Full Virtualization or Restricted

Now the excellent Comodo 6 has been around for 1-2 months what setting does people use for the behavior blocker and why??

I use full virtualization; but does that provide ultimate protection against the deadly ransomware?

Tony :110: :rocks:

I’m using Restricted. I was using Fully Virtualized until it seemed like there may have been a problem with it. The other user here has it on Partially Limited since some of the games and things she keeps installing don’t work on any higher setting.

Personally I use Untrusted, I’m not really looking for it to be compatible with anything, I know which programs I want running and if a program with an unknown name tries to run then I block it, I would use “Blocked” in the BB IF it actually generated alerts, which it doesn’t.

Off-topic: 500 posts =P

Edit: Changed BB to “Blocked”

Full Virtualization will provide you with protection from ransomware. However, it is susceptible to certain types of keyloggers (which can also log information from the actual system). Also, there is a vulnerability in FV whereby malware could potentially bypass the firewall by piggybacking through the browser.

Thus, if you like you can use FV, but you need to be very certain that there are no keyloggers running in the sandbox. Personally, I use Untrusted as Restricted blocks almost all types of malware, but there are a few which can bypass it. So far I haven’t seen anything which bypasses Untrusted.

So far I haven’t seen anything that bypasses “Blocked” :o 88) Shame it doesn’t generate an alert. :frowning:

Got mine set to blocked as well.

Since we don’t have any reported instances of a CIS6 user actually being infected by an in the wild malware and all the tests I have seen haven’t shown anything actually establishing an infection, I think I’ll leave my settings as they are. I could see going to Untrusted but if the Blocked setting does not show the usual alert with the option to not restrict again I see that as unusable.

Stange, in the BB section I can find nowhere the option to run BB FV. How is that? I have latest version of CIS 6! :P0l
Sorry, it’s all explained in the help section of CIS 6:
Thanks :smiley:

I have seen one post where a user was hit with ransomware, which was able to encrypt files as he had CIS set to Partially Limited.

Was it ransomware in the wild or a result of purposely throwing things at the program to see what sticks?

This was in the wild.

In fact, here is the post in which someone reports that CIS did not protect them against ransomware.

There is an error in the online help file, line 7:
7.In the 'Edit DWORD Value dialog box, change the ‘Value data’ from 1 to 0 and click OK
In fact when you create a DWORD the value is set to 0, to create the FV pane you need to set it to 1. Can someone correct this?
Also, are you sure this really is and will be “Fully Virtualizzed”, is it “tested”?

Interesting and troubling. I would assume that at this time, there is a signature for that virus although there wouldn’t be one for a brand new one of that type.

Yes, but that’s the point of CIS. It should be able to protect you even before there is a signature for the malware. In my opinion the default setting should be Limited.

I tend to agree with you.