“COMODO - Proactive Security - This configuration turns CIS into the ultimate protection machine. All possible protections are activated and all critical COM interfaces and files are protected.”
Well, this is apparently not the case as heuristics are turned off and well as some other features. For now, I will try heuristics on high. Also, it looks like if we set AV to Auto-Quarantine, there will be no notification. I’m not sure if that’s what I want, to have something detected and then quarantined without my knowledge.
I think this is mostly referring to HIPS component internal functions/protection rules.
For Auto-Quarantine, there is a small notification window that appears on the screen for the same time length as a regular alert. But Auto-Quarantine is not a very wise thing to do, since even regular AV signatures can commit False Positives sometimes.
I think they should set it to Low by default like in older CIS versions and consider setting it to Medium.
I tend to agree with this. I’d like to have a choice what to do with the detection.
The 12.2 manual recommends setting the advanced FW settings as shown at the bottom:
These settings seem to work fine AFAIK, except enable anti-ARP spoofing, which prevents some websites from loading and I have to leave unchecked. What’s more, I get the sense that some settings are controversial and open to interpretation. IE., cruel sister mentioned not to touch other settings not mentioned in her tutorials. In other words, as an inexperienced to intermediate user, there is too much left to uncertainty which leads to the FUD factor. (Fear, Uncertainty, and Doubt)
I just noticed that after enabling anit-ARP spoofing that the firewall blocked incoming traffic for a 2 minute period. The protocol was listed as ARP. I checked the IP address and it belonged to my router. So for the short time I had it turned on, there was some blocking going on and I’m guessing that’s when those websites would not load.
I always leave all options of Advanced under Firewall config enabled and never found any issues so far, including the issue you described with some sites being prevented from loading, I think maybe you should rise a Bug Report so they can investigate your issue?
I like to always set up CIS/CFW as aggressive as it is possible to accomplish and never found any issue in doing this. Cruelsister suggested settings are nice,
other than what she suggested, there is Embedded Code Detection under Script Analysis List which the user can enable for more processes other than default ones, and Vendor List customization.
Paranoid mode for HIPS/Custom ruleset for Firewall I don’t do and don’t recommend anyone doing.
In my opinion if CS suggested settings were the default values for CIS/CFW, no bad results such as latest SE Labs results would ever happen.
To solve this problem, I believe, needs a deeper knowledge in IT-Technic: network, technik of attacks and …and…and . Therefore I doubt that any one could solve your problem in remote diagnosis w/o access to your pc. I e.g. have no problems with anti-ARP-proofing activated.
samples or files are not active on the system;
in general it is found copies of restoration volume (they are not active, they are only a backup copy made by the windows itself);
an improvement is needed only for non-virtualized folders (contention);
Antivirus it’s just a primary and ineffective protection, just recreate another file and the antivirus won’t see (that’s why I started using comodo firewall and nowadays comodo internet security);
Comodo internet security is specialized in prevention and that keeps us safe
This is true. I incorrectly implied a connection with CS settings and heuristics. I have the FW setup according to her tutorial. I tried using CFW with Windows Defender, but grew tired of what Microsoft thinks passes for a GUI and installed CIS. The point about the heuristics is that even with Comodo AV or CIS in proactive mode, heuristics is disabled. Either Comodo thinks it is mostly ineffective, or perhaps more likely, they do not want false positives because it discourages and annoys many inexperienced users.
Assuming I add /.exe in ‘Advanced Protection/Script Analyses’ then all exe-files wil be analysed. Of course, ‘recognizing of embedded code’ is enabled.
The setting isn’t designed for that . . . ‘CIS performs heuristic analysis on certain programs because they are capable of executing code. Example programs are wscript.exe, cmd.exe, java.exe and javaw.exe. Example code includes Visual Basic scripts and Java applications’ . . .
There’s a Wish List with more information and links which give more details for you Extended Script Analysis
