COMODO Internet Security 3.5.61373.458 BETA Q&A's, Feedback [CLOSED]

system · January 16, 2009, 3:46am

Questions, Answers & Feedback Thread.

Updated! Saturday, 17th January 2009.

FAQ - Josh’s Frequently Asked Questions.

1). Q: Hey Josh, Where is the "Comodo Memory Firewall & How do I configure it?

A: You will find it in Defense+>Advanced>Image Execution Control Settings And see “Detect shellcode injections (i.e Buffer overflow protection)” Where that is the enable/disable box for Memory Firewall. The next button “Exclusions” where you can add programs, etc NOT to be Prevented by Memory Firewall.

2.) Q: So Josh, Does this offer the same protection as Comodo Memory Firewall?

A: Yes, It’s exactly the same with the amazing integration work in Defense+! This is why you don’t see an Extra tab for Memory Firewall, it’s not needed. This reduces RAM and offers better stability!

3.) Q: Sounds awesome! Is the “Buffer Overflow Attack Alert” still the same as Comodo Memory Firewall?

4.) A: As I said before, It’s totally integrated into Defense+! You will only see 2 processes in task manager, And the Alert is a different from a normal Defense+ Alert, But very similar. It looks like this:

http://i444.photobucket.com/albums/qq164/ComodoJosh/sshot-10-1.png

5.) Q: Wow… That is amazing Josh! Have a Beer :Beer You done a great job!

A: Actually… I’m not a developer! Just here to moderate and learn. >:-D Pls continue…

6.) Q: Okay! Where can I configure the heuristics for the Antivirus?

7.) A: Go to Antivirus>Scanner Settings and see “Heuristics Scanning/Level” in that “Real Time Scanning” Tab. You have 4 levels: Off, On, Medium, High. Low being less aggressive, High being VERY aggressive.

http://i444.photobucket.com/albums/qq164/ComodoJosh/sshot-12-1.png

8.) Q: Awesome Josh! What about the “Manual Scanning” and “Schedule Scanning” tabs? I see Heuristics there too!

A: Yes, You need to configure Heuristics once or twice more for a manual scan (On-Demand) and a Scheduled Scan. No biggie, Pretty straight forward IMO.

9.) Q: Thanks Josh! What about the database in this CIS Beta, My Database in the original was like 933+ now its 301 ! However… I heard Egemen the person in charge of CIS, announce that the Database is only a “Test database” and does reflect detection rates, can you please explain this?

A: In this new beta, There is a brand new signature format to improve alot of things! Comodo had to transfer all of the signatures over to the new format. Comodo are now testing this new format, and hence detection rates will be different. It’s a known issue and will be fixed soon! Keep in mind this test DB is NOT the released DB.

10.) Q: Okay, I do get alot of FP’s… Pls Help?

A: As always, Beta’s are NOT for general use! Please report all FP’s in the appropriate sticky here, and developers will be tweaking the hurisitics engine and the test DB may have a reflection on this too! You can turn off hurisitics for now if it really is a major issue and you don’t want to post FP reports (it’s fine).

11.) Q: Okay Josh, one last question… Where do I enable or disable ThreatCast?

A: Go to Miscellaneous>Settings>ThreatCast.

(Person who asked these questions): Thanks Josh! Cheers mate.

Josh: No problem, I hope if you don’t use the beta and test it, you will enjoy the final release in a few weeks or so!!

Quick Info & Screen Shots.
All New Feature Screen Shots & Info…

Screen Shot 1: Defense+>Advanced>Image Execution Settings Buffer Overflow enable/disable box Also Exclusions Button for Memory Firewall. - Where Memory Firewall lives. (sshot-7.png)

http://i444.photobucket.com/albums/qq164/ComodoJosh/sshot-7.png

Screen Shot 2: Antivirus>Scanner Settings Heuristics Levels. - You also need to change it for Manual Scanning & Schedule Scanning too if you wish too (sshot-12.png)

http://i444.photobucket.com/albums/qq164/ComodoJosh/sshot-12-1.png

Screen Shot 3: If a Buffer Overflow Attack is detected… Buffer Overflow Alert. (sshot-10.png)

http://i444.photobucket.com/albums/qq164/ComodoJosh/sshot-10-1.png

Screen Shot 4: If Heuristics Detect an uknown virus… Heuristics Alert. (sshot-11.png)

http://i444.photobucket.com/albums/qq164/ComodoJosh/sshot-11-1.png

Screen Shot 5: This is optional to install on installation… ThreatCast Helps build the whitelist by gathering Alert info from users… ThreatCast Alert (When you receive a Defense+/Firewall Alert). (sshot-13.png)

http://i444.photobucket.com/albums/qq164/ComodoJosh/74069475an7.png

Screen Shot 6: AV Security Level has been added to CIS right click

http://i444.photobucket.com/albums/qq164/ComodoJosh/sshot-15-1.png

Cheers,
Josh

clocks · January 16, 2009, 4:54am

Looks like you have to change heuristic settings individually for real-time, manual scans, scheduled scans. I am not sure I like that. I guess some may like the extra flexibility. I just set it to medium for all three.

