Less secure CIS 4.1 or 3.14---feedback...

Hi to All,
So, I axiously waited for CIS 4.1 and got it immediately. However, after installing it and some strange behavior, I feel more secure with CIS 3.14 than with CIS 4.1 (read below).
CIS 4.1 did FANTASTIC job on logs. They are browsable, searchable in any way, one would wish, what was not case of CIS 3.xx and below. Also, less notifications is great, but…
However, security implementations in CIS 4.1, make me very insecure, and confused, what I would like to describe. Maybe I am missing something, so help.

1. Sandbox—this is separate story, so, let’s leave it for later or another topic. But where is the list on currently sandboxed applications??? there is nothing, except browsing and searching logs-not too good idea.
2. After installing CIS 4.1 and rebooting it, only few pop-ups, what is great, until I reviewed the list of applications under computer security—there are hardly any programs on the list. Where are all the other applications? In CIS 3.14, I could see all secured applications and to chose their settings as limited, trusted, windows, etc. In CIS 4.1, this list is almost empty, so where are other applications??? No control over them, how they should behave? CIS 3.14 wins here over CIS 4.1. Of course this is for more advanced users, not novices, but there should be at least the full list of all applications secured.
3. And finally, CLT, Leak test and CIS 4.1 behavior, which caused me to regress to CIS 3.14. After CIS 4.1 install, reboot, I am running CLT, and get perfect score 340/340, but after additional reboot and CLT rerun, CIS 4.1 assumes this is trusted suite of applications, and throws them repeatedly to My Own Safe Files??? Is this right? Moving them to Pending, does not change CIS 4.1 behavior: CLT apps are still trusted? should they be? Blocking them, yes, CIS blocks them, but this does not allow any more to run CLT. If, by any act, any malicious program passes through CIS 4.1 security, how do I get it out of trusted, and to be re-checked applications? Uninstalling CIS 4.1 everytime, to re-run CLT, does not make sense.
   Or again, am I missing any new undiscovered settings somewhere, which CIS 3.14 does not have?
   For time being sticking with CIS 3.14 on my Win7 Ultimate 64 bit system.
   However, big thanks for working so ■■■■■■■ CIS 4.xx and hoping to use it in near future, once improved.
   Thanks for reading
   K-D

With V4 rules are not automatically created for applications that are known to be safe. This makes it easier to find and edit the rules for applications that are not known to be safe. There is a box that controls this behavior under Defense+ Settings.

I have run the application and nothing from it was added to my safe files list. As long as you didn’t tell the Sandbox popup to not run this application in the sandbox I can’t explain this behavior. If you did then this is the cause because this adds the file in question to the safe list.

Let me know how many of your questions I didn’t answer so I can try again. ;D Thanks for posting.

We would not reduce your security with each release but actually improve it…

Melih

Chiron & Melih,
THX for your responses.

[at]Melih, I would think newer versions would improve security. Matousec.com is the proof of it. However this bizarre CLT behavior makes me pretty uncomfortable with CIS 4.1 environment. And even the best make mistakes and break things:
InfoSec Handlers Diary Blog - SANS Internet Storm Center
| IT News Archive | ComputerWeekly.com
http://www.cbsnews.com/stories/2010/04/21/tech/main6418483.shtml
So, I better be cautious than sorry.

[at]Chiron, I have never got any requests from CIS 4.1, to run CLT in sandbox. So, anyway, how do I remove CLT from secure applications and stop CIS automatically moving it to My Own Save Programs?
What is the procedure for this? What if someone disables sandbox? What then with CLT, will it still go to Save apps?
Is there any way to see full list of all applications secured by CIS 4.1?

I think that a good, respectable security program should, and it should be imperative, be able to disclose, in one way or the other, its all activities, modifications, and if necessary, provide means to modify them. Thus, I think list of all programs should exist as in CIS 3.xx, and availability to modify their operations, should be included (of course for advanced and admin users).

Now, lets see what happens with full trust to trusted vendors, see links about trusted vendors:

How will Comodo 4.1 act on infected installers? Install and hide?

Thanks again,
K-D

It shouldn’t be adding the files to the safelist without you putting them there either manually or through the sandbox. Can you please post a screenshot of your safelist with the files in there?

You can try uninstalling CIS and reinstalling it. It’s possible you had a bad install, it happened to me for V4.1.

With any file that is unknown CIS will sandbox it. You must understand that Comodo’s sandbox does not work like most sandboxes. It allows the programs to drop files in areas that are not protected, but if these files are run they will immediately be sandboxed.

With the sandbox it is not possible for the system to be infected. All system folders are protected and cannot be modified no matter what. Thus you are safe from worrying about infection, but you don’t have to answer that many relatively confusing Defense+ alerts.

Of course if you know how to answer the alerts you can simply disable the sandbox and you will get all of the alerts from Defense+, which isn’t too many if you ask me. This will prevent any malware from infecting your system or dropping files anywhere. It’s a trade-off, and it’s your choice.

I apologize for the rant ;D, but my point is that if CIS is working properly, which yours might not be, you will be protected at even the default settings.

I don’t know what is happening with the leaktest, but all that will be sorted out soon. I’m sure of it.

I went back to CIS v3.14 also after the best score I could get using v4.1 with the Sandbox enabled with Proactive Security and auto detection disabled was 320/340 in repeated Comodo Leak Testing. What configuration did you use in v4.1 to get that 340/340 score?

~Maxx~

stock configuration ;D

What operating system are you using?

~Maxx~

Always the answer is… “Try this”… “Try that”…

OMG, why dev’s don’t hear us, users? Why they don’t test before going public?

The 1st post is full of very good reasons and very well explained. If someone don’t have the ability to deal with it, well… wtf? Why be such silly?

100% with Comodo, but with no hurries. Sticked with 3.14, of course.

@Chiron,
sorry, I don’t run CIS 4.1 at this time, so I cannot post a screenshot (I went back to CIS 3.14), but the only files in My Own Safe files were all executables and all files from plugins folder from CLT folder, no other apps, since I removed all others from there.
I have installed and re-installed CIS 4.1 at least 5 times.

@Maxxwire,
For time being sticking with CIS 3.14 on my Win7 Ultimate 64 bit system, as stated in the very 1st post.
I use CIS configuration as follows: CIS Proactive, AV-stateful, FW-safe, D+ -safe, and I had sandbox enabled, with everything in sandbox configuration check-marked, and that is how I got 340/340 score, but only during first initial run.

@AeoniAn,
I agree with you. They might rush a bit, but this does not bother me, since I am used to beta-testing lots of applications. However, when I notice something is missing, or not working properly, I feel, I should give a feedback, which of course will always be a subjective opinion, and others might not to agree with it.
I will wait for another version, and check that one out, and see if it suits me better.

CIS 4.1 might protect system better, but I cannot verify it (no lists of protected apps, or sandboxed apps), so I will not trust it just yet, just because someone told me to trust it.
K-D

I had much less success running CLT with CIS 4.1 with its default settings with a score of only 120/340. The only way I could get 340/340 was to disable the Sandbox.

~Maxx~

[attachment deleted by admin]