Can anyone help me on how to use BB and HIPS at the same time?

Right now if I enable HIPS(or activate the proactive mod) on the standard settings I fail the comodo leak test. But this isn’t the problem right now, first question always come from BB then from HIPS. My question is: how HIPS(set to safe mode) will protect me, if I set the BB to untrusted, and on the first alert I select run limited, because after that the only alert I get from HIPS is the program try to access explorer.exe? It makes sense because the program already run with limited privilege because of BB limitation, but if I select run unlimited again only one question from HIPS, at least in comodo leak test case. Thank you

I tried to run CLT too.
My configuration is:

  • Windows Vista Home Premium 32bit SP2
  • CIS 6.2 in Proactive Security mode
  • Antivirus set on Optimized
  • BB set on Untrusted
  • HIPS set on Safe
  • FW set on Safe

When I run CLT, I answer “Run as Isolated” to the alarm. Like this I can pass all CLT test but:

  • SetWinEventHook
  • SetWindowsHookEx
  • ExplorerAsParent
  • DDE

Does anyone have any comment on this and can suggest how to pass those 4 tests too?

Funny thing is if you activate internet security profile(without HIPS), and set BB Restricted, or Untrusted you will pass this test. Funny :smiley:
As for HIPS…don’t know I personally start to rely on BB strength, since with HIPS fail the test, I know some would said that CLT isn’t design to test V6. But still…

By deleting the “allow outbound traffic on House#1” on FW global rules I could pass the last 2 tests (“ExplorerAsParent” and “DDE”), but if I disable HIPS I can’t pass the “DDE” test.
And in any case I’m still vulnerable to the two Hook tests…

Did you try to make this test with Internet security profiles and with BB set to Untrusted, firewall set to Custom Ruleset with Alert set to Medium. Delete all rules in application rules under the firewall (except Comodo internet security), then Stealth ports and choose to be informed by incoming connections. And see if you pass this test.

No, I’ve kept Proactive Security mode, but I trust what you said :slight_smile:
You know, if you disable BB and just keep HIPS enabled, you can score 340/340 :slight_smile: The problem is that you’ll get an alarm (or even more) for each leak test…

Thanks for discovering this. So after reading this suggestion is clear that HIPS and BB can’t run together if you want to pass the test. Hmm now I reconsider my intention to run both. I think I’ll stick with my BB. To bad I always like HIPS, but since V6 is clear that I can’t run both(BB and HIPS). So if I ever want to have sandbox and hips at the same time, avast and privatefirewall seems to be the greatest alternative.

Just a clarification.
With the configuration you wrote above, can you score 340/340 ?
If so, does it mean that Internet Security is safer than Proactive Security ??? :o

First don’t rely on CLT.

Second keep it simple… Proactive, HIPS (Safe mode) if you like more control over your OS and BB set to ‘untrusted’. Done.

OK RealNature, playing time is finished :wink:

Yep 340/340. I don’t know if is safer, but since it pass with ease 340/340 I guess I something :slight_smile:

Well good point here I’m agree with you. But still I have a second thought :wink:

Good one LOL! ;D :-TU

Smart man! ;D :-TU

Does not pass the test.
Only with a fully BB disabled - CIS 5.10
Edit: After pass test.
You can include BB in any mode and BB does not matter.
The test will take place.340/340
Edit: Now I understand what you’re saying.

Well since V6 I honestly don’t fell the power of HIPS like V5 i.e. If I want a HIPS right now Privatefirewall(since is free) offer a pretty solid HIPS, easy to use, and to be honest I feel like I’m in control compare to comodo HIPS(but hey IMHO). Smart…Hmm I would say experienced :a0

Thank you for your note. Well this is what I want to say it. You either trust in HIPS or in BB, not in both at the same time. And since v6 is more focused on virtualization is time to embrace change(I’m a HIPS fan, old school one :slight_smile: sometime I feel the need of HIPS, but you can’t have both).

I tried your settings, but I still failed the two hook tests…

No no no! LOL! You misunderstood me…

I gave you the best settings for the general malware protection: Proactive, HIPS (safe mode) if you like more control over your OS and BB set to ‘untrusted’.

But proactive, HIPS (safe mode) if you like more control over your OS and BB set to ‘untrusted’ won’t do a good job at CLT because you need to disable sandbox in order to get a good result. Automated system of sandbox will let you down here so you will have to handle it manually using HIPS only.

At the end of the day don’t see CLT as a good test for your protection.

Hmmm thank you for detailing :slight_smile: Now make sense.