Question about conflicting applications

Comodo Internet Security - CIS Install / Setup / Configuration Help - CIS
1

Hi, I’m looking for a little bit of help. At the moment I’m using Comodo firewall without defence plus, Panda Cloud, and Iobit 360. I was using Avira free, but fancied trying Panda as I really liked their paid-up internet security suite when I used it a few years ago. I’d use it again, but when I had a problem I found their support… actually, no I didn’t. :wink:

I’ve been using Comodo for a couple of years, though I dumped the antivirus a while ago after too many false positives. I’m an Average Joe (sorry!), but willing to spend time finding the right products. The reason I disabled Defence Plus was because, for me, it can sometimes be impossible to know whether the thing Comodo is flagging is a risk or not, even after Googling. I felt having Defence Plus was defeating the purpose. Instead I started using Iobit 360 degrees. However, I’m wondering if I should try Defence Plus again and be extra patient, since it seems to be the best there is.

The problem I have right now is that I’m getting muddled up with the different kinds of real time protection out there, eg, would Comodo firewall with Defence Plus protect me from viruses, malware, spyware, rootkits, adware, blah? Does it protect me if, say, I click on a dodgy link online, or only if I download something bad then attempt to run it?

Do I need extra layers of protection, or is that doubling up? Specifically I’m thinking of Counterspy, Trojanhunter, Prevx, Threatfire, Spyware Terminator, Ad-aware’s real time protection. I don’t mean all of them together. I know some conflict with each other. Are any of these programs known to conflict with Comodo firewall/Comodo firewall and Defence Plus?

Regarding Iobit 360, I know it’s a complement to AV, but is it doubling up when it comes to Defence Plus? Does anyone know which of the various options on 360 I would need to switch off to avoid confilct?: auto protection against malware, auto protection against known threats, real time, DOG detection. And does anyone know which options on the above programs I’d need to switch off?

Now this is a really dumb question, but what is the difference between Hips and real time protection? Is Hips a form of real time protection? Can anyone explain in baby language? :slight_smile:

Sorry for so many questions and for general ignorance. I’m in paranoid mode after signing to a Bullguard beta trial. I don’t even know what possessed me. Anyway, it didn’t install correctly but I couldn’t get rid of it either. I went surfing without security and picked up umpteen Trojans and a virus, ironically looking for suggestions for good security set up while forgetting my PC was unprotected. :smiley: Seem to be clean now and I got rid of Bullguard with Revo.

Many thanks in an advance.

2

Well it’s really good, among the best but indeed you need some time and patience to understand how it works…
If you need a bit more light version of such prevention i think ThreatFire is the one to look for.
However they changed settings for D+ lately a few times so it doesn’t alert that much any more in default setup, so maybe it’s worth a shot to see how many alerts there are still left.

The problem I have right now is that I'm getting muddled up with the different kinds of real time protection out there, eg, would Comodo firewall with Defence Plus protect me from viruses, malware, spyware, rootkits, adware, blah? Does it protect me if, say, I click on a dodgy link online, or only if I download something bad then attempt to run it?
Firewall with D+ will prevent you from all except adware is more a job of a signature scanner (AV). D+ will alert you once the application is started on your system, it will monitor what it wants to do and alert you if it finds it suspicious to your settings, it does not filter web traffic so it won't block during browsing but as soon as it hits your harddrive or memory it will kick in.
Do I need extra layers of protection, or is that doubling up? Specifically I'm thinking of Counterspy, Trojanhunter, Prevx, Threatfire, Spyware Terminator, Ad-aware's real time protection. I don't mean all of them together. I know some conflict with each other. Are any of these programs known to conflict with Comodo firewall/Comodo firewall and Defence Plus?
I would not add extra real-time layers in this case, i would suggest to scan with Malwarebytes antimalware once a week or alike with Superantispyware.
Regarding Iobit 360, I know it's a complement to AV, but is it doubling up when it comes to Defence Plus? Does anyone know which of the various options on 360 I would need to switch off to avoid confilct?: auto protection against malware, auto protection against known threats, real time, DOG detection. And does anyone know which options on the above programs I'd need to switch off?
Sorry I'm not familiar with Iobit so i don't have an idea where to look, in general i would suggest not to run two of a kind applications on security level (AV-AV, FW-FW, HIPS-HIPS).
Now this is a really dumb question, but what is the difference between Hips and real time protection? Is Hips a form of real time protection? Can anyone explain in baby language? :)
Well an AV scanner is Real-Time "protection" against all bad things it knows by it's signatures (some kind of recognition that that file is virus X). Anything it doesn't have a signature for will be allowed, poof your infected !

A HIPS will monitor the application and doesn’t need a signature, it will monitor let’s say

  • Starting an other application
  • Accessing the memory of an other application
  • Writing files in “dangerous” places (like c:\windows\system32) where most viruses like to load there files.
  • Writing to the systems registry where it likes to get started together with your system at startup.
  • etc for all bad things a virus/malware is known…

So yes HIPS is real-time protection, just like an AV is but that will fail if it doesn’t “know” the bad program, a HIPS not because it watches it’s actions.

Real-time is basically that some application inspects actions before they are allowed.
In case of the AV when a file is written to disk normally only windows would take care of this, now the file is first passed to the AV scanner and after it’s been found “clean” it’s given back to windows to write it to disk, so this “side trip” is “Real-Time” protection.

Hope this is baby language enough :wink:

Sorry for so many questions and for general ignorance. I'm in paranoid mode after signing to a Bullguard beta trial. I don't even know what possessed me. Anyway, it didn't install correctly but I couldn't get rid of it either. I went surfing without security and picked up umpteen Trojans and a virus, ironically looking for suggestions for good security set up while forgetting my PC was unprotected. :D Seem to be clean now and I got rid of Bullguard with Revo.

Many thanks in an advance.


No problem, if you have more questions feel free to ask

3

Ronny, thank you. That’s very clear and helpful. I’ll give Defense Plus another try and be extra patient. I’ve set it to training mode as I’m not sure what the default set up is that you mentioned.

I can’t quite bear to give Iobit 360 up so I’ll disable the real time protection and DOG detection and see if I still find it helpful. I looked up DOG Detection on Iobit’s forum, so now I’m wondering if Defense Plus offers this type of heuristic protection.

4

Well i would advise to run Training mode only for a limited number of hours use all your applications during that time and then switch back to clean pc mode, or even safe mode depending on your needs/likes etc…

More on defaults can be found here

Training mode will also “learn” bad applications so it won’t protect you…

In regards to DOG it seems like some sort of Heuristics detection which suggests it’s part or supplementary to the AV engine, but also these kind of “tricks” are also used by D+ to determine if the alert color should be red or orange where red is more “dangerous”. By which I’m not saying that DOG is part of D+ it’s just that most of them use a like techniques to recognize the good from the bad…

5

Thanks again. Actually, though it’s been on training mode today it’s hardly bothered me. I’ll switch it to safe mode for now, till I’m completely sure my PC is ok.