Concerns with the Behavior Blocker

Ok well i still have a problem with your statement.
If an unrecognised file enters the system then the BB will run it fully virtualized or whatever setting you put in place.
One module seems to be making the other redundant.
You said the HIPS will act if an unrecognised file is found ,well thats the job of the BB to deal with and the settings are there to configure.
I dont feel the HIPS are needed in this version at all and by the way they are turned off by default. >:-D

I might have misunderstood you, but it seems to me like you are saying that just because you don’t use a feature, none of us should be allowed to?

Yes you did misunderstand sorry.And no that was not what i was saying.
What i am trying to say is that the HIPS are not needed in this version because the BB is dealing with unknown files and if you configure it within the BB window then they can be run fully virtualized or restricted etc.
So why have the HIPS running also when they are both performing the same function.?
Like u said its makes more sense to use one or the other but not both.


I’m not only using CIS to stop unknown programs, I also use it to control legit applications. Perhaps I don’t want this and that application to do this and that, and this is where HIPS comes in because it allows you to limit what applications can do without having to run them within the sandbox. So you see, they do not do exactly the same things, they may do the same functions but in different situations.

From my memory I can’t remember ever having said that. Please tell me where I said this so I can change it since it must have been written in error.

The BB does not make the HIPS redundant, because the HIPS is still utilized by the BB.

No, they do not need to be enabled at the same time. This is why the HIPS is disabled by default…

If you do enable both, you will have reduced performance due to unnecessary checks by the HIPS on safe files.

Perhaps unnecessary for some but I enjoy having the final say in what some legit applications do. With both on you get more control of your system but with HIPS off you don’t necessarily loose security. With BB on and HIPS off, would it still generate HIPS alerts?

I do apologise sanya i dont wish to appear rude.also that was a spelling mistake of mine again my apologies. :-[
I think both the HIPS and the BB rely on a strong whitelist.It is after all the comodo whitelist which determines good or bad files.
I dont use comodo to control legit programs i use comodo solely to keep bad files out and that in my eyes is why the BB was incorporated into the new version and i personally dont need the HIPS at all.
If the HIPS were such a critical element then why are they not turned on by default upon installation.?
Yes they are two different modules but if you look back to previous versions of comodo then there was no BB and it was just the av and defence+ that dealt with unknown files.
So to me the addition of the BB should eliminate the need of the HIPS.
Kind regards. ;D

There is nothing the matter with that. :slight_smile:

No, you don’t lose security.

Not for safe files.

How is the HIPS utilized by the BB.?
The BB should be enough on its own.
If an unknown file enters the system it will be run under the settings that i put in place so i dont need HIPS alerts as well.
Whatever way you cut it the HIPS and BB depend on the comodo whitelist to function correctly.
Again there needs to be a more clearer distinction between the two modules and their specific purposes.
Comodo is about keeping a clean computer clean and not controlling legit programs which can be achieved in many different ways.

I don’t know how many different ways I can say this.

You can’t think of the HIPS in CIS 6 the way you thought of Defense+ in the previous versions.

Disabling the HIPS does not turn it off… It is still active and will come into play if the BB encounters an unrecognized file.

The HIPS is still a critical element towards system protection. It’s just that now with CIS 6, the BB decides whether it’s necessary or not.

Previous releases had Defense+ monitoring every process. With CIS 6, only unrecognized processes are monitored.

Comodo is about default deny.
And about control.
You might have missed that :wink:

Now it has additional functions. To choose or unchoose.

ok well your viewpoint maybe different to mine.I dont wish to control legitimate software which incidentally has overtones of the term restriction.Windows services and processes do not need to be controlled and that is not the purpose of any security suite.
The purpose of a security suite is to protect the system from malicious activity and those very malicious processes are the ones that need any form of control.
Microsoft designed windows to run as they specified and not to be restricted or controlled.If that were seriously the case then windows would come shipped with HIPS etc.
Comodo is definately going in the right direction with virtualization and hopefully the need for HIPS will disappear in the future. :slight_smile:

Since the dawn of firewalls, i used them to decide what is allowed to connect to the internet or not.
Right from the first day.
We were smart in these days. Impossible smart. We managed it.
A few years later, people are not able to do what we did.

