I’ve noticed after web surfing for a long time to dozens of web sites that sometimes eventually I get an error that the site could not be reached. I found out that the “proxy server” option in Windows (Internet Options) got enabled. The proxy server host and port are empty so my web browser is trying to use a proxy that isn’t defined. While I could wander through the option pages of the web browser to disable the proxy setting, I ended up creating a .reg file that has:
Then I just double-click on the shortcut pointing at that .reg file to make sure the proxy server setting is disabled. While I’ve read about JavaScript setting a proxy server, I thought that was usable only during a browser session. The proxy server set to enabled (but no proxy) survives across web browser sessions. So I’m interested in finding security software that will restrict what can be changed in the registry without prompt or, conversely, I want to get prompted when certain registry entries are changed. Besides this particular Internet setting, another would be to watch that the DNS setup doesn’t get changed; i.e., someone or some process doesn’t alter my DNS server setup unless I’m prompted (for example, to block a DNS changer).
What, if anything, of the registry does Comodo’s Firewall and its HIPS feature monitors registry changes and will prompt me about additions or changes? Is there documentation on what areas, by default, that Comodo Firewall or its HIPS will protect? Can I add includes of other registry keys if Comodo Firewall doesn’t cover those by default?
The article regarding registry protection doesn’t provide a list so I can first read the documentation to find out what is covered before installing the product. However, it does show that I get a list that I can review of what is currently configured in the program along with an Add function. So if:
isn’t already in the list then I can add that registry key to get alerted on any change to settings (data items) under it.
Good to know that I can add more protection in the area of interest. Now I’ll have to research what registry entries are involved in the DNS setup so I can ensure those are protected, too. Users might expect the HIPS feature to protect them against proxy and DNS changes but I can’t tell beforehand if CPF does that by default. The only way I will know is to install and then look. Yet a lot of pre-configuration in CPF is to eliminate users requiring this level of expertise to effectively use CPF to protect against corruption of these settings.
Thanks for replying. If not already protected, and with the knowledge of what I need to check is protected or that I can add it, I can modify CPF to protect me against accidental or malicious change of these settings. Thanks again.
entry would cover the ProxyEnable (and other proxy) settings that I was concerned about.
For clarification, if I wanted to protect everything under a registry key, do I end the string with a backslash? And if I want to protect a particular or wildcarded set of data items under a key, I do NOT end with a backslash? That is:
“\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Proxy”
would only protect the Proxy* data items under just the Internet Settings key?
*\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
would protect all data items under just the Internet Settings key (no recursion into subkeys)?
"*\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings*
would protect all data items under the Internet Settings key and recursively into all subkeys and their data items?
From Comodo Internet Security Software - System Critical Registry Keys Protection, it looks like I would select a key and that dialog would enter “key*”. I would then leave the backslash star (*) at the end to recursively protect data items under that key and all its subkeys and their data items, or I would edit the string to end with backslash only () to protect all data items but only under that key (no recursion), or I would edit the string to end with with backslash [wildcarded] string (\string or \string* or *string*) to catch data item(s) under only that registry key (no recursion).
For clarification, if I wanted to protect everything under a registry key, do I end the string with a backslash? And if I want to protect a particular or wildcarded set of data items under a key, I do NOT end with a backslash? That is:
“\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Proxy”
would only protect the Proxy* data items under just the Internet Settings key?
*\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
would protect all data items under just the Internet Settings key (no recursion into subkeys)?
"*\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings*
would protect all data items under the Internet Settings key and recursively into all subkeys and their data items?
From Comodo Internet Security Software - System Critical Registry Keys Protection, it looks like I would select a key and that dialog would enter “key*”. I would then leave the backslash star (*) at the end to recursively protect data items under that key and all its subkeys and their data items, or I would edit the string to end with backslash only () to protect all data items but only under that key (no recursion), or I would edit the string to end with with backslash [wildcarded] string (\string or \string* or *string*) to catch data item(s) under only that registry key (no recursion).
Did I guess right?
The star or asterisk symbol * is a wildcard character see Wildcard character - Wikipedia and glob (programming) - Wikipedia and the backslash is a path delimiter Path (computing) - Wikipedia so in your examples “\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Proxy” would cover EVERYTHNG that comes after proxy and “*\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings*” would also protect every key and sub-key recursively because of the wildcard . But ending a path with a backslash would not cover recursively only that exact path, so if you want to protect everything under a specified path make sure you end it with an asterisk(). I hope I explained it clear for you.
like the data items AutoConfigProxy, ProxyEnable, ProxyServer, etc. I do not want to include its subkeys (Connections, Protocols, etc). My understanding is that I would use the path shown above that ends with a backslash to protect ONLY that key AND its own data items AND nothing below that key.
I understand wildcarding. What is unclear and not specified in the documentation is how to protect only the data items under a key and nothing else (subkeys) under that key. That is, specify a path with NO recursion under it, just the data items under that path.
Do I even need to end with a backslash to specify protecting only that key’s data items? Would:
I just tested this out and unfortunately, unless its a bug, if you specify the path of a key with or without the trailing backslash it does NOT protect the registry values under that key unless you either 1. include the wildcard or 2. specify the exact value in the path. For example just having \Internet Settings or \Internet Settings\ will not alert when the values AutoConfigProxy, CertifcateRevocation, etc are modified. I assumed it would and ignore any sub-keys (5.0, CACHE, Connections,etc) but it seems you must use a wildcard to cover the reg values even if you don’t want to cover the sub-keys, in which case you must specify each value you want to protect (\Internet Settings\AutoConfigProxy,\Internet Settings\CertificateRevocation, etc).
Oh darn, not as flexible as hoped. To monitor only the data items under a particular registry key and NOT recurse into its subkeys and their data items means I would have to end the key name with a backslash and the data item’s name, and repeat for each data item under only that key (except for any data items that could be wildcarded to specify them as a group). Wildcarding is handy but specifying all data items ONLY under the specified data key is also handy. Too bad regex isn’t supported. Then I could really be specific as to just exactly what I wanted to include in a rule.
As a Comodo beginner I’d like to know if it is possible to configure the product so that all registry entries are protected from all applications running inside the Comodo Sandbox?
I’m looking for an equivalent protection that Sandboxie provides and I wonder if/how that would be possible when using Comodo only…
If an application is running in the sandbox as fully virutalized, then the entire registry is already protected and any modification made to the registry will be made to a virtual instance of the windows registry. The protected registry is for applications running outside the sandbox that are being monitored by the HIPS component called defense+ of CIS.