Why BOClean???

Hi, I’ve been a constant (guest) visitor to this forum since I’ve downloaded Comodo Firewall Pro and I must say that I like it very much. It seems like there’s a lot of clever folk here who are always fast to respond competently to questions cencerning COMODO (:CLP). So I decided to join and ask a few (probably stupid) newbieish questions.
From the very first day I installed the FW I’ve been (:LOV). So I decided to give CAVs2 a try. Unfortunately I encountered some problems (concerning Windows Updates (XP Home SP2) (and other progs) which wouldn’t install but instead caused my Notebook to cease performing, an overall loss of performance,…). So I uninstalled it again and reinstalled AntiVir - I’ll sure give Cavs another try once it’s out of Beta. Everything is working fine so far.
FW top - CAVS’ a downer. However, while reading a bit in the forums I came across BOClean - which seems to be an interesting prog - but after my CAVS experience I’m not sure wether to install it or not.
So here come my questions (even though I carefully read everything I could find about BOClean, including the manual):

  1. I have AntiVir, Adaware SE (Free), and Commodo FW Pro installed for security. What additional benefit can I get from BOClean?
  2. Does it work with my Antivirus Guard (2 On Access Scanners)?
  3. Does BOCLean become redundant once Comodo FW pro 3.0 will be released (as it will have - if I’m not mistaken - HIPS)?
  4. What negative experiences have you had using it (especially interesting since I’ve had the problems with CAVS2)?
    Thank you for your competent answers.
    Cheers,
    Grampa. (L)
  1. I have AntiVir, Adaware SE (Free), and Commodo FW Pro installed for security. What additional benefit can I get from BOClean?

BOClean stands guard in memory watching what code actually does, not what it says it’s going to do or looks like it’s going to do. It therefore has a very good shot at catching what AV’s commonly call a “zero day” which are in fact a simple repack of already known variants.

  1. Does it work with my Antivirus Guard (2 On Access Scanners)?

BOClean compliments existing AV setups in a layered approach.

  1. Does BOCLean become redundant once Comodo FW pro 3.0 will be released (as it will have - if I’m not mistaken - HIPS)?

EDIT: I don’t No. ;D
Okay, I pulled that one outa my… hat.
I need to look into the other program further. :-[

  1. What negative experiences have you had using it (especially interesting since I’ve had the problems with CAVS2)?

Lost my HOSTS file when I first started using it because I was testing it out before reading the support docs which clearly stated the HOSTS file would be reset unless configured otherwise.

Good questions, “Grampa”.

Would you please explain a liltte more on this, ~cat~? I have little to no knowledge with respect to both CBAM and HIPS.

As stated before: fast and competent / informative reply. Thanks a bunch cat, that already helped a lot. However, I’ll wait for other experiences before I’ll - almost certainly - install BOClean.
By the way, and please excuse my ignorance: Why will I still need BOClean if the FW has HIPS? (I don’t really know a lot about computers (:SAD)) I’m not questioning your statement, it’s just that I want to learn and understand how these programmes work.
(S) (I really like the icons ;D)

P.S. I just found this link https://forums.comodo.com/index.php/topic,7408.0.html
Melih says: “CPF is fast becoming a total Anti Malware solution, a proactive defense solution, an Anti hacker product…V3 will be kind of tool, that will literally stop malware (including rootkits) from infecting your system. So if you got a clean system after installing v3, you can pretty much say bye bye to any infection.”
Possible names are:
1 - Comodo Malware Prevention Suite/System
2 - Comodo Hacker Prevention Suite/system
3 - Comodo Anti Hacker
4 - Comodo Anti Malware
5 - Comodo Proactive Defense at the moment this is the beta name for it
6 - Comodo Proactive Security System

Doesn’t this mean that BOClean will eventually become redundant???

Another modification, another question (I know that it belongs into the Firewall section but it’s not worth a new topic):
Does anyone know wether - once the new Firewall 3.0 will be released- I can simply update my current version or have to uninstall the old and install the new?

Lol :slight_smile: Grampa is a funny guy :smiley: He knows what he is talking about, although he want you to beleve otherwise …

Greetz, Red.

It’s been asked before, and although not an official response, it’s very likely that an uninstall and install is necessary for a big version upgrade.

But even with HIPS preventing malware access to the computer, wouldn’t there still be a need to remove it with something like CBAM or a blacklist scanner or can a simple Windows delete work?

(Sorry. Just noticed this is a little off-topic.)

Be assured, I have no idea what I’m talking about. I’m still in nursery school when it comes to understanding computers but will hopefully - one day in a faraway future - be able to get to the level of proficiency many of you guys and girls around here have acquired.
But thank you for having confidence in my competence (:HUG).

Lol m8 :slight_smile: You can’t fool me ;D But I like your style :wink:

Greetz, Red.

Grampa,
My bad, I didn’t read the question fully and have edited my original reply.
I’m not familiar enough with the program or development plans to give a qualified answer.

That makes 2 of us. ;D
I suppose it will depend on how it’s implemented.
When I think of HIPS and firewalls usually sorting packets comes to mind.
One thing watching Melih is teaching me is I can’t put Comodo into a box.

(:CLP) I’ve never seen a forum where people answer that quickly - and are so friendly. Chapeau, mes amis. (:CLP) I’ve already made myself at home.

