CIS4 Flow Diagram

Comodo Internet Security - CIS News / Announcements / Feedback - CIS
1

Hi

I’ve had a quick look in the help file but couldn’t find an answer to my question ???. My question being, how are processes treated by CIS4? As in (for example) if I loaded a common application (say IE), what checks are made and in what order before the application actually loads, appears on screen. The same for rouge applications. At what stage (check) does CIS4 block/quarantine this process? I’m thinking of a step-by-step flow diagram (with big icons) showing how processes are managed by CIS4 (from start to finish).

If you think this would be a good / bad idea, please vote. I’m sure I’m not the only one who doesn’t fully understand how CIS4 works and having this process as an image, would make it easier to understand.

:slight_smile:

2

You can find a description of the decision making in the sandbox part of the manual:

When an executable is run it passes through the following CIS security inspections:

Antivirus scan

Defense+ Heuristic check

Buffer Overflow check

If the processes above determine that the process is malware then the user is alerted

Also see attached image.

[attachment deleted by admin]

3

Hi, where can I download that CIS4 manual? :stuck_out_tongue: ;D ;D

4

Look under More → Help.

5

Sorry, but the manual is confused and contradictory.

We are focussed upon the Sandbox part of the manual.
This naturally suggests that if the Sandbox part is disabled,
there will be no A.V., nor Defense+, nor Buffer Overflow Check.

Subsequently it states it will NOT be sandboxed if it is on a Safe List or recognised as an installer.
Does this mean no A.V., nor Defense+, nor Buffer Overflow Check.

Question :-
If I download a software package and the A.V. complains about double extension or other suspicion,
and I think its suspicions are ill founded,
is it possible to proceed with installation and still get protection if further “nasties” emerge from “unpacking”,
or will it be permitted to download 7 more diabolicals more evil than itself ?

Alan

6

As well as a flow diagram, I think a comparison list of what is enabled/disabled in internet, proactive, firewall security configurations.

:slight_smile:

7

My quote from the manual states in general “When an executable is run it passes through the following CIS security inspections:”. I didn’t quote the complete sequence but it describes the decision process that precedes a possible decision to sandbox. At the end of the description is also states “The process outlined above is taken each time the application is run.”

Subsequently it states it will NOT be sandboxed if it is on a Safe List or recognised as an installer. Does this mean no A.V., nor Defense+, nor Buffer Overflow Check.
Read the above. A lot of checking has already been done before that point as well as an alert was given to the user asking for an elevated privilege.
Question :- If I download a software package and the A.V. complains about double extension or other suspicion, and I think its suspicions are ill founded, is it possible to proceed with installation and still get protection if further "nasties" emerge from "unpacking", or will it be permitted to download 7 more diabolicals more evil than itself ?

Alan

The double extension will probably be from the AV which is first in the process. So after that D+ heuristics may kick in as well that could issue a warning.

When installing programs that will install a toolbar I get warnings from the firewall that f.e. Ask Toolbar Installer wants to access the internet. However this is in Proactive with Firewall to Custom this seems to imply that the firewall alerts are not suspended when running with Elevated Privileges. Remember that Elevated Privileges is a D+ alert; I take from that bare fact alone it extends to D+ alone.

8

Thanks for explanation

Alan