CFP & TeaTimer

Hi all,

{XP PRO, SP3; CIS - only Comodo Firewall}

I decided to ask this Q here because Firewall section of CIS has FAQ only & I am not sure how “frequent” this Q is. Please move the request if necessary.

I’m using SpyBot S&D with TeaTimer. I was reading few comments in the forum that it is kinda redundant with CFP. Another note somewhere was stating that TeaTimer causes some problems.
I may say that I’m not experiencing any problems at all. The last slight troubles I can remember were probably in early SpyBot S&D v1.4 (long ago) with some but not all MS autoupdates. Not anymore.

So I decided to disable TeaTimer in order to test how CFP would react.
I performed numerouse uninstalls and installs where startup entries involved.
CFP was absolutely silent regarding removing/adding of any of those.

It seems like the default settings of CFP are not enough.
What settings should one add in order to get those alerts?

CFP is in Proactive & Safe for Fwall & Defense+
I am switching it into Installation Mode and Defense+ into Training during Uninstalls/Installs

TIA for advices

Hello Welcome to the forums.

Please look at the help file that is included with CIS. Most of your answers should be there, Search for Defense+ and learn about its modes so you can fully understand.

Comodo → Misc → Help

Thank you for welcoming and for response, Kyle.

Unfortunately that did not answer the question.
Sure I was reading Help. I am using Comodo Firewall for a long time.
and actually did not have any major issues. If I had a question I could find it in this excellent forum.
In addition I am not a computer newbie & know some stuff :wink:
I useded to rely on TeaTimer because it does what it suppose to do.
I did not have time and need to look into this particular problem.

The default Automatic Startups registry protected keys contain /…/Run*
The same is in Groups after recent clean CIS installation, so I don’t need to add them manually there… and as I stated I do not have Alerts regarding adding/deleting startups.

Anyway, referring to Help without even saying what section(s) of the Defense+ one has to read in order to solve “this” (or any) particular problem doesn’t help much, sorry but I have to say that.

And then, suppose I am one of those users who is “completely” computer illiterate but willing to learn. More specific answer would be highly appreciated. I do understand that there are many knowledgeable people here (you definitely included) & they are busy. Such stupid “simple” questions like mine is annoying lil thing…
My GPS says: “Turn left!” it doesn’t advise me getting driving rules for beginners book :slight_smile:

Regards

Under help look up defense+ modes.
^ I say this because it will explain in more detail in the help file.

In training mode defense+ will learn your actions and create rules for them, during installations it would be better to use installation mode.

Also on a side note…a few people here believe Spybot is “Past It’s days of glory” People now use MBAM = Malware bytes anti-malware. SAS Super antispyware.

Hi Kyle,

Thanks for reply

Yes, I know and I even was reading that long ago. One note though, for people as stupid as I am - there is no “defense+ modes” section in Help. There is Settings section.

http://d.imagehost.org/t/0472/Defense_modes.jpg
where modes are described.
Probably that will help somebody to find that & that’s why I wrote “…referring to Help without even saying what section(s)…”
Please don’t get it wrong, I am not trying just being confrontational.

I do use Installation mode as I stated. Well using any defense+ mode other than Training makes Uninstall of any Software a torture. Even “simple” program uninstall is a problem… but recently I was reinstalling Framefork 3.5 SP1 and MS Visual Studio… it will take hours only for Allow confirmations clicking if not in Training mode.

Therefore probably it should be some custom settings if I want monitor (& being Alerted) only about certain events - Startup/reg changes as in my question.

I do have both and more. Those are strong Packages. At the same time SpyBot still can sometimes catch things those cannot + there is good immunization part. The only AntiSpyware which is a complete waste of time and resources I know and which must be uninstalled is MS Windows Defender…
… sorry for digressing …we are not discussing any other functions of SpyBot here now but only one “simple” feature of TeaTimer - its alerts regarding Startup System changes.

Is it possible to set up Comodo in the similar way?
Probably my Q is rather the request for Wish List, which is Defense+ Training Mode plus having custom Alerts (startups in this case)

My regards

I today’s world Spybot and Ad Aware are a thing of the past and provide next to no protection. Your better off uninstalling Sybot and running Malware Byets Anti Malware which is a free on demand scanner.

No problems Nick (:HUG) Don’t worry about offending me… Just say it, I’m pretty care free :slight_smile:
Just like to say that right now I’m not using CIS so I may not be 100% correct when telling you where to look for settings.

Yes well, Training mode is useful for running applications that you trust… It creates pretty strict rules for them automatically, switch to Safe mode after you have given it a long enough trial period (5-10 minutes should be enough)

Installation mode for when you install… Yes I agree that pop-ups are annoying when installing a known, trusted application while in safe\paranoid mode. But the thing is, If the programs not in comodo’s white list (List of safe applications chosen by comodo experts) then comodo cannot detect the difference between safe and malicious applications. Comodo’s defense+ alert though have a quite effective heuristics that is rarely incorrect…

You can change things that you wish defense+ to notify you about;
Comodo → Defense+ → advance → Settings → Monitor

There you can change what defense+ looks for…
Also you can look at Image Execution and the files it should check to be executed.

To be honest, I can understand why people can be thrown off from CIS with all the pop-ups, it can be confusing.
If you are constantly installing and uninstalling new trusted software… The pop-ups may be too much of a hassle to do every day. If you are finding Defense+ too much perhaps you would like to try ThreatFire? Works more on behavioral detection, It’s good how ever it is not bullet proof like defense+ is.

Once defense+ is configured correctly and your programs have been added to the policies then you should never get a pop-up unless something malicious is installing. And you will have a water tight system.

If you have any other questions feel free to ask…

Hi Guys,

1)

I today’s world Spybot and Ad Aware are a thing of the past and provide next to no protection. Your better off uninstalling Sybot and running Malware Byets Anti Malware which is a free on demand scanner.

Hi Vettetech,

That is not an answers to my question. As I stated above I have MBAM, etc.
Yes Ad Aware must be added to “not any more” list together with MS WinDefender.
but not SpyBot (yet) and it is my opinion… but again I was not discussing off-line scanners here, was I?
I was asking how can I and whether it’s possible to setup Comodo Defense+ so it Alerts me about Startups the same way as TeaTimer does.
and I was specifically interested having that function in Installation Mode / Defense+ (in Training)

Thank you

  1. Thank you Kyle for your time and willing to give an answer. Much appreciated!

everything is fine and Cool ! (:WIN)

Yes I know that ant I like that. Comodo is the best… but we always want some more… :wink:

No I will not try ThreatFire because it is thing from the past. Not bad but I choose Comodo Firewall and using it successfully for a long time.
I do understand the Alerts and how to set those and that is fine and that is not many but normal. If I have Q I would (and will) ask. So annoyance for me is only in Installation mode if defense+ was not set “Training”… that’s all (just out of curiosity try uninst/inst one of those examples I posted above… nooo don’t do that …or buy new mouse before the experiment because the old one will be broken ;D by “OK-Allow”).

I will look at that closer when have some time but I have doubts at least now that it is possible to archive what I want in current implementation. As I pointed above …probably can go int Wish List

Once again Kyle - thanks a lot

My regards

You’re welcome.