Default Configuration

JamesFrance · September 15, 2010, 8:23am

The default configuration for the whole suite is ‘Internet Security’.

According to the Help File that is:

COMODO - Internet Security - This configuration is activated by default, when both Antivirus and Firewall components are installed, i.e. the complete installation. Firewall is always set to Safe mode. But according to the malware scanning results performed during the setup process, if no malware is found, Defense+ is set to Clean PC mode. Otherwise, the default is Safe mode. In this mode,

*

  Image Execution Control is disabled.

*

  Computer Monitor/Disk/Keyboard/DNS Client access/Window Messages are NOT monitored.

*

  Only commonly infected files/folders are protected against infection.

*

  Only commonly exploited COM interfaces are protected.

*

  Defense+ is tuned to prevent infection of the system.

However if you check your Defense+ settings, that is not the case now, they are just like Proactive as far as I can tell.

So is there any point in changing to Proactive Configuration or do we have maximum protection as installed now?

khanyash · September 15, 2010, 1:39pm

I dont know if I remember correctly but do one thing

Test CLT.exe with both Internet Security & Proactive but with Sandbox disabled. I think there will be difference in popups i.e you will get 1-2-3 more popups in Proactive compared to Internet.

Try with Sandbox enabled too & see if there is any difference in the number of popups.

Thanxx
Naren

rhgtyink · September 15, 2010, 1:43pm

Differences between Internet & ProActive;


<FileGroup UID="{669FE316-BF72-4681-B45F-3DE490DD0AF9}" Name="Windows Sockets Interface">
	<Files>
	<File Filename="\Device\Afd\Endpoint" DeviceName="\Device\Afd\Endpoint"/>
	<File Filename="\Device\Nsi" DeviceName="\Device\Nsi"/>
	</Files>
</FileGroup>


<Group UID="{DA976ABE-9ED5-4C60-A933-709D3ABF63E0}" Name="Pseudo COM Interfaces - Privileges">
	<Files>
	<File Filename="LocalSecurityAuthority.Debug" DeviceName="LocalSecurityAuthority.Debug"/>
	<File Filename="LocalSecurityAuthority.Shutdown" DeviceName="LocalSecurityAuthority.Shutdown"/>
	</Files>
</Group>


<Group UID="{971838D5-DB45-487B-9273-1C54B39726FF}" Name="Pseudo COM Interfaces - Important Ports">
	<Files>
	<File Filename="\RPC Control\wzcsvc" DeviceName="\RPC Control\wzcsvc"/>
	</Files>
</Group>

Explorer.exe is not treated as “Windows System Application” but as “Trusted Application”

Those are the additional protections Proactive gives for as far as I can see in a config diff report

JamesFrance · September 15, 2010, 1:56pm

Thanks, The help file description seems to have been copied from a previous version, so needs updating as it is misleading.

I am going to keep it in Internet security as there is very little difference if I am understanding correctly.

I would certainly not disable the sandbox, it seems to be working well and I don’t need pop-ups to make a mistake in answering in a careless moment.

salmonela · September 15, 2010, 1:57pm

Debuging is extremely important, I voted for proactive

lordraiden · September 15, 2010, 2:21pm

I always use the proactive since the number of poups is almost the same than the default one.

I can’t understand why the “proactive security configuration” is not the default one since the protection is higher with almost the same popups. I don’t see any advantage in the “internet security configuration”

khanyash · September 15, 2010, 2:43pm

Its almost the same not exact & for some people 1 popup also counts & makes a difference.

L.A.R_Grizzly · September 15, 2010, 9:35pm

I voted Yes because Internet Security allows all outbound connections.

JamesFrance · September 16, 2010, 6:50am

No it does not in CIS 2011, that was in 4.1.

lordraiden · September 16, 2010, 9:07am

This was in 4.0 they change it in 4.1 I think

L.A.R_Grizzly · September 16, 2010, 4:11pm

OK, I didn’t know they changed it. I’ve stayed with Proactive since and have had no problems.