This has been going on for quite some time now. The default setting for BB is partially limited, so that implies that it’s recomended setting by comodo, but many users here say that people should crank it up to limited (and in some cases, higher). I had quite a few troubles with isolated programs on “limited” setting, but it doesn’t seem to happen that often in CIS 6… So, if you’re using “limited” (or higher) BB setting, have you noticed any improvement over 5.10? And maybe Comodo should set “limited” as default setting, since it seems many users are switching to that anyway?
It’s a trade off.
For very good security with convenience (most unrecognised files will run without difficulty), use partially limited
For better security with a small increase in inconvenience use limited (maybe 80% will run)
For even better security with significant increases in inconvenience use higher levels (fewer and fewer will run)
Most people are fine with partially limited. I use partially limited and proactive config. I’m on the web pretty constantly - and have had no infections since I started using CIS.
If you are exposed to somewhat higher levels of risk than normal then choose limited.
Beyond that TBH if you have the technical expertise I would consider higher levels vs using HIPS on paranoid and turning the BB off. Both have their merits.
1.If the user expects CIS V6 to block the following actions, the restrcition level must be switched to “limited” or higher.
keylog, clipboardlog, screenlog (with or without a foreground window)
2.If the user expects CIS V6 to block the following actions, the restrcition level must be switched to “restricted” or higher.
install global hooks, access some COM interface (with or without a foreground window)
3.The BB for CIS V6 is almost the same as the user checking this in CIS V5.
4.The user can check this by the comodo leak test.
Partially true. CIS 6.0 partially limited does protect against all these things, but the protection is more selective, more threat-probability-related. When it does step in we are told the protection is more thorough. I, like you, do have some concerns re screen grabbing and have unanswered questions about one aspect of COM protection.
I would advise that you use at least limited. If you come across a new variant of ransomware it can still encrypt your documents if you left it set to partially limited. Limited and up will protect you from this.
Yes, I believe they could either do that or just switch it to limited. As far as I can tell, at least at this point, either option would protect you from ransomware.
cis beta fail some ancient methods of screenloggers, keyloggers even with all levels of configuration allowed for basic users
how did you add that?, cis 6 using explorer now to add!!!
in the explorer just choose any file, select ok and after that just edit it again and you can put those signs
I would say--------
Real life secenario - Partial Limited is excellent, almost all the programs works fine.
If you are the type who watch youtube, etc videos on security & change programs accordingly then limited or higher is your requirement.
Its also based on the type of users.
Average users - No need to change the defaults. Defaults is excellent, protective & comfortable.
Expert users - Well expert users can change to anything.
In other thread you asked me to test auto full virtualization with ransomware. I tried to get ransomware malware but I couldn’t as none of them worked. I tried malwaredomainlist, malwareblacklist, malc0de & cleanmx.
But I would like to test ransomware against auto full virtualization & partial limited. I would like to test if any ransomware encrypts the data against partial limited & what all CIS, integrated CCE & any other softwares other than Comodo can do.
But I am not able to get ransomware malware. So if you will give me ransomware malware I will test it with partial limited & auto full virtualization.
I test in real system i.e no VMWare, XP SP3 32 Bits.
So can you give me ransomware malware to test?
I don’t have any at the moment. I’d have to go find some, the same as you. You could try some samples from malwaretips.com, in the correct area of their forum. (I don’t want to get too specific)
Yes we have a lot of them ^^