Concerns with the Behavior Blocker

Since it appears that the BB checks things by their hash, I have concerns about what happens when a file you have marked as trusted gets an update and therefore a different hash. Will I have to go through the same procedure to trust the updated version? I wouldn’t like that at all. In my opinion, the BB should be just that and should block suspicious activities of something unknown when the file tries to perform them. Not automatically restrict those activities based on a file’s hash or reputation. It seems to me that an updated file from a vendor not in the trusted list or for some reason unsigned could potentially always be restricted the way it currently works since the new hash would come up as unknown until enough people had used it who have the automatic reporting (very important to leave on IMO) working. I have already encountered this when the last update to the game Lord of the Rings Online resulted in the main executable being sandboxed. Turbine, the author, is in the trusted vendor list but for some reason the file does not have a signature.

I guess I could add the path to the file to the scanning exclusions but many people would not know how to do that.

Just allow programs.

“You want to run a game or something?”
“Ok, there is a question. Game exe tries to… As you want to play that game, choose: <Treat as GAME/TRUSTED>, and checkmark .
The last question. Do you want it to have internet access? . Done.
Have fun.”

Who does not understand this?
While looking at it.

A file is mostly whitelisted by analysts but I asked bogdanr (whitelisting process team manager) and they also use automatic processes for that … So files that are whitelisted and become unknown by hash because of an update are usually whitelisted quite fast … A few weeks maybe …

The point is that you should not have to redo that just because something receives an update. Once is okay for something unknown to Comodo but it should not have to be redone.

I wouldn’t call a few weeks fast. A couple of days would be much more acceptable.

I do it one time. Not per update.

The current incarnation of the BB isn’t a behavior blocker in the traditional sense. (Which is what you are describing…) This is slated to happen in later releases.

Why has comodo bothered with the HIPS at all in this version when everything is steered towards the BB and virtualization? :o

cuz people like me still use it. its one of my favorite modules in comodo firewall

My question is, Why has comodo bothered with the rest apart from hips? :smiley:

To me, that is a very good question. I suspect it was done to prevent a mass exodus by people who think they still need the classic HIPS approach.

You are strange.
The more “pony” comodo becomes, the more you like it.
You dont understand the benefits, and you dont know how to use the real program.
Yet, still you are claiming the old features are obsolete.
The “old” features are the “new” features, actually. Default deny.

Just as a past example. Read what gpcode has done when it was auto sandboxed. Userfriendly.

You want comodo to become like you “need” it. While being blind towards others.

First off, I am using the “Real Program”. The default installation is now the way it is meant to be used. I know very well how to use it in the old way but I thank God that I no longer have to. Wait and see, as the BB evolves and uses the HIPS capabilities in a far more sensible and silent manner, the HIPS itself will indeed become obsolete. Default deny for everything on the system is not the way to go. It should only come into play for new and unknown things. You are right about one thing though. The more automatic and silent CIS becomes, the more I, and the overwhelming majority of computer users, will like it. You seem to not realize that you are in the minority along with the paranoid people found at sites like Wilder’s where they recommend stuff that at least 95% of the time is not necessary. Everyone knows that just the combination of a good AV coupled with the Windows firewall is sufficient for a home user 99.99% of the time. Especially if you connect through a router.

The plain truth is that if CIS was still in the branch, I would not have installed it.

The personal attack was unwarranted and I will refrain from replying in kind.


I want to say Yes, or No.
And a firewall and an antivirus.
Its safe. And easy.
But you got lost.
Now you want to have comodo patched around your lacks.

We are totally different.
Why should “your” use of comodo should be the “way to go”?
Who says that?
Why is that more right?

I dont care what you do.
Its just, that you allways say, thats not good what others say, but yours is the way to go.
Thats the point. And thats ignorant.
Allergic to press two clicks is somehow lazy.

It wasnt a personal “attack”.

Yes, this so in my case. I just want security programs that do the job quietly and efficiently. This lets me get on with what I really bought a computer for in the first place. Namely, to run my programs and use the Internet.

I wouldn’t say I was lazy as regards security. I research and try many security programs before deciding which ones to settle on. It’s just that, having chosen and installed the layers on a clean system, I don’t want to be concerned with them too much after that. Quiet is good for me.

CIS 6 default config is kind of automatic with no popups now, partial limited is bypassed by rare malware, but still I like this new version coz of the usability & effective protection & suitable for the masses now. For me no combo of FW + AV & no Internet Security can provide such effective protection with such usability. The rare malware missed, this is the first version & subsequent version with more improvements, upcoming BB with more functions, Valkyrie, reversal technology, etc… will definitely protect more & protect from such rare malware.

clockwork, I also see this as a personal attack. Please refrain from responses like this in the future. :P0l

The BB still uses the HIPS…

If an unrecognized file is encountered, the HIPS will still act, even if it is disabled.

“Ignorant” seems to have surprisingly another meaning in english: “Not knowing”.

I meant “being ignoring” (others):

Its statements like these which let me respond.
You want to send files, you want to get an auto decider… you think too you would need “that”.

For me its more important to have control than to gain security!
Security is a side effect in my attempt anyway. And its a big effect with comodo.
My first security layer is sitting on a chair in front of a monitor.

If you created comodo, i would not use it. Its something else. A big brother.
I just need a tool that does what i want.

If we follow these strings of “its not reaching the least knowing user”,
I bet there are people around there who are not able to do certain things. Shouldnt comodo get auto installed on new computers? For the people who cant install things?

I am allday surprised when i see people driving cars, speaking, writing, describing, thinking, painting, listening and making music etc…
because that must be impossible! People can not learn!?!
People allready can not learn to give a yes or no answer once if they want to run a game for the first time?

Again, most of these userfriendlyness “needs” are a product of marketing.
“We give you worryless life, its just 49,95! If you dont buy our product… security is TOOOO difficult for you to understand!.. You need us… buy!”

If you get it, ok.
But that does not say anything about the other ways!