They get lost in front of this “new thing”, that “new thing”… But they requested more and more… until it became even more difficult for them. Now they want all automatic.

A 7 years old (everyone who can read) could understand comodo default deny. Because its more easy than to write this post.
Its more easy than to have an autosnadbox. More easy than clean pc mode.
I am lazy in another way :smiley:

As I understand it, and maybe I’m wrong in some ways, please correct me if needed, the Behavior Blocker uses the underlying capabilities of the HIPS module to control the behavior of unknown things even if HIPS is “disabled” in the UI. It does it in a completely silent manner though compared to the classic HIPS approach. The level of control depends on what restriction level you choose. I also understand that the BB will be improved as CIS6 evolves and depend less on just checking file hashes. I expect HIPS to become more and more melded into the BB to the point where it eventually disappears as a seperate module of CIS.

About firewalls; I first got on line in 1999 and from then until 2004 was on a dialup connection. I was on Windows 98SE and only used an AV and no firewall of any kind. At that time, it was said that you only needed a firewall if you were on an always connected ISP like DSL or Cable. I even ran a test provided by ZoneAlarm and it said that I did not need a firewall. I never had a firewall until I got a high speed connection in 2004. I don’t clearly remember which one it was but I’m pretty sure it was Norton’s since I was using their AV at the time and just added the firewall and then , after getting my XP machine in 2005 which came with NIS pre-installed, I then continued to use NIS until sometime in late 2009. In all my time on line I have never been infected by anything, hacked by anybody, or had to reformat my HD because of an infection. In fact, I have only had to reformat a HD one time and it was due to following the advice of “security experts” and messing with the default operations of Windows which resulted in a broken system. That is why I now believe in letting Windows operate in it’s default state and don’t turn off “unnecessary” services or anything like that. I firmly believe that people who follow that kind of advice and mess with Windows are the same ones who have the most problems with subsequent installations of security products and other things. I practically never have problems with installing, uninstalling, or updating anything. It has also been more than 5 years since I have seen the dreaded BSOD.

I am completely enjoying the way CIS now operates including the silence of the firewall not alerting or even making rules for known safe things. It isn’t that people today can’t do what was done earlier, it’s that now, they don’t have to. Control rests with the security application and in my opinion, that’s how it should be.

In my opinion the user should have the option to either let the security application take control, or let the user take control.

Well, that’s fair.

Ignorant is also used in derogatory fashion. At a two dimensional medium like a forum it is sometimes hard to tell the intended meaning. But calling somebody lazy because another user has different needs is insulting and this insult taints your remark about ignorance.

That sums it up.

Maybe wrong adjectives. But the point is, when someone does not like to press two clicks once, it does not have to be seen as a thing from the past, or anything.
Obviously comodo is used for several different attempts.
Thats a good sign, because the program has many abilities.

I dont see a reason why the “praising” of the new automatic features has to be connected with “contrasting” the HIPS function.
Thats all.

C’est le ton qui fait la musique as the French say. Just don’t respond in derogatory fashion.

But the point is, when someone does not like to press two clicks once, it does not have to be seen as a thing from the past, or anything.
Obviously comodo is used for several different attempts.
Thats a good sign, because the program has many abilities.

I dont see a reason why the “praising” of the new automatic features has to be connected with “contrasting” the HIPS function.
Thats all.

Different needs bring different views and appreciations of the modules and modes of CIS. It is a very versatile tool that services both user who don’t want to be bothered as those who want to be.

First off im not trying to be critical of comodo as ive used it for a few years now im just being objective and perhaps making some useful suggestions. 88)
All in all this is an excellent free suite and it is a pioneer in some aspects especially in terms of the virtualization which is the right way to go.
Hope it goes the wat that users and developers wish it to go and improve in time. :-TU