Review CIS 6

Hey all here is my prevention review of CIS 6 and also me explaining some of the features that some people don’t understand well.

Thanks Languy.

I always enjoy your reviews. Very thorough and fair.

Well done as always :-TU

Thanks for this review
btw, CloudBehavior.Suspicious means that an app has instantly been detected by CIMA but after the full scan it detected something with this signature. In 5.x ver when you enable Cloud scanning it only scan throught FLS but does not check unknown processes with CAMAS but now in v6 this has changed.

Great review!
:-TU

Thanks :-TU

very good review :wink:
thanks :-TU

Have you Report your Bugs that you have in the Review to comodo

thank you Languy99 :-TU

That was a good video.

Thanks for the tips.

regards

Nigel

last one? or will we get when its final release to ?

Normally languy said he makes review for a pre beta (preview), beta, and ofc final.

I haven’t seen one of those active review videos before. Terrifying to see all the yes clicks on the malware sites. I was wondering why the heuristics were set to “low”. Wouldn’t “high” be better?

Sure, if you want more false positives.

Heuristics by their very nature are prone to false positives. The more sensitive you make them, the higher the chance it will detect something it shouldn’t.

What i dont like in this review, and in the behaviour of the new comodo,
of course its very usefull if you KNOW that you are running a virus. We can notify it, when processes get disabled manually.
BUT
While this might be handy if you are allready about to do it,
for situations and people who dont know or dont want,
there is something missing that was there before:
Easy overview.
This overview helped people to know when something is not ok.

  • A connection
  • A blocked or running file
  • A sandboxed file.

Now we have to press a lot of shiny buttons. Next to other shiny buttons. And until we do it, we dont know nothing.

For example:
I saw a fully virtualized thing full of virus (not cleaned automatically), and i would have to use this virtualized thing to use my bank. Or i have to clean it. BUT we dont know when we ran a virus! Yes, we even dont know if the virtual thing is containing a virus, because the scan does not come up.

As a user of sandboxie it appears, this version of comodo seems to add some “possible dangerous” moments. Like if you add a lot of squares unsorted together. There are holes between them. Even though they could fit physically.

I use a sandbox for the case that i DONT know if i get a virus or not. The new comodo is made so much for cases when you know or realize it allready. In normal life, thats when its too late for safety on average day using.

And last but not least:
If a sandbox does not allow “something” to run, its not save by default. Because someone wanted to run it. And when it does not work sandboxed… you know.

Just remember that once the Kiosk is closed all applications are closed as well. Then, when it is started again no applications are allowed to automatically start.

Thus, no malware can auto-start in the Kiosk. It can only act during the one session in which is was run.

I wasnt speaking about the kiosk especially. I would unchoose it for the requirements.
But allready the fully virtualized browser does not erase changes automatically too.
Does the antivirus access the box? The video said, no.
The virtualized browser (AND things) will be like they were left by the virus. Maybe the virus does not need to start again, because its done.
Its no difference if something virtual does bad things, or something permanent. In effect.

This “confusion” means one or both of the following:

  1. Its not clear to the user
  2. Its possibly not safe in circumstances (especially combined with 1)

The missing overview is the worst though.

 If I understand part of the post correctly. The question is , if something like banking gets messed up in virtualization, even if it all goes away later. How could the banking of gone properly.

If I understand post correctly problem is:
you start virtualized browser, surf the web and get infected by drive-by infection (doesn’t affect real machine since virtualized), but in virtualized environment you don’t get any notification about infection/suspicious behavior, than you proceed to your bank web page end enter your data (also in virtual environment in which now you also have some infection and you got pawned)

why didnt you use something to at least the windows appear genuine xD ?

The restricted level, fully virtualized, can block “keylog, clipboardlog, and install some global hooks”.

It can not block “screenlog”.