HIPS questions

Can I activate HIPS in safe mode and set the flag to do not show warnings by choosing “block requests”?
This configuration is for an inexperienced user.
Or do I leave HIPS off? If I leave it off, is the system protected by having automatic containment?

Auto-Containment is only part of the security. It does not protect you from whitelisted files being used against you (unless ran inside the sandbox).

Keep both HIPS and Auto-Containment turned on.

P.s. As for Safe Mode w/Block Requests. You can do that, just make sure to keep checking your list of blocked files if an application fails to work. You can then just submit the application to be whitelisted or check it on Valkyrie.


Is it normal that sometimes the Comodo internet Security service also reaches CPU peaks of 30%, 40% or 50%, especially when I open files or open applications? Then after a few seconds it drops a lot, reaching 0%.
I especially noticed this having HIPS active in safe mode. With HIPS not active it uses less% of CPU.

the 32 BIT PC on which I installed CAV:
Windows 10 Pro Edition
Version: 20H2
Installation date: 05/07/2020
OS Build: 19042.964
Windows Feature Experience Pack 120.2212.2020.0
Inter Core duo processor 2.

So even if you have automatic containment without having HIPS on, you would still be vulnerable to some ransoware?

Any method to attack a machine using trusted files has the potential to possibly bypass the sandbox.

For example you could visit a website, run a payload that uses an unpatched exploit in the browser (browser files will be whitelisted), and then the hijacked process could potentially be used to do whatever it wants. In theory encrypt your files yes.

From what I can see, it really doesn’t matter what type of malware it is, you should have Auto-Containment and HIPS enabled for better protection.

P.s. I would expect many pieces of ransomware to use unknown/malicious rated files however, in this case the sandbox may be enough. It really is up to you how well you want to stay protected.