Just my 2cents. Thanks! :ilovecomodo:

foxman · January 16, 2009, 5:04am

Re: COMODO Internet Security 3.5.61373.458 BETA ??? How come CIS 3.5x has reverted back to beta?? (:SAD)

system · January 16, 2009, 5:08am

When CIS was in beta & out as a final, it was CIS 3.5.5x. This is the version number for this BETA: 3.5.6x (Which wasn’t in BETA previously). It’s got alot more features and improvements now, Download and install your self.

It’s funny version numbers but you will get use to it.

Cheers,
Josh

larlyles · January 16, 2009, 5:30am

It’s a newer version of 3.5. The previous version was 3.5.57173.439. This version is 3.5.61373.458. This is a fairly major upgrade and Comodo felt like CIS needed to go to Beta first for testing purposes, but I guess they didn’t feel that it was necessary to change the 3.5 numbering at this time. I don’t know if they will change the numbering when it comes out of Beta and goes public release or not.

rejzor · January 16, 2009, 6:48am

They are using to long version numbers that aren’t memorable. This is bad by design.

It should be like this:

3.5.1234 and tags like ALPHA and BETA attached to it. Seriously, 10 digit version number is just bad.
Also i assume BoClean isn’t yet integrated as i couldn’t find it in CIS.

system · January 16, 2009, 6:52am

No not yet. Well the version number isn’t as long as Outpost, Which are 13 numbers long (Close)…

After beta we will see BOClean.

Cheers,
Josh

rejzor · January 16, 2009, 7:01am

Scanning of MP3 files is still uber slow. Like CIS checks the entire file regardless of content…

system · January 16, 2009, 7:02am

Can you pls do a full bug report… Cheers.

solcroft · January 16, 2009, 8:03am

First thing I noticed is that there’s a noticeable delay in D+ popups. It was almost instantaneous before, but now comes with a 1-2 second lag due to ThreatCast. Rather annoying when there’s a whole lot of alerts.

EDIT: A question. Since CMF is now integrated, is there a point in installing Safe Surf anymore?

system · January 16, 2009, 8:14am

Nope. Unless you want the toolbar…

Pls also do a full bug report on the D+ Slow down alerts…

Cheers,
Josh

hehomain · January 16, 2009, 9:03am

hi,once more great product,keep it up. My question is why is safesurf included if the memory firewall has been integrated in cis ?

Edit:sorry ,did not read previous posts.thx

solcroft · January 16, 2009, 9:34am

Seems to be more of a performance issue than a bug if you ask me…

Am also taking the opportunity to express pleasant surprise at the new heuristics. Still useless against commercial malware variants, but among more “standard” variants I’m seeing a 25-30% success rate for the heuristics alone. They seem mostly based on packer detection, but hey, as long as they work…

Am trialing on a sterile test machine, so no idea about the FP rate, though. But this is definitely a noticeable improvement.

[attachment deleted by admin]

SecurityAdvisor · January 16, 2009, 3:08pm

Where are we supposed to put the fp’s from the heuristics engine?

EDIT:
Never mind, found it

system · January 16, 2009, 3:54pm

The first system scan dialog box (on initial install) is configured to be “on top”, which I think adversely affects usability of the system. Please either turn off “on top”, or provide a control on the dialog box (as in the attached screen). Thanks.

[attachment deleted by admin]

system · January 16, 2009, 4:13pm

The System Scanner (initial scan at least) has a generic icon in Task Switcher that’s not easily recognizable. Suggest you change it to something easily identified as Comodo, like your white on red C or your shield. See attached screens.

[attachment deleted by admin]

system · January 16, 2009, 4:21pm

Windows Security Alerts is red during the first system scan after CIS installation, reporting Virus Protection is not installed.

If the real-time protection is actually not yet engaged, that would seem to leave the system vulnerable during the first system scan, which seems to me a bad idea – why not engage real-time protection before stating the first system scan?

Otherwise it would be better to register CIS with Windows Security Alerts before the first system scan so correct status is reported to the user.

Just my US$0.02,
John

panic · January 16, 2009, 4:21pm

+1 - this really bugs me. I just never got around to posting on it. Thanks.

Cheers,
Ewen

LeoniAquila · January 16, 2009, 4:45pm

I’m a bit confused too. SafeSurf is still offered during installation, yet CMF is now a part of the Image Execution Control?

Can anyone shed light on this? Thanks.

Legendkiller · January 16, 2009, 4:59pm

i think perhaps i am the unluck one here…the AV engine isn’t working…

[attachment deleted by admin]