How can DiskShield be integrated into CFP v3 to offer what functionality?

Hi guys

Here is an interesting topic. We want to integrate DiskShield into CFP (of course you can continue enjoying it as a stand alone too, but we will offer its functionality as an option for people who want it).

Now, here is the question: What features do you like to see by utilising DiskShield in CFP? Please give us some really creative ways in which we can use DiskShield in CFP…



You could set up rules for applications that would make everything run virtualized unless specifically allowed actual disk access, including giving that option when CFP pops up an alert saying such-and-such a program is attempting to create a directory, alter a file, etc. Actually this sounds more like a sandbox integration than an all-or-nothing access like diskshield seems to provide, but this seems more logical to integrate into the firewall, at least to me.

I agree with tor, this can be used to counter OA’s ‘defanged mode’ except this will be COMODO’s hardcore security mode. A certain process may be able to load into a virtualized piece of memory, and all files written from that program are also virtualized (however existing files being read arent virtualized), and you may be able to rollback the changes.

Example: I Knowingly download a virus, I run it in our virtual state, then the virus downloads 200 files. I roll back poof, virus and 200 files are gone.

Also I think that CFP can move files being examined by D+ into a temporary virtualized state. For example a new file is detected. D+ intercepts that file, loads it onto a virtualized space, D+ alerts user, user allows the file is commited to disk unless user wants the file to run in a virtualized space, if user denies that virtual space is deleted, along with the file. Of course that can cause some inconveniences but this is just an idea board so.

Why not? :wink:

I agree with the above that certain programs can be told to run in the virtualized state.

I also see something like this as a possibility:
User runs an installer and the alert box pops up. Currently right now a user can allow with options or deny. However, with CDS integrated, there is a new option: Test in Virtual System. When this is done, the program is ran in a CDS environment. All of the executables it installs are are also run in the CDS environment, but other preinstalled stuff is not, unless it is modified by the installer. After this, the user can look at the log of all files that were created, modified, or deleted and also all reg keys added/modified. The user can see if the program modified existing dlls/executables and judge if the software is malicious. Next, the built in malware/virus scanners (or third party scanners) can scan that environment for anything malicious. Sometimes installers seem innocent to av/malware scanners until they are run then the virus/malware is detected in the modified files. This will give a clear picture as to what exactly is going on.

Does this all make sense? I tend to not be clear sometimes. :stuck_out_tongue:

Yes. I see what your saying. Its somewhat of a resident debugger/unpacker. Its a larger version of some of the techniques used by antiviruses, except this one is much more effective.

Excellent idea IMHO

These are excellent ideas for our upcoming Sandboxing built into CFP.
The file specific virtualisation is the job of a Sandbox. CDS is slightly different cos its the whole HD virtualisation.

However, one idea from the above examples you have given would be CFP gives you an alert and you have an option to put your whole HD into a virtualisation mode to test things out. Of course you need a re-boot to come out of this mode and poof goes everything you have done since you put the whole HD into virtualisation after that alert. (Quite neat really)

Pls keep them coming.


This sounds extremely powerful.

The power off CFP 3+Sandbox+DiskShield sounds very very promising.

It’s really a great idea that DiskShield be integrated into CFP v3 as “hardcore security mode”. However,I think both Sandbox and DiskShield should be optional during installation because not everyone need them and not everyone is able to use them .Maybe for some people,a great firewall with HIPS is enough.

I might be on my lonesome here, but I don’t think DiskShield lends anything to a firewall in terms of functionality.

A firewall and a sandbox are, to my mind, transactional in nature, where data packets and applications come and go and are dealt with as and when they appear. DiskShield, being system wide, affects all things, and this may not be desired.

Ewen :slight_smile:

Excellent! We still need the logs of all files modified for easy checking. :slight_smile:

Hmm … just a general switch in CFP that turns on CDS without a pop up. Also, right-click integration with Sandbox would be cool: right-click on a program and run it in a sandbox, the one integrated in CFP. :slight_smile:

I agree with panic.

If Sandbox AND DiskShield are to be integrated into CFP 3, They should be optional during installation with a brief description (Exactly like Defense+ & Firewal & SafeSurf currently are during installation).

Try to make things as optional as possible & stand a lone, I know you will, Melih :slight_smile:


How can DiskShield be integrated in CFP?

I agree with Ewen and Josh. I can see future complaints of CFP getting bloated if more things get integrated; like DiskShield. It’s a great idea for a comprehensive security product; a suit, but a firewall is still a firewall…

+1 :slight_smile:


I would not like to see DiskShield intergrated into CFP3. I would prefer DiskShield as a standalone product. Personally, I prefer the firewall to just handle communication in and out of the computer with Defense+ (hips) being handled by a seperate HIPS application.


