I totally agree. 
:-TU
Obviously I agree very much that the default settings should be more solid and protective and I add that I am banging my head to make the new version of CIS work on my PC and I still have no news.
This version is available on the website, an average user (who does not know the potential of CIS), downloads it, installs it and realizes that it does not work well. The windows security system reports that there is a problem. An average user does not know what to do, he does not even know in detail what is going on, he only sees that warning that alarms him. What does he do? Uninstall Comodo and look for another one for free … Install the free versions of Avast or Kasperky or AVG or Bitdefender or Panda or Avira and working without problems.
So the average user greets Comodo and chooses something else.
WSC reports for some problem but Actually there is no problem Cis works like expected if WSC is more important than security try to use another software that registering to WSC successfully
if comodo comes proactive auto block like cruelsisters settings no regular user even able to use their own system/daily apps so this default settings right for most people
:P0l
I agree with you but here we are talking about an average user who does not know who cruelsister is, does not know if despite being a mistake on WSC, Comodo works the same and does not go to look for insights on the forums.
An antivirus creates error warnings in Windows, the average user uninstalls it and replaces it with another that does not create these errors.
Solving these small bugs means taking the trust of multiple average users.
But dude Comodo includes a HUGE Trusted Vendor List of 100.000 Vendors + Trusted Files Cloud database, if somebody is having trouble with “everyday applications”, then those applications are Cracked Software, Shady programs coming from untrustworthy companies, etc.
Let’s just become default allow and disable everything in CIS by default, even though we have this Huge Whitelist?
I have Comodo set to Block Unknowns, disabled Cloud, Custom Vendor List of around 80/90 Vendors and never once CIS blocked a legitimate application on my computer.
Default settings for CIS don’t make any sense.
I see Comodo as a product for techies, those who are generally more advanced than your typical set it and forget it anti-malware user. It may be that Comodo is trying to serve their techie base and also the more casual user. I submit the standard settings are for the more casual user. Comodo’s core philosophy is different from most in that they espouse the default deny approach. In this regard, the vaunted firewall is the centerpiece masterpiece. While most others are chasing the dream of signature, hueristic and zero day detection with their AV.
Is it possible for Comodo to serve both camps equally well? That seems to be the big challenge.
A few points for Comodo to consider:
- Make Cruelsister settings the default settings for CIS, and (maybe) CFW as well.
- If not CS Settings, then put Access Restrictions on Containment module enabled by default, on ‘Limited’ level at the very least.
- Enable Embedded Code Detection for more processes by default under Script Analysis List, better coverage against Scriptors and Fileless attacks by default.
- Consider making ‘Proactive Security’ the default profile since Comodo has this HUGE Whitelist, if something is not in this Huge Whitelist, it is most likely Malware. It is 2020 and people should stick to well known and reputable programs from trustworthy vendors only, and stop using Cracked Software, Shady programs coming from pseudo-companies. In this case HIPS should come disabled by default.
- Firewall should BLOCK Web Access to Unknowns by default, not “allow”.
- Remove ‘Downloads’ folder from ‘Do not virtualize access to the specified files/folders’.
- VirusScope should be stronger with more Recognizers for Malicious Behavior. On the same strenght level as Kaspersky’s System Watcher for example.
8 ) The strenght of CIS is in it’s Default Deny platform, if not doing any (or most) of the above, then improve AV detection ratio drastically, to mitigate the risk of infection due to the weakened state of other modules at default settings.
Similar what I’m also assuming and similar to my settings.
I like HIPS and therefore it is activated. It gives me the feeling of more security because it is up to me what applications do and what not.
HIPS is activated as well as containment.
As being a little paranoid in ‘andvanced protection’ I have set ‘recognizing of embedded codes’ for all applications.
I also run HIPS activated set to Auto-Block all requests, maybe they should set it that way if following my suggestions/making Proactive profile the new default. They could implement a small notification window telling when HIPS blocks something. Also HIPS should monitor apps running inside Containment, that would be nice to have.
Also Script Analysis should include more processes on the list, even if most of them come disabled. Like this Wish for example: https://forums.comodo.com/wishlist-cis/extended-script-analysis-list-t124634.0.html
It is completely possible to make CIS automated, and providing strong, resilient protection, without requiring any user input.
