Application Behavior Analysis alerts

Thanks, “AnotherOne.” That looks pretty cool. But it still doesn’t address the question of “bad parenting” – that is, when Comodo falsely thinks that one application is trying to control another. Is there anyone out there who has seen this problem in v2 and found that it has (or hasn’t) gone away in v3 beta?

Hi ptfreed - It is harder to notice the lack of something, but I have not noticed any alerts for strange parents. That may be due to the different way that CFP 3 cites process modification. There are so many new types of access reports (registry, process, hard disk, internet) that I can’t recall mention of parents. I have tried the types of action that generated the alerts in CFP 2.4 and there have been no spurious alerts in CFP 3.0 (beta). It looks like the problem may have been fixed, but I am still only less than a week into evaluation of the beta.

Thanks, AnotherOne!

Even though your results are tentative, it makes me feel much better just to know that there is reason for hope.
:■■■■

Anyone else care to weigh in?

It’s all about safe-listing, guys. 2.4 has a safelist of 25,000 or so apps; v3 has more than 300,000 (at last count I knew). When both apps are on the safelist, you won’t see those types of alerts. v3 still alerts to suspicious behaviors, but as AnotherOne noted, the detail of the rules/control is far greater, which reduces the frequency of such alerts. The detail in said alerts is different as well, to better inform the user as to what is occurring.

I’ve been testing v3 since they presented it to us, and have yet to see the same types of alerts that 2.4 generated. They’re working very hard to accommodate users based on the negative response to ABA alerts, and still provide best-of-class security.

LM

That makes sense. But it also means that I’m completely out of luck…

I want to get alerts. I want to know every time my mail program tries to start up my browser. If it was caused by something I clicked on, I’ll allow it. If someone has found a clever way to get my mail client to do something odd, I’ll deny it. This means that I can’t have the programs on the safe list, so (unless Comodo has fixed the underlying problem) I can’t use it. (Rats…)

I’ve said it before: I don’t trust my software. Just because it’s safe today doesn’t mean that someone won’t find a way to ■■■■■ it next week.

ptfreed, v3 has a mode for the HIPS module called “Paranoid” and it’s made just for folks like you…

You can also custom-configure any application (even if using the safelist), so that it has to “Ask” you for everything. Even if you’re using the safelist (with several different settings for that as well), every single application will have an entry in HIPS, and each entry is highly configurable. So there won’t be the confusion as with 2.4 where you can’t see the ABA-side of an individual app’s rule.

I think v3 will be just fine for you, and encourage you to check it out when it goes Final.

LM

The name is certainly built to order.

And it sounds plausible – reading between the lines about complaints I’m not seeing – that application switches will no longer trigger the spurious “parenting” messages. Is anyone out there running paranoid in v3? Especially someone who has seen this problem in v2?

I am hopeful once more that v3 will be just what the doctor ordered. I look forward to its release.

Y’know, I feel like I’m on a seesaw (teeter-totter, in some parts of the country). Just when I’m convinced that something will/won’t work, someone comes along and changes my mind again.

Thanks for the info, Little Mac!