Good day!

This could sound weird to some people, but I write it anyways:

The firewall is smart now, but it can be smarter. The improved firewall should come with more artificial intelligence and should use it in this kind of manner in combination with COMODO SANDBOX:

  • The firewall should detect if someone is making a wrong decission (read: wrong choices about allowing some dangerous activity) the firewall should activate automatically the sandbox feature for you so there is no effect of the bad decission.

  • The firewall should virtualize browsersessions for you. If you open your browser cfp should ask you if you want to virtualize the browsersession. And if you want the virtualize session to end, you can simply turn of the feature.

Okey, Have a nice day!!


I actually like these ideas. I dislike bloatware as anyone else, but as long as everything can be opted in or out, it’s okay. (However opting out shouldn’t mean that the feature’s installed and disabled, but that it isn’t installed in the first place --just like Defense+ was made in the end.) Because CFP on one hand and CDS on the other can be used together, but if they can interact they can be more powerful. The ideas posted here need that CDS be integrated with the “CFP” suite, at least optionally (the firewall could always be installed without any added feature for people like Graham) .

The bit by Triple X about artificial intelligence would be of course interesting, but I don’t know if it’s feasible as he puts it… Knowing if a program is malicious in advance is what AVs (try to) do, so it wouldn’t be nothing new and this “intelligence” would be limited just like any other anti-virus/malware is. Even if Comodo came up with an innovation in this field, it would still be AV technology. (Well maybe CFP could take advantage of the fact that its firewall’s monitoring traffic by giving the option to virtualize if a connection request is detected? The user could say, “nah it’s okay”, or “hey this wasn’t supposed to connect it’s just a little game”. Or since Defense+ is monitoring processes too, maybe switching to virtualization could be the ever-present third option besides allow and block, at Defense+ popups. Or both Firewall and D+ popups…)

As for using CDS or a sandbox, I don’t really know the low-level details… But I think that for these ideas a sandbox would always be equally or more practical–so I’m talking about usability, not security. For example, CFP giving you the option to switch to full disk shield mode (perhaps the moment to do so would be chosen intelligently by CFP?) would be great; but CFP giving you the option to switch to a sandbox that’s kept after shutdown and doesn’t need reboot would be even better I guess. The malicious nature of a trojan horse needn’t be (usually is not) noticeable the moment after the installation; if you monitor an installed program inside a sandbox you’re able to look for medium-term suspicious symptoms. Perhaps the fact that CDS is in beta but made yet, whereas Comodo’s sandbox is a project, is a factor in choosing the first instead of the second to integrate into CFP now? ;D

As for sandboxing the browsers (and maybe other programs) by default it’s a good idea, but I guess this doesn’t necessarily call for interaction with CFP. I think the paid version of Sandboxie already has this feature on its own. (Myself, I don’t understand the people who get into the trouble of sandboxing their browser when they’re running it from an admin account in the first place… :stuck_out_tongue: But hey everyone’s entitled to his actions.)

For technically minded users it’s great having the Diskshield functionality integrated into CFP.However for many users this could well cause confusion and I’d expect to see a large number of forum posts with people concerned about ‘missing’ downloads and documents etc.I hope that there are clear instructions and visible notifications when users are in a virtualized state in order to minimize this.

I can imagine a scenario where Joe Bloggs has DS enabled and is working on a presentation for the office.He spends a few hours grafting on it,saves it to ‘My Documents’ then switches off,intending to print it off the next day,imagine his reaction when upon his next session all traces of it have vanished. (:SAD)

Or maybe to slim it down, you can CFP when it asks for a file to treat as a “virtualized component” ran in this controlled environment, like a sandbox, but more thorough.

My 2 pence…

I think Diskshield Technology at least could be integreated into cpf3 / Comodo Internet Security for instances of virus recovery. Like Diskshield permanently running the system in virtual so that the system can be rolled back to prior virus infection. >> Like system restore but uninfectable. So this sort of technology would be built in but with also the option to run Full Diskshield separately or as previously mentioned, varying degrees of virtualization.

Hope that makes sense.

Yes I see what your saying. The problem is however, when a system shuts down virtual layers are destroyed, there has to be some way to keep saving that session, while at the same time completely and safely shutting the computer down. Saving the session to RAM is no good, because the RAM will reset, you can save the session to the hard drive, but then COMODO will have to modify core windows settings to have windows boot from that file, but windows won’t even be able to recognize it.