How do Internet and Proactive configurations differ ?

I have just updated to v3.12.

Antivirus, Firewall, and Defense+ security levels are at Stateful, Safe, and Safe respectively for :-
New default configuration “Proactive Security - updated” ;
Old Configuration “Proactive Security” ; and
Configuration “Internet Security”.

Given that all 3 security levels remain the same for the 3 Configurations above :-
Does the choice of configuration have any effect, and how ;
Why has Comodo added “Proactive Security - updated” which appears to be the same as “Proactive Security” ;
Is “Internet Security” different from either of the Proactive settings ? I think I read an opinion that they are equally secure but one gives more pop-up alerts than the other, but that is not apparent from the GUI.

I will use Proactive normally. When installing I think my choices are :-
Proactive but with Antivirus and Defense+ settings at Disabled, or
Instal/Uninstall.
Is the only difference how many context menu clicks I need to get there,
or is their some other consequence in operation that is not immediately apparent ?

Alan

The Proactive Security - updated is the Proactive configuration you used on the time of updating the program. So, it has all the settings you made are maintained in the Proactive Security - updated config. The Proactive Security config is a clean configuration profile.

Internet Security differs because it does not alert on programs starting other program. Technically speaking Image Execution is set to disabled. Also it does not alert for:

  • Windows messages
  • DNS/RPC client service
  • Computer Monitor
  • Keyboard
    . Look under Defense + settings → Monitor settings.

Proactive is more secure as it looks at more parameters. Proactive can give you utmost control over the firewall.

When installing I think my choices are :- Proactive but with Antivirus and Defense+ settings at Disabled, or Instal/Uninstall.
I am not quite understanding you here. What do you mean with the choice to Install/Uninstall?

I thinks he means installation mode. Maybe it should be explained when and how to use that.

On 01/08/2009 I removed all protection and did a clean install of CIS v3.10.

I followed "How To Achieve Max Security With ZERO Alerts! " at
https://forums.comodo.com/feedbackcommentsannouncementsnews_cis/how_to_achieve_max_security_with_zero_alerts-t44371.0.html

and halfway down it said
3. Navigate to Miscellaneous>Manage My Configurations Export your Internet Security Configuration, and import it as “Install/Uninstall” Configuration"

I did not know why it said that, I just blindly followed orders and hoped it would turn out O.K.

This is the install/uninstall option I was referring to.

I do not know if Comodo has a “super install” capability that depends upon, and is triggered by, this configuration having this particular name of “install/uninstall” with this particular spelling;
or if the stipulated name is merely for the user to know its purpose,

PLEASE NOTE “/” is an illegal character within a filename, but “_” is valid
Therefore “install_uninstall” would be a FAR better name to use since it is a valid file name.

I exported the configuration as C:\Documents and Settings\Dad\install_uninstall.
Is it permissible for me to use “install_uninstall” instead of “install/uninstall” for the GUI name of this profile ?
In one years time it would still be obvious to me that the file “install_uninstall” corresponds to the GUI name “install_uninstall”, but equivalence to “install/uninstall” may by then be forgotten.

Regards
Alan

I see now what you mean. That tutorial introduced a separate Installation/Uninstallation mode.

The goal of the tutorial is to shut up Comodo so it won’t bother the people working with it. That keep your computer safe and at the same time easy to handle for the uninitiated. The users cannot change anything as CIS is password protected. So, to install the new install/uninstall mode was made; this one can only be started by the person who know the password.

When using CIS in regular modes when installing programs there is a special policy to use for installations called “Installer or updater”.

Thank you Eric

Now I get it - I think.

With a “normal” configuration it is like Comodo 3.5, in that I can start an installation and wait for a pop-up and then tell it to use “Installer or Updater” mode, after which I may also allow the “super installer” mode which nags every minute.

With the new facility to avoid pop-ups that route for installation is blocked,
so for convenience this new “install/uninstall” will immediately put Comodo into a global installer mode, without it knowing what it is supposed to be installing.

