A doubt that I hope someone can remove. I did some tests with CIS on some word and excel files with malicious scripts that tried to connect to IP addresses. Obviously with CIS, running the firewall asking what to do and the script is launched in the sandbox (it was with a green border). By choosing block you prevent the connection to that IP address, but if you make a mistake and choose allow or use CAV which is without a firewall you are always protected since the script is in sandbox and therefore does not access personal data, important files, etc … which are in the PC?
Any application that is run in containment can connect to the internet and leak your (personal) data out to the internet (e.g. to a malware IP) if that application is not blocked by a Firewall.
For example, you can run Firefox in containment and still browse the internet because Firefox isn’t blocked by the Firewall…
Bottom line, always use a Firewall and block all connecions initiated by applications (malware) that are run in containment if you want to prevent (personal) data leakage to the internet.
So CAV (which has no firewall) is from this point weaker than CIS?
Even if you choose partially restricted or restricted as the restriction option in the containment settings in run virtualized?
I wouldn’t say that CAV is weaker, it is just another product on it’s own. CAV is for users or customers who might be using it together with another brand Firewall. Containment and Firewall are two different protection layers, combined they give the best protection.
Containment only prevents applications from making permanent changes to files on your system (e.g. your personal files or system files), however it doesn’t block or prevent applications from making internet connections, only a Firewall does that.
Ok. Thank you very much now it is clearer to me. I am deepening my knowledge of COMODO products more and more and I am increasingly appreciating their protection value, which I believe to be excellent. :-TU
CAV is not CIS.
In the event of an attempted attack, the automation of a first-rate protection (firewall-container-hips -…) such as CIS makes sense.
Provided of course that the parameters are well defined.
In the past I was a bit suspicious especially for the not very high detection percentage and because it created some operating problems on my PCs (32 BIT PCs a bit old). Now I have to say that the latest version is not causing me operational problems, it seems to be stable. Also as I understand its containment, firewall, cloud, viruscope, etc … operations I am becoming convinced that it is one of the best free and complete security systems especially with zero-day attacks, ransoware and data theft which are the emerging threats in recent years.
With COMODO I feel protected. :-TU
just to add in the HIPS > Protected Group > Protected Date where you can put Files/Folders that CONTAINED App cannot access, see or modify
one thing to note is Auto-Sandbox/Auto-Containment and Virtual Kiosk is the same environement.
I dont know if Secure Shopping(virtual mode) is the same environment or a different environment with added protection
Does HIPS necessarily have to be active or just add secure file / folder and it works the same?
I do not activate it because I would not want to make a mistake on some choices that should be proposed to me and therefore create problems with the PC or cancel the protection.
you dont need to enable HIPS for the “Protected DATA” because it protect against sandboxed Contained App
its really out of place and Confusing sometimes being mistaken for protected FILES ;D ( the Protected FILES , Protected Registry, COM is for the HIPS though ) there used to be a description in the tab like in the exception tab
Ok then if for example I add the “documents” folder will it be protected from any access even if HIPS is disabled, but adding it only among the protected folders?
If so, that’s great. :-TU
Yes, it will protect Against “Sandboxed” app the app wont be able to see files under document folder
But app running outside the sandbox can access, see and modify it
Thank you!!! Great!!! :-TU
Perhaps it is information that is not easy to understand and that not everyone knows.
In my opinion, in order to make the capabilities of CIS and CAV better known, they should simplify the functions, perhaps adding descriptive notes … because there is so much to study and understand in CIS and CAV.
IMHO this HIPS protection for contained applications is a bit over the top for normal daily use as contained applications cannot make permanent changes to any files by default. And when the container is reset (cleared) then everything is back to normal.
:-TU