Back to the topic:
Until someone can shed a light on my 3rd question (and questions 1&2 being answered to the fullest - thanks ~cat~), maybe you could share your positive as well as negative experiences with BOClean with me to help me making a decision wether to use BOClean or not. Especially interesting: Can it be fully uninstalled - if we were to find out later it was redundant??? (I’ve had some really bad experiences with other progs: had to reformat my HD because I couldn’t get them completely uninstalled…

Beware: I might just believe you and start giving some dim-witted advice to others around here who seek help, thinking I was some sort of computer-guru :wink:

G’day grampa
Re uninstall-My experience
Decided to play with a little startup manager
Problem, slow startup, disappearing sys tray icons including the program itself and boclean. Program uninstall wouldn’t work correctly not one that enters into add/remove, things not looking good. (:AGY)
Ended up using winpatrol to disable the startup program. BOclean running but no icon.
Stopped boclean in task manager, uninstalled via add/remove. downloaded the latest release installed and now all back to normal. :BNC
Using antivir no problems

Sullo

G’day to you too,
and thanks for sharing your experiences, sullo. Everything I’ve heard so far is very much in favour of BOClean. I think I might just give it a try.

Why BOClean? I’ll give you a perfect example. I’ve got XP Pro running Comodo Firewall, Antivir PE Premium, Spyware Terminator and BOClean.

I just, not 5 minutes ago downloaded a Finances program from download.com called BestCash as I’m terrible with my expenses and always broke. I downloaded the file and then opened the setup to install it. For some reason it wasn’t installing or only doing it half way. I checked my BOClean logs to find that the BestCash installation tried to install a Trojan on my system. Thankfully, BOClean stopped it and removed it before it even had the chance to do any damage to my system. My antivirus didn’t detect it nor did Spyware Terminator!

BOClean saved the day even without me knowing it! Whew!

“Best” and “Cash” are two words one must be wary on the internet. And if combined, the result couldn’t be any worse ;D. That’s why a few site names with those 2 words in it are on my Opera block list

.

Although not nearly as serious as sullo’s uninstallation experience, BOC 4.22 did leave a few files & folders behind, but no registry entries as far as I can remember. The rest was clean.

That is what I call a convincing example. Thanks EricEgan. Though I have one more question.

Did BOClean did anything else than stop it, like…

How do I configure it so it doesn’t do anything “potentially evil” to my system??? Though I read the manual I’m not so sure… as I said, I’m not a pro when it comes to computers and configuring software.

Any more info would be highly appreciated.

P.S. Why isn’t there a smiley that says “COMODO FORUMS ROCK”??? I guess this one will have to do. (R)

I’ve only been using it for a day or two so I’m no expert on the program as of yet. Comodo BOClean stops it and removes the file safely. I’ve not come across the HOSTS File issue before. As I’m back at work at the moment I don’t have the time to look at the configuration but from his post it seems that maybe there is an HOSTS Reset option in the configuration. Maybe if you de-select "Automatic Cleanup of HOSTS file.

I’ve had no problems so far since the official release.

ERic

Hello again,
I just realised I haven’t got a clue what I or you are talking about… stupid me.
So here come my questions (having re-read the manual and not understanding the crucial parts):

  1. I’m writing about the HOSTS file without really knowing what it is… What happens to my computer
    when BOClean resets it? … Can I still use the internet? … How does it affect me when using my
    notebook?
  2. If it cleans up my ActiveX downloads that shouldn’t really affect me, should it? However, what
    exactly are the consequences? Does this mean that e.g. my FF extensions will be deleted?
  3. Winsock connectivity…not a clue? If BOClean cleans it up will I lose my internet connectivity? If so,
    how do I get it back?
  4. What are CSS stylesheets? Will a deletion affect my computer? In how far?
  5. If I uncheck all the boxes on the right (see: http://www.comodo.com/boclean/supboc.html for a
    screenshot), will BOClean still stop malware from entering into my computer the only difference
    being that I have to remove it manually (should it get past BOClean and is not detected until it
    has finally settled into my sytem)???

I know I must be a pain in the arse asking so many basic questions but he who dares not ask a question will never learn, will he? (:WIN)

Once again, thanks in advance for all your competent help.
(R)
Cheers,
grampa.

Hi again… Having read a bit further this afternoon… I might be able to answer your questions.

  1. BOClean resets the Hosts file to just as it was before the Malware got into your system. You can still use the internet and it doesn’t affect you when using your notebook. It simply stops and removes the malware without requiring any confirmation from the user. (For this I select “Unattended Cleanup and removal”

  2. Cleaning up your activex downloads shouldn’t really affect you at all. There are no real consequences from what I can tell and NO your FF extensions won’t be deleted.

  3. Winsock connectivity has to do with your Virtual Private Network Connection to your router. You will NOT loose your connectivity.

  4. CSS Style sheets are parts of Web Forms and relate to Visual Basic settings (How the Explorer or Firefox is displayed. Generally CSS sheets are used in web design.

  5. I should still detect and remove the malware just not do all those things on the right hand side of the window. They are selected by default because those options are recommended. I do suggest UNATTENDED CLEANUP AND REMOVAL.

I hope that’s more help…

Eric

The default settings apply to most users and generally shouldn’t be messed with unless you know what you’re messing with.
If you use a HOSTS file, you know what it is and why you use it.
Mine was a throw back from when I used IE, (didn’t have access to useful extensions like Adblock for Firefox) and relied on an outside DNS server (I use Treewalk/Hawk now).