Follow-up questions :-

If I am in “Proactive” mode and start to update an Application, I get a pop-up and I choose to allow in “Installer or updater” mode,
If during that installation I plug in a CD or Flash Drive, or something sneaks in from the Internet, or something dormant wakes up, I might expect a further pop-up and the ability to block or allow.

If instead I am in non-pop-up mode I need to switch to “install/uninstall” configuration before I update or install an application, and Comodo will not know what I wish to update.
Am I correct in fearing that at that stage Comodo will not only allow any installation that I choose to perform, but will also wrongly assume any other malware installation is something to be permitted ?

Does this new configuration have to use the exact name and capitalisation of “Installer/Updater”,
Or would “Installer_Updater” be just as good.

Regards and thanks
Alan

  1. When using the install/uninstall configuration Comodo will not allow new malware to start. You would get alerts if malware was trying to hit your system. You would still be in control.

The catch with the install/uninstall configuration is the following. First you make sure your system is free of malware. Then you set D+ to Clean PC Mode; it will then learn all the rules of the applications at the disk when they get started. When new files are introduced, programs you want to install or malware trying to hit your system, it will alert you and you will be in control.

2.You are totally free in how you name the configuration. Give it a name that is logical to you.

Thank you Eric.

If I switch to “Installer/Updater” mode and plug in a Flash drive,
wiil Comodo assume that whatever happens next is what I want ?
And if it runs a *.BAT script that causes several installations will theyl all happen ?

I am thinking that if I borrow a Flash drive for a useful item I should first scan it for viruses,
after which I can run an installer and I fear that if the initial installation links on to additional installers then they will also happen. Would it be safer to not use “Installer/Updater” mode, but instead to cancel the password and use normal pop-up mode so that each of the installations will notify and await separate permissions ?

Sorry I am beating this one to death, but I spent over 30 years designing Fire protection and Intrusion detection systems, and cannot shake of the habit of assuming that the unexpected will happen, and there were no second chances. Fortunately I now have Acronis as a fall-back to give me a second chance, but old habits die hard

Regards
Alan

No, an external drive will by default not be seen as safe by Comodo. So, you will get pop ups for the batch script.

Comodo not seeing external drives as safe has consequences. When you make a rule or exclusion it will only be valid for the session. With valid for the session I mean until the next reboot or the point were the disk is detached before a reboot. For external drive think: USB stick, Flash drives, USB hard drives, network drives…

I am thinking that if I borrow a Flash drive for a useful item I should first scan it for viruses, after which I can run an installer and I fear that if the initial installation links on to additional installers then they will also happen. Would it be safer to not use "Installer/Updater" mode, but instead to cancel the password and use normal pop-up mode so that each of the installations will notify and await separate permissions ?
Clean PC mode, which is part of the foundation of Installer/Updater configuration, only assumes those files safe that are on the HD and will learn the rules for those. However any file that is newly put on the HD is not considered safe and you will get alerts unless the program is on the white list or when its digital signature is on the list of My Trusted Software Vendors.

So, even when using Installer/Updater configuration to install new programs you would still need to answer alerts while installing. In this it behaves the same as you were using a non password protected configuration. When you try and update software on a regular basis using the password protected configuration is not convenient. The password protected, no pop up, configuration is meant for people who use the same software for a long time and don’t want to be bothered by alerts.

Sorry I am beating this one to death, but I spent over 30 years designing Fire protection and Intrusion detection systems, and cannot shake of the habit of assuming that the unexpected will happen, and there were no second chances. Fortunately I now have Acronis as a fall-back to give me a second chance, but old habits die hard

Regards
Alan

Scrutinising one’s security never hurts. That’s for sure.

Thank you Eric

You have explained it so well I cannot think of any follow up questions.

It is very re-assuring that Comodo have anticipated all the “gotchas” I can think of ! ! !
Also a little disappointing - I will now have to find something else to worry about !

Regards
Alan

Comodo rocks…;D

Also a little disappointing - I will now have to find something else to worry about !

Regards
Alan

:smiley: