What happens if I put CFW 10 in proactive config, and I disable autosandbox?
Is the protection less effective?
Okay, I won’t be able to test unknowns by running them sandboxed, but I rarely do that anyway. I am just wondering if the protection is any less reliable.
IMHO, you have more control over actions carried out by unknowns when using HIPS and for trusted applications by the use of creating specific HIPS rules for those trusted applications. However, you may want to add additional folders to the list of protected files, as the default does cover a lot, it however does not protect your documents, music, video, picture, etc user folders. Of course if you really want full coverage you should add ?:* as that will cover all files/folders across all drives/volumes.
Thanks.
What does protected files do?
As the name suggests, it protects those listed from being modified by unknown applications. e.g. you run something unknown which then that unknown tries to drop a file in say the windows directory, you will be alerted on such action to either allow or block the request. Or unknown attempts to modify an existing file such as a document file that is located on your desktop, again alert will ask for permission to allow modification or not. Same thing applies for file/folder deletion, though alert will not specifically say ‘delete’ it will come up as modify. To see exact details of HIPS alert make sure you click on the down arrow to view more information on the action. See the help doc for more info: Protected Files, PC Files, Folders Protection From Malicious Software | COMODO
thanks.
So if I understand right, protected files cannot be encrypted by ransomware, but could be read by spyware.
And you could make an exception for MS Word, for instance, to modify, create and delete files in a user-defined protected location.
Yes assuming that the files that are attempted to be encrypted is listed in the protected files section, and even though spyware can read the data of files it would need to transmit the data which is where the firewall comes in.
And you could make an exception for MS Word, for instance, to modify, create and delete files in a user-defined protected location.Well MS Word is trusted so it would be allowed to modify and file/folder when HIPS is set to safe mode, but yes you could set a rule to block file/folder write access using a HIPS rule. e.g. block Word from modifying files in the windows directory.
did you add ?:* ? What kind of issues is it likely to cause, if I would do that?
You shouldn’t have any problems especially if HIPS is set to safe mode. Due note that due to a bug HIPS will not alert on folder creation (non-serious issue) but if a non-trusted running process attempts to delete an existing folder or change the folders attribute (e.g. change from a normal folder to a hidden folder) then you would get an alert.
To add ?:* to protected files you would click add > folders expand computer/this PC and select the C:\ drive, click ok then scroll down to newly added entry and double click on entry and change C:* to ?:*
thanks.
that’s a pretty cool tweak.
I tried it out, and everything seems to start up okay.
It seems to give execution permission to unknowns, but deny permission to make changes.