Is Behaviour blocker the same automatic sandbox?

"Why Comodo calls it Behavior Blocker if it is only a autosandbox that checks hashes? "

Once you execute an unknown program, first there is a local TVL check, then a Cloud TVL and whitelist check THIS is the hash checking. Then if the app is still unknown BB executes it inside sandbox (what we call AutoSandboxing).
Yes, this is not a BB like Mamutu is right ?
Devs said they were going to put its own rules later (it seems 6.1).
I hope it’s ok now.

Right! And that is no behavior analyzes! That is Autosandboxing with checking hashes. :wink:

its the same like in V5. So why calling it BB if there is no behavior analyzes and still autosandboxing with checking hashes like in V5? :wink:

that is misinformation! But sure, all is ok now if this is ok for u! :slight_smile:

This will come later like as said, 6.1 normally if not later?

As Spywar has mentioned, the intention is to become more of a traditional behavior blocker with a later release. It’s more of an automatic sandbox/HIPS combo at the moment. (In other words, it does more than just check file hash)

thats right! its an automatic sandbox/Hips combo at the moment! :slight_smile: So why not calling it like this? all other things are misinformation.

really? what does it more? where i can read about it? Behaviour Blocker, Network Access, Internet Protection | Internet Security v6.3 → here i can read not about more, only checking hash and then it will sandboxed partially limited :slight_smile:

Tell me more please!

I guess it could be argued that since there is a HIPS there, it is blocking certain behaviors… :wink:

I’ve explained in a reply to your post in another thread.

Yes, thats right! The HIPS blocks certain behaviours. But a Behaviour Blocker analyzes the behavior of a file/programm! So, no, it is not a Behavior Blocker! It is misinformation if we/Comodo call it like this. Sorry, but that is the truth, even some people want not hear this, but it does not change the truth. :wink:

It remembers me a lil bit of the discussion about AV-Comparetives, they called themself independent, but they was not independent. And now Comodo call themself Behavior Blocker, but it is not a Behavior Blocker. Thats why i say, it could be critically, cause its misinformation for some users.

yes, thank u, i saw it. and i had answered u :slight_smile: … like i told u, in the Behavior Blocker Help guide is no info about, that the Behavior Blocker is a autosandbox/Hips combo! there u can only read that it will check hashes and then autosandboxing the file.

I cant read more.

But thank u for ur explanation.

What is now called Behaviour Blocker is meant to be one. It is coming.

But since sandbox and automatic sandbox tend to confuse users Comodo decided to rename the automatic sandbox Behaviour Blocker in advance of its appearance/

Hmmm, ok, that is maybe 1 reason for. - But i have not read an officially statement about this.

And its still misinformation so long time, like it is what it is, just a sandbox/hips Combo!

Edit: And we dont know with which version a REAL BB will come, the truth is, we dont know that they want develop a real BB with real behavior analyzing or not or still want call the snadbox/hips combo as BB. We dont know, we have no officially statement.

official statement I guess already done by egemen (on mods board).

do u have a link or a quote? What does egemen said? I dont know. Do u know it?

Ask a mod :wink:

That is what egemen told us in the mod board when we were testing v6.

ok, nice. But it would be better, if we could read about it in the BB help guide, in the official documentation.
I hope u can understand what i mean. Cause right now, we cant use the help guide cause its wrong, there is no description how the HIPS/Sandbox Combo works and how we can handle it.

And second, if it is the plan to implement a real BB for future versions, like 6.1 or 6.2 or 6.x, so please please clarify that right now it is not a real BB, just a Sandbox/Hips Combo. It is still misinformation as long as it does not do what it is called for! :wink: - if CIS makes some day really behavior analyzes of files, then u can call it BB. That is my opinion an i think i am not wrong with this!

I agree. Since this release operates very differently than previous versions, these differences should be addressed definitively.

The definition of a behavior blocker is just as wide as the term “sandbox”. For example, this article from ESET doesn’t mention anything about a behavior blocker needing to analyze any behavior, merely that specific actions are blocked depending on how the BB is configured.

