What specific configuration options are needed to get buffer overflow protection without any pop-ups or restrictions when installing all new software? In other words, I would like from Defense+ the equivalent of the discontinued Comodo Memory Firewall without the HIPS.
Put D+ in training mode. That gives no protection but does not disable D+ and may leave BO in tact.
Thanks for the idea.
I am trying to reduce Defense+ resource usage and improve compatibility with other security software. Does anyone know what resources Training Mode disables?
In Defense+ Settings, I set the Defense+ Security Level to Disabled. I did not check “Deactivate the Defense+ permanently”. Then I tested with the Comodo Buffer Overflow Tester app, and there was no protection. So Training Mode looks like something to try.
In Defense+ Settings | Monitor Settings tab, does anyone know which checkboxes are necessary for buffer overflow protection?
I performed the following tests with CIS v3.14. I assume the results will be the same with newer versions.
In Defense+ Settings, I set the Defense+ Security Level to Training Mode. I did not check “Deactivate the Defense+ permanently”. Then I tested with the Comodo Buffer Overflow Tester app, and there was protection!
Next, in Defense+ Settings | Monitor Settings tab, I unchecked all checkboxes. Then I tested with the Comodo Buffer Overflow Tester app, and there was protection!
Next, in Image Execution Control Settings, I set the Image Execution Control Level to Disabled. I left “Detect shellcode injections” checked. Then I tested with the Comodo Buffer Overflow Tester app, and there was protection!
Are there any other configuration changes I should make to avoid Defense+ learning new rules? Any other changes to reduce resource usage while maintaining buffer overflow protection?