Author Topic: Specify FW/HIPS rule for particular service name, not just file/process  (Read 571 times)

Offline iki

  • Newbie
  • *
  • Posts: 1
Hi!

1. What actually happened or you saw:
FW/HIPS allows rules per file or process. Svchost.exe processes run several different services each.

2. What you wanted to happen or see:
I need to be able to specify rules per particular services. E.g. by having option to pick from existing Windows services, or specifying either full service name, or the short service name used with `net start/stop <service>` command.

3. Why you think it is desirable:
I need to block some services and allow others.

4. Any other information:
For example, Eset Smart Security allows that.

Thanks for a great piece of software!
« Last Edit: September 09, 2017, 10:59:53 PM by iki »

Offline Buvar

  • Newbie
  • *
  • Posts: 12
Re: Specify FW/HIPS rule for particular service name, not just file/process
« Reply #1 on: November 20, 2018, 01:51:32 PM »
I completly agree! Setting rules for svchost.exe is a nonsense. But I'm not sure if Comodo listens for any suggestions... They should use system with votes for features, not the forum.

Offline kyl

  • Comodo Loves me
  • ****
  • Posts: 105
Re: Specify FW/HIPS rule for particular service name, not just file/process
« Reply #2 on: November 20, 2018, 04:52:05 PM »
votes for features is not good idea because users can wants features that compromise or decrease system security cause users are generally not experts just users and rules for specific services arent good too because svchost or etc can used by malwares or safe programs allowing everything for example scripthost safe windows component but it can run malicius code

Offline prodex

  • Comodo Loves me
  • ****
  • Posts: 186
Re: Specify FW/HIPS rule for particular service name, not just file/process
« Reply #3 on: November 20, 2018, 11:28:30 PM »
votes for features is not good idea because users can wants features that compromise or decrease system security cause users are generally not experts just users and rules for specific services arent good too because svchost or etc can used by malwares or safe programs allowing everything for example scripthost safe windows component but it can run malicius code

 :-TU

It would be desastrous if users could determine how cis has to work. Some, for example, have problems with cis because some settings are made, what is allowed or not allowed, what contradicts cis, and so on. Such users would then also program cis.  :o No, thank you, then I would look for another security software.
Would Kapersky go this way?   :-[

Strange and terrible suggestions!

Just read (a good example)  ;)  :): (This thread shows what that could main: https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-v11006728-ndash-released-t123032.0.html;msg882912#msg882912)

Quote
author=barry
I hope devellopment team will fix this sooner or later , it's one of those pesky little annoyances that could be easily fixed , or can't they?
  ???


Shane, could you shine a light here?
   :-TU


.....a great piece of software!

And so it shall remain. In all the many years I've been using comodo I've had no problems with malware, trojans, worms etc.  :-TU :)
« Last Edit: November 21, 2018, 12:21:48 AM by prodex »

Offline Csaba2

  • Newbie
  • *
  • Posts: 12
Re: Specify FW/HIPS rule for particular service name, not just file/process
« Reply #4 on: November 21, 2018, 02:25:36 AM »
votes for features is not good idea because users can wants features that compromise or decrease system security cause users are generally not experts just users and rules for specific services arent good too because svchost or etc can used by malwares or safe programs allowing everything for example scripthost safe windows component but it can run malicius code

this is no argument!
something does not work, users can turn off cis functions at any time! svchosts must be broken down into processes, better to know than ignorance!
CIS has virtualized the svchosts. I had to find out which process is what it is!

Offline prodex

  • Comodo Loves me
  • ****
  • Posts: 186
Re: Specify FW/HIPS rule for particular service name, not just file/process
« Reply #5 on: November 21, 2018, 04:19:18 AM »
The whole list shows enabled files only which I want to be virtualized (see attachment).

Offline Buvar

  • Newbie
  • *
  • Posts: 12
Re: Specify FW/HIPS rule for particular service name, not just file/process
« Reply #6 on: November 21, 2018, 06:03:29 AM »
votes for features is not good idea because users can wants features that compromise or decrease system security cause users are generally not experts just users and rules for specific services arent good too because svchost or etc can used by malwares or safe programs allowing everything for example scripthost safe windows component but it can run malicius code

I don't agree. I understand that user may want features going against security, but in that case Comodo would explain why they do not do it. It is not a case with svchost. Svchost is a wrapper for apps which need to be executed as services as win services subsystem needs to communicate with them and to have some control over them. There are some services (= applications) I don't want to allow communicate with some web servers, but there are some others for which I want to allow communication with servers I know (and trust)... If I disable svchost for any communication, all win services are blocked. Any application can be dangerous, so why allow communication at application level? Comodo could force you to allow for all or for none. This is the same logic as is now with svchost. I understand that not all end users know what svchost is, but for advanced users there should be possibility how to achieve that.
« Last Edit: November 21, 2018, 05:30:44 PM by Buvar »

Offline prodex

  • Comodo Loves me
  • ****
  • Posts: 186
Re: Specify FW/HIPS rule for particular service name, not just file/process
« Reply #7 on: November 22, 2018, 12:24:30 AM »
I don't agree. I understand that user may want features going against security, but in that case Comodo would explain why they do not do it. .....I understand that not all end users know what svchost is, but for advanced users there should be possibility how to achieve that.

I have questions: Wouldn't it be a very special feature only for relative few users? Is this wish worthwhile? Windows issues warnings when disabling or stopping svchosts that this could make the  system unstable.
Don't have those users the possibility (not so comfortable for YOU) to stop those programs via task manager or otherwise?

These are just questions, not suggestions!
« Last Edit: November 23, 2018, 02:24:11 AM by prodex »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek