The Best Behavior Blocker Setting

Which does everybody think is the BEST setting for the Behavior Blocker (all settings listed below)???

My setting is Fully Virtualized, but I no how to alter/edit registry and what to do if something goes wrong

  1. Fully Virtualized
  2. Partially Limited
  3. Limited
  4. Restricted
  5. Untrusted
  6. Blocked

Tony. :110:

Partially Limited i.e Default for Average/Majority of Users

Any other for Advanced Users

In Chiron’s article about setting up Comodo Firewall he suggested setting the sandbox to restricted.

I.
What kind of the unknown applications do you often meet?

II.

  1. (1) popular trogens
    (2) the user who do not want to get extra protection from Win OS
    → partially limited

  2. (1) similar to Gpcode
    (2) the user who want to get extra protection from Win OS
    → limited

  3. (1) similar to QQpass
    (2) The user want to get 100% score in many tests. For example, CLT.exe
    (3) the user who want to get stricter protection from Win OS
    → restricted

  4. (1) be treated as strict as possible
    (2) the user who want to get strictest protection from Win OS
    → untrusted

  5. (1)unknown installer packages
    (2) the user who do not want to get extra protection from Win OS
    → fully virtualized

III.

  1. BB can block unknown applications only.

2.The VB can block some java exploit kits which affect the system by the java.exe trusted by CIS.

So what was the point of adding the additional setting - Fully Virtualized if it provides little protection?

As far as I know fully virtualized provides total protection from malware, including ransomware. However, I don’t remember about how the firewall works.

Is it still possible for keyloggers to log and send information from inside the fully virtualized sandbox?

Is it still possible for keyloggers to log and send information from inside the fully virtualized sandbox?

Is creating firewall rules requiring all installed virtualised apps to ask for access necessary ?
If so a guide on how to do this would be helpful for lots of users, myself included :wink:

I use Untrusted level :slight_smile: You need to decide what is best for you.

If I remember correctly no.

Just some info for users of CIS 6. I run Behavior Blocker is Partially Limited. I started having a problem with some of my program’s updater. I tried reinstalling the apps, but did not work. I finally figured out it was because of the Behavior Blocker.

It took me awhile, but I found where the CIS put the program. It was listed in the File Rating section Unrecognized Files. I submitted them to Comodo. If you delete the file from the Unrecognized Files list, the alert about partially limited will pop up again and you can tell it to not isolate again. This will add the file to the Trusted List. You must close the program and run it again so it won’t be isolated. I did this and the updater worked again.

Thanks Comodo for a great program. I have never used a program that protects at as many levels. For those that are frustrated, please take the time to look at ALL sections and options. Right now the only sections, I regular use, FW → Application Rules; D+ → File Rating → Unrecognized and Trusted.

I do have a question. What does the scan button do, if you don’t have the AV component installed? What is it scanning for and what is the database it is using? Is there a way to scan specific individual files? When I submit files (unrecognized), how will I know if Comodo added it their trusted DB or found something malicious?

The scan button will run a ratings scan. This essentially checks the critical areas of your computer and uses the cloud to assign the files as either trusted, unrecognized, or dangerous.

I don’t know if you can manually scan individual files without the AV installed, but I do know that all files running memory will be checked against the cloud.

Also, any files added to Comodo’s trusted files list will automatically be trusted the next time they are run. However, to make this whitelisting process as quick as possible please submit the files in this topic.