You can’t expect the Average Joe who sells products at the streets as his profession, to understand Comodo settings and modify them for better protection.
i can’t say the same
Then either leave Cloud enabled or use the default Vendor List, or enable Cloud temporarily before installing an app signed by a vendor not in your Custom List.
Average users will never disable Cloud or modify the Vendor List, therefore no reason exists for the default settings being so weak: Containment without Access Restrictions, Downloads folder excluded from Virtualization, Firewall allowing all outbound connections by default regardless of application reputation, even AV module is coming with Heuristic disabled by default now, which don’t make sense since the AV does not scan apps Whitelisted by Vendor List or Cloud… It’s like CIS default settings were designed by a left-wing human rights activist: “let’s allow infection by default to avoid False Positives, even though we have more than 100,000 Software vendors Whitelisted and a Huge Cloud Whitelist database…”.
Yes and no! If you will use comodo you can it install, get further information if you want to know a little more as you do with every software (e.g. https://support.kaspersky.com/14363#block2) and once set leave it (so I did it in the beginning with some help for settings many years without any problems).
Maybe comodo should also include some pictures with sliders and knops as a quick setting option. Not a joke!
In the Web Anti-Virus settings window, set the security level: High. This security level is recommended for sensitive environments when no other HTTP security tools (firewall, proxy server, etc.) are used. Recommended. This security level is optimal because it consumes the system resources in a balanced way and provides reliable protection. This option is set by default. Low. Use this security level if you have additional HTTP traffic protection tools installed on your computer (firewall, proxy server, etc.). In the Web Anti-Virus settings window, select the protection level
Even Kaspersky, ESET and all other vendors default settings are weak. They disable most critical Zero-day features or dumb them down for “avoiding False Positives”, yet allowing infection to happen. You can check the defaults of Kaspersky, ESET getting bypassed on Youtube video tests. It’s like the people who decides the default settings for those software are all “politically correct” people, and this is the cancer of 21st century. You can’t be all pacifist, allowing everything when dealing with Criminals (Malware).
Comodo defaults are even weaker than Kaspersky or ESET defaults. This is really bad for Comodo’s reputation. How to explain to the Average Joe the reason why Comodo’s “Unbeatable Default Deny platform” failed at SE Labs when even AVG Free protected 100%? And how to expect computer illiterate people to dig deep into Comodo’s UI and modify settings for getting the real benefits of this Default Deny Platform? This is quite funny indeed.
You can embed e.g. sliders from ‘Weak’ (Internet Security) to ‘Recommended’ (Firewall Security) to ‘Strong’ (Proactiv). So normal user are informed w/o having to be busied with the program itself (like green-yellow-red).
Then a Cruelsister setting for users who are very concerned about protection, based on Proactive Security with pictures, knops or sliders.
No change to the program, but filled with “nice” pictures, sliders and buttons to click and slide, very easy and handable for everyone, always with a short commend what you are doing and getting when do it so: weak protection - recommended protection against all/most threats (malicious software) - very strong for users who want …
with “nice” pictures, sliders and knops to click on a.s.o.Knops for Learning Mode (HIPS and Firewall: Trainingsmode), Recommended Security (Safe Mode) Security only for Advanced Users (Paranoid Modus) and so on.
In next tests you can read: comodo restored its program from the ground up. Now much easier and more effective to use than before with a light to sophisticated protection. Very recommendable.
This sound like a good idea, but it will be only useful if the testing laboratories (SE Labs and all others) set Comodo to at least ‘Recommended’ (Firewall Security) because if they select ‘Weak’ (Internet Security) we jump into the same situation of allowing infections for the sake of avoiding non-existing False Positives with this Huge Whitelist.
I think CIS defaults were designed back in V5 era when the Trusted Vendor List/Cloud Whitelist database was not big as it is today and people used a lot of unsigned applications, therefore CIS defaults are outdated and lacking an overhaul urgently.
Don’t write it here, make a wish using the standard format.
Like this they will keep ignoring the request, but at least they will do it in an official way >:-D
It’s no whish from me, is an answer to [at]mmalheiros within the discussion.
I just realized that even in proactive mode heuristics is disabled. Further, with cruelsisters settings, which I have enabled now, heuristics is also turned off. What level of heuristics do you guys recommend? (hi-medium-low)
I have set it to High and not jumped into any False Positives so far.
I think it is safe if you set it to Medium, especially if you configured AV to Auto-Quarantine upon detection.