More quiet and stronger setp for C-AV than default settings

Kees1958 · August 1, 2009, 12:32pm

I do not understand why Comodo has set the defualt AV configuration. The config described here is more quiet and stronger.

Install CIS without the FW, in proactive mode, after installation
Go to my protected files

Create a new group called (Old important files and maps (or something simular, I use the Dutch version)
Move these these files to the OLD group
a) %windir%\servicing*
b) %windir%\SoftwareDistribution*
c) %windir%\system*
d) %windir%\system32*
Add the C:\WINDOWS\system32\drivers\etc* to the Important files/folders group
Apply
Next add predefined groups to my protected files and foders until it lists
a) Startup flolders
b) Important Files and Folders
c) Windows Management
d) third party protocol drivers
e) Windows update applications
f) Windows system applications
Apply

Next go to D+, go to Advanced tasks and go to Current computer security rules (first upper left option on
the advanced tab).
Scroll to ALL applications and dubbelclick the rule, select use adapted security rules, click access rights and click “Run/start executables”( = first option). Add the Group "All executables"to the allowed applications to start and Apply changed settings.

Next go the d+,Advanced settings and Defense+ settings,

select clean PC modus of the general tab and apply
click the advanced tab and make sure only these items are selected
a) close/shut down processes of the first group
b) protect registry keys and files of the second group
c) select all protections for direct access.

Should look like this

a)

[attachment deleted by admin]

Kees1958 · August 1, 2009, 12:33pm

I would like to ask both the useability and security test team to have a look at this settings and see for themselves it is stronger and more quiet.

Regards Kees

Xthink · August 1, 2009, 1:30pm

Kees,

Any suggestion about safe (best?) rules for common Windows system files?
https://forums.comodo.com/install_setup_configuration_help/safe_firewalld_rules_for_various_windows_system_files-t43392.0.html

Kees1958 · August 2, 2009, 8:36am

Well most of these are tackled in the file protection:

application level protection

System

since D+ lacks the ‘protect kernel/system objects’ in its rule set and by default has a predefined windows systems rules set, I would not mess with it, swith to another HIPS when you want that (Malware Defender)

Explorer

only check for my protected registry and files

OGA verify/WGA tray,

they need direct memory access as far as I recall, you can set asl for all other direct access, My protected files and registry and shutdown of processes

Spoolsv

limit all direct access, system shutdown, file and registry protection

Xthink · August 2, 2009, 8:55am

How about Network rules for those? Most of them wants to connects out.

Thanks.

Xthink · August 4, 2009, 7:35am

Kees

Any feedback from Comodo team to confirm if your AV config is better and more quiet?

Regards

Kees1958 · March 24, 2010, 3:12pm

Off course not, no reply

brockey01 · March 25, 2010, 3:55am

are you using the full suite Kees?

any input comodo team?

ssj100 · March 25, 2010, 6:00am

Nice bump haha. Good try anyway Kees. Hope you’re well.

Whoop-dee-doo · March 28, 2010, 7:14pm

I don’t have the technical background or the resources to adequately test your settings. I have passed a personal message to one of the AV developers to check out this thread. I hope to see a formal comment from the developers soon.

whoop