Hi @user9823742,
Could you please try deleting all the zones first? In your case, in order for network zones to be redefined, they must first be deleted. After that, the network zone will be detected again and will have the status: Public.
Please let us know if this works or not.
Kind regards,
Elif
Hi @zfc234,
For your points 1 and 2: They are not reproduced with the new beta version. Could you please try with the new beta version when we announce it?
For 3: We are aware of the issues with Kill Switch, CCE, Secure Shopping, Recognizer, and Updater. I can say currently those components are under the internal testing phase, and they will be included in a new Beta build once they are confirmed internally.
For 4: Team couldn’t reproduce anything on this and needs more details. It would be great if you could provide a video of you having this issue or the right steps for them to try to reproduce it.
Kind regards,
Elif
I’m going to upgrade to Windows 11, expressly just so I can test CIS on that system. Without Webroot or Malwarebytes
OK, No TDT with AMD, but I hope the devs will take a look here…:
This was 3 weeks ago, while there is no clarification of the approximate release date of the second beta.
Don’t tell me you actually believed them. There’s a saying, “fool me once, shame on you. fool me…can’t get fooled again”.
Hi all,
Apologies for the delay. We plan to roll out the next beta version next week. We will share the exact date this Friday (06/October/2023), along with release notes.
The reason for the delay is that after getting many requests from the community, we decided to include Killswitch, CIS Updater, and Cryptolocker components in the upcoming beta release, which unexpectedly extended the testing phase.
Stay tuned…
Comodo Team
Hello !
In the Edge browser, there is this function:
“Ask me when a site wants to modify files or folders on your device”
I would like to know. If I use a browser that does not have this function, does Comodo CIS 2024 block browser requests to intervene on files or USB keys?
Or even read them?
hi @Varan-de-C0m0d0 , this can be done through HIPS:
If file/folder is added to HIPS Protected Objects, HIPS monitors write access to these objects. The decision depends on 3 conditions:
1- HIPS rules
2- HIPS mode
3- default action for HIPS
By default CIS do not have a rule for browsers, so next it checks HIPS mode and file rating for the process that attempts to modify protected object. If HIPS is in Safe mode, access is granted for Trusted applications. So if it is known browser the attempt will be allowed. If app is not Trusted, default action will be applied.
If you want to monitor certain locations - add them to HIPS Protected Objects
If you want to block access to these objects for certain apps - create HIPS rule(s).
If you want to decide on the action upon detection, switch HIPS to Paranoid Mode and enable Alerts.
Thank you very much Ligaz for this response.
With your recommendations, I will do what needs to be done.
But, to avoid criticism from other people, but also unnecessary hesitation from users, wouldn’t it be a good idea to include a rule, or even a function, in the 2024 version?
The question asked by CIS could be:
“The website abcdefghij1234.com requests access to your data located in the “My Documents” location through the Opera browser”
Would you like to authorize:
-
Opera to access “My Documents”
1a) Always or only this time -
This website to access “My documents” (regardless of browser)
2a) Always or only this time
2b) Be notified when this happens (without blocking)
Me again…
I have been using CIS for so long that I would like to take advantage of this beta, to see if certain things are possible in development.
My question: (Besides, thank you to everyone who takes the time to answer)(and a big thank you also to everyone who works on this beta).
Are there plans to have Comodo CIS do an evaluation analysis of the “scripts” located in C:\ProgramData\Comodo\Cis\tempscrpt?
Because, in my opinion, many are the same ones that end up in this folder on PCs around the world. Those, at least, could be automatically whitelisted. Once “judged” by the Comodo teams. that would be very practical.
If for example, there would not be enough staff at Comodo to do these evaluations internally, could we consider some sort of community rating?
I’ve seen this from the competition. Number of PCs that have dealt with this component, rating, Transmitter owner, details
Or am I the only one who bothers to go open the C:\ProgramData\Comodo\Cis\tempscrpt\ folder when I have related alerts and read the contents of the script to try to evaluate it myself ?
From the moment something “stuff” is reported, how can you stay (alone behind your screen) in the expository state?
Not all users have complete knowledge…
THANKS
Hi,
will the recognizers problem also be solved in this new beta?
Otherwise, there is a function that was present on Agnitum Outpost and the previous ZoneAlarm (as well as for example Esafe Protect)…
This is the function that would tell CIS Pro whether a series of alphanumeric values should be protected.
(CIS “Pro”, because those who pay must still have a little more than the others) (And above all, this would modify your economic model upwards, because it would encourage more users to upgrade to a paying version) ( Data theft is in the news at the moment)(You could surf on this a little more…)
If Comodo CIS Pro “sees” protected values passing from the inside to the outside, it warns the user by indicating “who” is sending their information and “where” it is going. (Without response, it blocks the exit and will warn when the user returns)
Previously, I had entered (among other things) my first and last name. I was quite surprised to see that one of these alphanumeric values to be protected “went” to a website, without me completing any questionnaire or form!
Of course, I blocked the attempt and the site concerned, then uninstalled the too “talkative” application, in this case an outdated browser.
In our current era of massive data theft, this function would be a significant plus and good publicity for CIS…
In 2024… I don’t see myself tampering with Proxomitron DLLs and others, to try to obtain the same function by myself… Nor installing a CIS competitor…
You can only catch the possible exfiltration of values you would like to be protected by breaking the end-to-end-encrypted HTTPS connection, decrypting, analysing/editing/blocking its content and re-encrypting this traffic (effectively a man-in-the-middle attack), which is generally considered a bad idea. See here why:
More background information is available from this discussion: https://malwaretips.com/threads/https-scan-should-you-enable-it.104630/
Thanks Infosec for the detailed response
There might be a solution:
This would consist of using only a non-public trusted authority (CA) (in other words limited to the information system (PC)) and avoiding CAs natively integrated into the proxy. Use a key protection system (like HSM) and run the proxy in the Comodo sandbox so that no information comes out of there. CIS analyzing on the fly in the Sandbox.
Additionally, for some time now, hackers have been using encrypted streams to pass the offensive charge under the radar and out of sight.
I know, you are going to tell me: as soon as the charge takes action CIS will block it…
Is reading all of my bank’s PDFs a hostile action?
I have a question :
Is Comodo CIS looking for the possibility that Internet or network streams can be decrypted on the fly on the PC, via proxy or not?
Speaking of which… What is libssl32.dll or libssl64.dll?
I would like to know more and see what is happening on my PC regarding the subject.
Do you think the following sites are safe to perform these tests? :