is your local area network
mask:255.255.255.000

destination address n/a any address
SOURCE PORT: n/a
DESTINATION port:80

------------------------------
another rule


action"allow"
Protocal"tcp"
direction "out"

source address "ipv4 subnet mask"
ip: 192.168.1.xxx   (this is your local area network
mask:255.255.255.000

destination address :n/a any address
SOURCE PORT: n/a
DESTINATION port:443
-------------------------------
 
another rule  Log as firewall event if rule is fired


action"block"
Protocal"icmp"
direction "in or out"



------------------------------

another rule   Log as firewall event if rule is fired


action"block"
Protocal"ip"
direction "in or out"
--------------------------------------------------------
Hi jay2007tech,

Thank you for the time you took to analyze and share the information.
Thank you for supporting,

Thanks
C.O.M.O.D.O RT

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2325
Re: Whats your method for locking down CIS
« Reply #12 on: August 16, 2022, 03:07:16 PM »
C.O.M.O.D.O RT
Your welcome,  share it with your friends I'm going to post a few more rules in a few days. :)  Nothing better then locking down the machine and dns.  My invisible adversaries (enemies)  probably wont like it >:-D 
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline C.O.M.O.D.O RT

  • Comodo Staff
  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 917
Re: Whats your method for locking down CIS
« Reply #13 on: August 17, 2022, 03:00:46 AM »
C.O.M.O.D.O RT
Your welcome,  share it with your friends I'm going to post a few more rules in a few days. :)  Nothing better then locking down the machine and dns.  My invisible adversaries (enemies)  probably wont like it >:-D
Hi jay2007tech,

Thank you very much for supporting.

Thanks
C.O.M.O.D.O RT

Offline liosant

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1617
  • GOD cure me epilepsy and atrophy - Sou brasileiro!
Re: Whats your method for locking down CIS
« Reply #14 on: August 17, 2022, 10:05:57 AM »
here block all ports not in use;
block all applications system not necessary;
...

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek