New defaults settings in CIS, lowering the security

With the new default settings all the popups from the firewall and D+ are allowed does not matter if is a virus or a legitimate app.
There is any difference between this settings and disable the firewall and D+?
Is this a way to scam the users thinking that they are protected by a firewall and HIPS while they are not?

Is this the best that Comodo can do to reduce popups? At least other vendors include an advanced heuristics, age heuristics and popularity heuristics (like Outpost)

I can understand allow all the popups from D+ ok, you still have the sandbox popups so Coomodo will work like an “antiexecutable”, but allowing all the popups from the firewall does not make any sense.

This is not default deny, this is not what Melih enact, this is default…

[attachment deleted by admin]

I agree about the firewall.
All outgoing request are allowed, incoming as well (?)
and even in “Advanced” tab in firewall settings everything is unchecked.

Is this incoming for Trusted Programs, Skype for example (which I am not sure I am happy to allow anyway). Or is it open to anything?

in auto mode

configuration → CIS

antivirus → quarantine threats automatically

firewall → allow all outgoing requests only

defense+ → enable sandbox and partially limited only


I hope that the firewall monitors the sandboxed process only in safe mode.

It can be done by deleting all application rules in network security policy.

According to the config all the firewall popups and d+ popups are allowed

D+ settings
Fw behavior settings

It is dangerous and I will never use it unless it incorporates some Heur or other Policy to determine what to allow automatically…

Allowing everything to run/connect to internet, and making it a default is against CIS “Default Deny” system itself.

You are making assumptions.
Did you actually look at the settings?

In the default install -
Yes the Firewall is set to - DO NOT SHOW POPUPS ALERTS → Allow requests
In D+ - The DO NOT SHOW POPUPS ALERTS box is Not checked.

The end result is pretty much the same as the much maligned All Applications Firewall rule.
A lot of people just don’t get it.

All Apps allow out, is done based on the idea that only Safe/Known Apps can run on your machine in the first place. This shows Comodo’s confidence in D+, Cloud, Sandbox.
If you personally do not have such confidence, you know CIS has the settings flexibility to achieve whatever level of mistrust, lockdown, or paranoia you wish.


As BF mentions, the D+ option to allow popups isn’t enabled. (at least it hasn’t been with the previous beta releases, I haven’t actually checked with the latest release)

Plus, these installation options only apply to the Internet Security configuration. If you have this option enabled during installation, (either by mistake, or simply overlooking the installer configuration options) switching to proactive after installation will disable the ‘allow popups’ option in the firewall settings.

These options are apparently frequently requested by IT professionals managing large networks, which is why they have been added.

But the firewall will also allow all inbound connections. The installer fails to explain that selecting the option to reduce alerts completely disables the firewall. Are we to assume that D+ and the sandbox together with the whitelist make a firewall unnecessary?

So what kinds of popups are allowed in D+ without user intervention? or how are going to be reduced the d+ popups?

Automatic sandbox is enabled and user don’t see D+ popups.

So all the D+ popups are allowed?

Sorry I still don’t see the difference. :embarassed:

Automatic sandbox disabled > user gets a lot of popups from HIPS
Automatic sandbox enabled > user doesn’t get alerts, because sandbox is making decision what to allow/block (according to limitation level: from partially limited to untrusted).

Not All pop ups, Most pop ups.
And it is not just willy nilly allowing everything to run amok, as Morphiusz has explained.
There are checks and controls/limitations.

Is it allowing all unsolicited incoming traffic? To where? I haven’t tested the default config externally yet.


I will read your answer in a couple of days
What determines which popups from D+ are automatically allowed and and which popups not?
What popups are allowed and what popups not? What changes in D+ settings if I check or not the option to allow some popups and not others?

Better to ask who determines which is and isn’t automatically allowed? That would be the developers in their design of the interaction between the modules D+/Sandbox.
In general -
Known Safe apps can do known safe actions.
Known Malware is Blocked
Unkown files are Sandboxed and restricted until judgement is passed as Safe or Malware.
If you want some kind of unimaginable specific list, I can’t help you.
Switch to paranoid mode in D+ to get a taste of what you’re missing.

I have said it before and I will again.
Do Not check the box to allow all D+ pop ups.
It will, AFAIK literally suppress and Allow All where it may have otherwise alerted/asked.
It is an advanced option that was added by request of corporate type Admins, or perhaps some advanced users may somehow find a need and the settings to go with it.


Also I had a look at the default Global Firewall Rules.
They appear Normal to me.
Not full Stealth.
But a perfectly normal set that Allows only some ICMP networking message type traffic.
Otherwise any unsolicited incoming traffic will be blocked.


In Firewall Settings ‘Do not show pop-up alerts’ is selected.

I noticed that Skype inbound connections from various IPs are allowed automatically, whereas if that is not selected I have the alert so can chose whether to allow them. Skype say they are safe and should be allowed.

Obviosly something changes and it’s not like you are explaining it.
I didn’t ask you to explain how the sandbox works or the firewall
The popups are reduced because the option says so, If you don’t know what changes in the D+ settings or nothing changes… the popups are reduced and no settings change?

When I use my previous settings after upgrading to Build 2075 I get a lot of pop-ups now and some files that are Trusted when launched get’s sandboxed. When I re-installed and used the default settings, not that many pop-ups and the Trusted Files I placed do not get automatically sandboxed.
Went back to using my previous settings and more pop-ups.