Please help me with some advanced questions :)

Hi,

  1. when i send files as false positive for analysis do i have to be online or will it happen when i go online next?
  2. there are many false positives !!
  3. my router seems to be hacking myself as i get lots of intrusion attempts from its ip, why?
  4. defense+ seems useless to me as i only run trusted programs; programs i do not trust are run in the sandbox. so why defense+? i am an experienced user and don’t know which registry tweaks or deeper things like com+ items have to be allowed …
  5. i would like to know how critical it is to go online via public hotspot and if the TrustConnect Program is useful. Is it like a VPN ? i already have VPN Software.
  6. are files indexed somehow or are they scanned each time even when still in the same folder?
  7. last question: is it safe to have private data on a usb-stick and only connect it when i am offline or is it possible that pictures or files of that usb-stick are somehow backed up or copied in the background to a temp folder or so?

greetings from germany

1. when i send files as false positive for analysis do i have to be online or will it happen when i go online next? 2. there are many false positives !!
Propably the next time your on the internet, as for how long it takes..... I'm guess it's how busy they get. If it's not done by the 3rd day, send it again. <--It'll get done 1 way or another :) Depending on the version of comodo, you can just open comodo The simplest way 1)open comodo icon 2)under "misc" or "antivirus" icon (depending on the version 3) click "submit file, find the the files in question and slide it over, then click on false positive, then send

or

3. my router seems to be hacking myself as i get lots of intrusion attempts from its ip, why?
Are you basing it on "network defence" icon on the main comodo screen??? You can post a picture of the logs here, someone or me can give a answer :)
5. i would like to know how critical it is to go online via public hotspot and if the TrustConnect Program is useful. Is it like a VPN ? i already have VPN Software.
how critical it is to go online via public hotspot?? Everybody has there own opinion. Stuff like filling out a job application, going to a bank online, pay stuff with a credit card and stuff where you type in personall info. :) if the TrustConnect Program is useful?? Again, everybody has there own opinion. I think (my opinoin) it is very good. You'll know trustconnect isn't owned by a possible shady company
Is it like a VPN ? i already have VPN Software.
I not sure on how to answer it ???
6. are files indexed somehow or are they scanned each time even when still in the same folder?
Do you mean the anti-virus?
7. last question: is it safe to have private data on a usb-stick and only connect it when i am offline or is it possible that pictures or files of that usb-stick are somehow backed up or copied in the background to a temp folder or so?
Maybe someone else can answer this. Sorry

Have you included your routers IP address in any rules that allow local traffic? Are these intrusions directed at any particular port (1900 for example)? Are there any relevant entries in the logs?

Ewen :slight_smile:

Sandbox (SB) is part of Defense+ (D+). Make sure it is possible to have SB operating normally with D+ disabled.
Your point makes sense. If SB is disabled then D+ is necessary. But if SB is enabled then… malware probably should not be able to do any damage…

5. i would like to know how critical it is to go online via public hotspot and if the TrustConnect Program is useful. Is it like a VPN ? i already have VPN Software.
Public hotspot: If you access mailbox without SSL, login to http pages, then your mails, mailbox's username and password, usernames and passwords to http web-pages are sent to hotspot in plain text and may be captured by "parasites" in the hotspot's Local Area Network (LAN) -- for example, hackers' sniffers (what else?). Public hotspots are believed to be more vulnerable to this kind of attack(s) because hackers break into wireless LANs more often (as they do not need physical access to hotspot's LAN because it is accessed by radio waves, not by wired cables).

TrustConnect (TC) is VPN indeed (AFAIK core functionality is provided by OpenVPN). It encrypts traffic from local computer to Comodo’s servers. There traffic is decrypted and is sent to addressee (e.g. web-page). Hence anyone/anything which would capture TC traffic in a hotspot’s LAN would get garbage (as encrypted stuff is indeed garbage :slight_smile: ) instead of real data sent to the internet.

Free TC encrypts traffic from local ports TCP 80, 443, 1503, 1863, 5050, 5190, 5222, 5223, 110, 995, 143, 993 and UDP 30000:65535. SMTP connections should be blocked, too.
Paid TC covers all traffic AFAIK.

If it provides encryption (all VPNs provide encryption?) to trusted (by you!) 3rd party (e.g. ISP), then you’d probably do not get extra benefit of using TC.

7. last question: is it safe to have private data on a usb-stick and only connect it when i am offline or is it possible that pictures or files of that usb-stick are somehow backed up or copied in the background to a temp folder or so?
Depends on where you connect an usb-stick. If you connect it to clean computers then this kind of "attack" is probably not valid. But if you connect that usb-stick to different computers, then you can expect anything (i suppose it is not a problem to code hidden copy operation upon stick is plugged in). As for me i receive 50/50 result: in 50% of cases i end up with infected stick, in another 50% of cases i'm lucky and systems where i used stick were clean enough ;)