Behavior blockers do not care what the motive of the program is, they stop certain things from happening. Airport security is a lot like a behavior blocker. It doesn't matter if a person is the best surgeon in the world, the doctor cannot take a knife onto an airplane. Behavior blockers do not generally care what the program is, if it tries to perform a specific action the behavior blocker will stop it. If the behavior blocker is set to stop programs from writing to the registry then many bad programs will fail to work and many good programs will be completely unusable as well.

This would definitely apply to the current incarnation of the BB in CIS… :wink:

Of course! Thats the big problem!

Hmmm, ok, that is your view of this point. But for me there are clearly definitions about HIPS and Behavior Blocker - u can find in the www. See this quote:

HIPS and Behavior Blocking From Mary Landesman, former Guide

A host intrusion prevention system (HIPS) monitors each activity a program attempts and (depending on configuration) prompts the user for action or responds based on predefined criteria. Conversely, behavior blockers monitor and profile whole program behavior. When a collection of behaviors tips the scale, the behavior blocker will (depending on configuration) alert the user or take action against the entire program based on predefined criteria.

Though they sound similar, HIPS is application-level control (i.e. this program is allowed to do X but not Y), whereas behavior blocking is more cut and dry - the entire application is either good (allowed) or it is not. Fortunately, many of these types of products combine both. Still, for those that don’t, it pays to understand the differences.

While HIPS allows far more granular control, it is best suited for experienced users who have both the knowledge and the patience to answer the prompts and make the proper configuration choices. Used properly, HIPS cannot only offer superb protection for your PC, it can also educate and inform you about the individual actions certain programs take.

Because it assesses a collection of actions taken by a program, behavior blockers help with much of the decision making. For example, a program deemed to be wholly bad is typically automatically quarantined with no input from the user. And since behavior blockers are concerned with the entire program rather than individual actions, they can be far simpler for users to understand (and thus use appropriately). For this reason, behavior blockers are ideal for the less experienced user.

When combined, behavior blocking technology can make the decision for the HIPS side of the equation - something both novice and experienced users will appreciate. Even more of a plus, both HIPS and behavior blockers can be run together (and both in conjunction with traditional signature based antivirus software and firewalls).

above you can see what i understand of an HIPS and of a Behavior Blocker!

if Comodo tries to combine it, sure, it would be nice.
But right now, officially, we have an HIPS and a Sandbox + checking of hashes. :slight_smile: Or am i wrong?

As I mentioned before, you’ll be able to find many different definitions of what a behavior blocker is…

See my response here: HIPS or Behavior Blocker?

ok… what must i still say? U have your opinion and i have mine. Its ok for me

At first, thank u HeffeD for sharing egemens words about that.

But as you can see in this other topic, for me, nothing has really changed… :frowning:

For me, CIS is still a very good software, cause i can handle it good and it has all what i need. But i dont like the way that Comodo drives right now. Why there was no clear and officially words about the CIS software and how it works right now from Comodo staff?

What is really new right now? - i think only the Interface of CIS, the KIOSK and that the autosandbox and the HIPS components needs not working together anymore. But really true changes? - like a real BB, sorry, i dont see it. So for me the renaming was wrong. And ok, if they do like they have done it, then it was wrong that the Comodo staff not really clear spoke about it. What is the problem to say: “Hey, we rename our product components already for future coming improvements”. ???

But ok, it is how it is. Hoping Comodo drives a better way in future and speaks clear words to their clients, users and so on.

You have still not understand what I said not long ago … “Real BB” as you said is gonna be implemented soon v6.1 or higher don’t know exactly … They have named it Behavior Blocker but it has not got its own rules right now. I understand what you mean by “there isn’t any real BB” but now I’ve clearly explained why.

:slight_smile: U have not really read what i had said above

like i said:
" And ok, if they do like they have done it, then it was wrong that the Comodo staff not really clear spoke about it. What is the problem to say: “Hey, we rename our product components already for future coming improvements”. Huh

But ok, it is how it is. Hoping Comodo drives a better way in future and speaks clear words to their clients, users and so on."

Its ok, now, it is how it is. :wink: