New defaults in CIS 5.5?

After reading and asking , we have found out that:

  • in Internet Security configuration the new FW default for “all applications” is “Allow all Outgoing requests”, while it is not so in “Proactive Security”
  • in Internet Security configuration explorer.exe is set as “Windows System Application” in Defense+ while in old version 5.4 it was set as “Trusted Application”

I am wondering if in version 5.5 some other defaults have changed in Protected File/folders, Protected Registry keys, Protected COM Interfaces, etc.

In a few words, could you please update this thread
or a similar one, taking into account the different versions pertaining to Internet Security, Proactive Security, etc.

Thanks :-TU

If this is true, Comodo is going backwards :-TD

It only takes a few clicks to set it straight. No biggy for the security conscious users like yourself.

Yes, but why an average user would like to have a Comodo configuration that can be bypassed? any malware running in the sandbox can send information to internet

Sure … but you know the reality is that it took me the best part of 2 days to get you guys to actually mention this change out loud after I initially reported and couldn’t figure why the heck the latest versions didn’t respect my “custom” firewall settings.

Common sense would make one believe that such a drastic change (yes it is drastic because who in his right mind as even a pro user goes around checking each and every rule everywhere after a fresh install or upgrade?) would be publicised in bold on the download page … no?

It is also worth mentioning that other suites like NIS and KIS are implementing smart firewalls. They use some kind of behavioural analysis to determine whether to allow a file to connect to the internet or not. Even when they do not detect a file, they have a blacklist of domains so they prevent any file to connect to these domains.

These smart firewalls are not perfect, but definitely better than Comodo firewall which allow outgoing connections of all files good or bad.

If past experience is any guide, all the average user wants is some sort of protection in place that never bothers them about anything. They would trade security for convenience any day.

As an example, they hear about HIPS products and how strong they are, so they want to install one.

Hey! ??? Why is this thing giving me an alert every time I try to do something?

That’s the HIPS doing exactly what it is supposed to do… 88)

I’ve long said that if you can’t deal with popups, perhaps a HIPS isn’t the best security solution for you.

Comodo however, is trying to make their product a product that anyone can use. For this to happen, they need to make adjustments to ensure as few alerts as possible.

I would also prefer that the outgoing rule wasn’t added, but the goal is usability. Just today, there is a thread complaining about the fact that external media is always considered untrusted. One user stated that average users just want to be able to use their computer without intervention, and another stated that things like this (external media being untrusted) are the reason Comodo is losing customers.

So there you have it… Convenience trumps security! The average user just wants to use their computer. They really don’t care if they’re reducing their security to do so. :-\

So the best recommendation for a noob user it do not install Comodo because it give popups anyway and also you will have a hole instead of a security suite, all your data can be stolen by any malware running in the sandbox, you can lose your money in the bank but do not worry your pc is safe >:-D

Everyday is more clear that Comodo does not care the security at all.

How would that happen? Keylogging or screen access are disabled:

In addition to the Sandbox restriction level set for an application, Defense + also implements the following restrictions. A sandboxed application cannot:

Access non-sandboxed applications in memory

Access protected COM interfaces

Key log or screen capture

Set windows hooks

Modify protected registry keys (if virtualization is enabled)

Modify EXISTING protected file (if virtualization is enabled).

From Unknown Files: The Sand-boxing and Scanning Processes.

Everyday is more clear that Comodo does not care the security at all.
Please notice that the default settings in CIS v5.x are tighter than when v4 got released and that your opinion did not change accordingly.

If you have malware that can steal data by key logging or taking screen captures please provide us with it so we can see what is going on.

Send any file from the computer to internet is not a hole big enough for you?

Why answer a question with another question? Do you have malware that can circumvent the sandbox limitations and is able to send passwords etc?

I think the point with this, is not so much that they’ve dumbed down the security (again), for those who can’t, or won’t be bothered, to spend a few hours learning about the product they’ve chosen to protect their computer, although that’s bad enough, it’s that they didn’t bother to tell anyone. It wasn’t until I flagged the issue as a bug that egemen made any kind of announcement. To me, that’s at best negligent and at worst irresponsible.

agreed. they need to supply us with a full change log not just a few things


To me this a complete deja vu of the release of v 4.0 which also introduced this rule and, righteously, caused a lot of turmoil here at the forums.

However, the sandbox did become significantly better with the release of v5 and will stop a lot of malware right in its tracks.

Still it seems to contradict the Comodo Firewall as we got to know over the years. A program that empowers the end users to keep their systems clean with variable levels of notifications depending on user’s preferences.

Luckily it is changed quick and easy enough.

New and old programs alike no firewall rules created for them even when CIS is set to have its firewall create rules for safe applications.

Is something broken here?


I hope that this rule will be changed.
Now, as part of the security suite is not a firewall…


If you really don’t want to change it i ave a proposal

[attachment deleted by admin]