Run Safer Mode

Is there a way to make Comodo do what Online Armor’s run safer mode does? Can I edit settings for Firefox either in the Firewall or D+?

Vette, could you please explain how OA’s run safer-mode works? Without knowing, it’ll be pretty hard to come up with a solution. :wink:

I create a group of dangerous applications and then forbid in defence+ what is not needed such as direct disk access, direct memory access, HKEY_LOCAL_MACHINE, device driver installation, c:\windows*.exe.

This is not the same but it means your dangerous programs are limited in what t hey can do. Safe application can then no longer learn these things.

It can be found over at Online Armors site.

Run Safer

When Windows is first installed, the first account it creates is an Administrator account, which is what most people use. The name of this account is usually the name of the person that owns the computer, and a person would need to know where to look to know if the account is an Administrator account or not.

Administrators are allowed by Windows to make nearly any change to the system that they want to, including changes that could affect the whole system. Administrators can install drivers, make configuration changes to Windows, and much more.

Limited users can not make changes that would affect the whole system. They cannot install software that could affect the system as a whole, cannot install drivers, and cannot configure Windows in any way that would affect other users on the system. For example, a Limited user can change the wallpaper and screensaver of their account, but cannot change the system time. The wallpaper and screensaver would only be seen when logging into that account, but a change to the system time would affect Windows as a whole (including other accounts on the system).

When you run a program, it will run with the permissions of the account. When you run your web browser in an administrative account, the web browser can do anything that the Administrator can do. Likewise, when you run your web browser in a Limited user account it can only do what Limited users are allowed to do. Limited user accounts offer strong protection, but are rarely used by the majority of computer users.

How does Run Safer work?

Run Safer makes using an Administrator account safer by running user-selected programs as a Limited user when you are in an Administrator account. Run Safer does not restrict programs directly, but rather tells Windows to impose the extra security measures of a Limited user on the target program.

When a program is running using Run Safer, any other program that is launched by this program will also “inherit” the Limited user account restrictions. This means that if your web browser is set to Run Safer and you browse to a website that uses some trick to infect your computer with malware through the web browser, then the malware will be heavily restricted in the ways that it could infect your system. This also means that when your browser is run using Run Safer and a document viewer or media player is automatically launched to view content from the internet, then that program also inherits the same protection; if the document viewer or media player ends up being used to infect your computer then the same security restrictions will be applied.

Some malware cannot infect a computer with the restrictions of a Limited user account at all.

Using Run Safer

A program can be set to Run Safer by opening the Online Armor Control Panel, selecting Programs from the Main Menu, and clicking the Run Safer button.

When you see a pop-up to Allow or Block an Unknown program when it tries to run, then you will also be able to select Run Safer on the pop-up.

Run Safer is best used on any program that handles internet content including web browsers, email programs, instant messengers, media players, word processors and other document viewers, download managers, and more.

Run Safer can also be used on Unknown programs that you are not sure of but still feel that you should Allow to run.

You should not set programs that download and install software updates to Run Safer because they may not be able to install new software updates.

Other security software should not be set to Run Safer because they may not be able to function correctly.

Hi Vette

The best way to approach safer mode with respect to CIS is to run your browser as an isolated application or any application that malware can use as a door to get in your computer.

By the way I thought you were using NIS 2009. Truth be told I was using NIS too and I came back to my source, Comodo of course.

Peace. :slight_smile:

I stopped using NIS 2009 awhile back when they forced the Ask Toolbar on people then got hacked. Also every single day somebody posts something in there forums stating " I got a virus and Norton doesnt detect it.". And do you know what the modders first response is " Download and install SAS and MBAM." “Run a scan in safe mode”. Isn’t that a crock for a product you paid $60 for. I posted a bunch of links at I also had all my customers uninstall it. Some got refunds from Symantec. I will try the isolated suggestion. Thanks.

I also got a whopping score of 40/340 using the Comodo test. Using KIS 2009 I got a score of 280/340. Honestly I didn’t feel safe using NIS 2009 nor did I feel good about recommending it. Will there be any negative effects running both IE and FF as an isolated application?

Well you cannot run IE or FF as an isolated application. See what happens after I rebooted.

[attachment deleted by admin]

Well Vette I did. I’ve been running both FF and IE 8 as isolated browsers with no problems. Try to isolate your browsers through D+ advance setting.


Thats what I did. I edit FF and IE as Isolated Applications under D+.

They only way to Isolated something is via D+. The only way to do that is through the Advanced settings. So obviously I know how and where to do it but when I do see my logs. Sure you do not mean “Limited”?

Nope, I mean isolated my friend.

Also Vette another to replicate the safer mode of Online Armor in CIS is to turn on the parental control feature of CIS on and suppress all pop-ups. Thus, by doing so you will enable the default deny feature. However, such a feature come with its own disadvantages such as software updates. All updated files from any software will be waiting for you to review and then place them all in your safe files, to me it is a pain.

I wish Comodo, even in the default deny mode could allow trusted applications to update without any headache, if you know what I mean.


Well putting IE and FF as Isolated Applications doesn’t work on both my pc’s. IE and FF will not even launch under Isolated.

Hey Jaki…Are you using the latest RC2? You should NOT be able to run anything as isolated. If you can then your Comodo seems to be broken. The first rules in Isolated is “Block as executable”.

Yes I am.

I’m using FF as an isolated browser as I’m typing this. Here what I did: I opened firefox and then I went to D+ advance and clicked upon computer security policy. I then scrolled down to locate FF and clicked upon edit and clicked upon use a predefined policy. From the pull down menu I selected isolated application. if FF was not part of the computer security executable I would have clicked on add and from the pull down menu I would have selected running processes. Then I would have chosen the firefox.exe and click on select and then apply.

In your case Vette I would first delete the FF D+ rule and follow the steps above.

FYI FF is in both my computers both running vista. Desktop 64 bit and laptop 32 bit.

Both FF as well as IE8 are running as an isolated browser on both my computers.


Hi Vette

I started a thread about isolated applications please read it. As a matter of fact I’m starting to think that you could be right with regard that CIS isolated apps could be broken.;msg279372#msg279372


I think a lot of this has how you have your windows set up.

I can run firefox as an isolated app, in which case it cant do anything apart from launch and read websites basically.It cant do something like open a pdf(cus that would mean executing foxit) or open a document(cause that would mean opening office).

Do you have DNS client set to disabled in services Jaki?

What about you Vett?–>could you still access your homepage?(probaly not because that would need you to access the DNS client).
Try going to sevices.msc and disbaling the DNS client,then try again(it would be good to know)

Looking at my logs now i see loads of D+ alerts for direct keyboard access, but im typing this 88) I can type stuff in but i cant use the windows api which allows for copy/paste.

I dont think its broken just isolated from everything.More testing O0

p.s. I set it from a pop-up,ow and it`s sandboxed…!!

Hi Matt_R

I opened a pdf from the internet using FF as an isolated browser and I did not have any warning from CIS D+. Everything went well.


I cannot open up FF or IE at all if they are under “Isolated”. I am also using OpenDNS.