Can anyone help me on how to use BB and HIPS at the same time?

Well I change CIS to Proactive security, BB set to Untrusted, HIPS to Safe mode, I’ve made the Spyshelter test, and guess what, CIS fail screen capture 1,2,3(only if you disable BB you pass the test). But with CIS set to Internet security profile and BB set to Untrusted I pass the screen capture test 100%. So you either use BB or HIPS, never both, so this should bring the light into the problem, if you want control over your system you enable the HIPS, if you want only a strong protection then BB set to untrusted(without HIPS) is the key.
Here is the link if someone want to try:

Maybe its time for an updated version of the leak test… ;D

First you allowed Spyshelter test to run passed HIPS. No point in using HIPS if you gonna do that.

Second it’s not a big deal. As the Comodo Firewall will prevent this info leaking back to the malware host as long as you won’t allow it.

Also as long as the items in the sandbox I don’t see any issues even if you will get some failure in tests due to the automated operating system of the sandbox.

I will have to disagree. HIPS and BB are much better for the layered security. If one error will occur you will have another as a back up. Also you can’t justify it with few tests.

But that’s my opinion.

OK, I give up with other tests… I made some changes on my configuration and I messed up my PC… I had to start Windows in safe mode, remove CIS and install it again…
I’ll keep Proactive Security with BB on Untrusted and Firewall on Safe, while I’ll disable the HIPS.
Cheers

Ok, it is a silent choice. :-TU

Yes you right I was only testing, in real scenario I would never allow an unknown file to be executed. Right now I’m using CIS in Proactive mode with HIPS(safe mode), and so far all running well without any slowdown. So… :wink:

So, did you disable BB ? Don’t you get more popups like that ?

I see. Good choice for an advanced user ;D :-TU

Noop is enable set to fully virtualized(hips will always ask me if explorer.exe try to execute an unknown file after a file is auto-sandboxed), as for popups hmm not that more, 4-5 so far, so is very good. Well I’m back on the track, and using again hips ;D

Well with your opinion I decided to make a change :■■■■

Alright, so I’ll keep using both HIPS as safe and BB as Untrusted :slight_smile:

I’m not going to pretend I read everything in this topic 88) but I have HIPS set as Safe and BB set to FV, the reason I have HIPS set to safe is a precautionary measure for the event a malware would be able to escape the FV sandbox. We all talk about layered security here, so why not? :stuck_out_tongue:

Like me all the time LOL! ;D

That was my point… :slight_smile:

Hey guy, I discovered this bug https://forums.comodo.com/format-verified-issue-reports-cis/limited-and-restricted-block-screen-capture-but-untrusted-does-not-m399-v6-t95001.0.html
BB set as “Resticted” can block more than BB set on “Untrusted” :o
That’s why you failed Spyshelter test, RealNature.
I asked if the bug has been solved with the latest release of CIS, so let’s wait for the answer

I know about this bug, but I think was fixed, but who knows :-\

Well, with BB on Resticted I can pass all spyshelter tests…

Now im confused.(again)
First we are told not to use the HIPS and now comodo users are using it with the BB.

Which is it to be?
Thanks.

Honestly I haven’t read the topic but if you’ve been told not to run HIPS I can’t help but think that is a personal opinion offered to you in a suggestive manner. (I really derped on that sentence, I have no idea how to fix it. :slight_smile:

If you could point me to, or quote, a post that says not the use HIPS then please do so.

The reason I have HIPS enabled and set to Safe is for the event a malware would be able to use some kind of exploit previously unknown and would be able to escape the sandbox, if HIPS would be disabled then the malware would get unlimited access, however if HIPS would be on then it would react to this malware when it tries to do anything.

That’s not to say that you are better protected against the real malware with ‘Restricted’ compared to ‘Untrusted’.