Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Security

Reply
 
Thread Tools Display Modes
Old 19. Jun 2009, 06:37 PM   #1 (permalink)
J_L
Co-Author, Best Free Security List
 
J_L's Avatar
 
Join Date: Dec 2008
Posts: 2,003
Default How to Tame Comodo Defense+

Quote:
Many of us dislike Comodo's Defense+ simply because it is so naggy. It bombards us with pop-ups, sometimes causing lag, and doesn't seem to trust the safe software we have. This article will show you how to tame this overprotective HIPS.

First of all, something that quite a few people knows, is the Treat this application as: part of a Defense+ alert. In order to view it (if it's hidden), you have to click the more options trigger underneath the message at the left side. There you will see a variety of option, but the 2 most useful are: Installer or Updater and Trusted Application.

Treating the application as an Installer or Updater is pretty self-explanatory, and is best used when you are installing or updating something. Make sure you use it only when Comodo pops-up with an alert regarding the installer or updater file, not explorer or something else. Also, make sure Comodo goes into Installation Mode during the installation. Only use this if you are absolutely certain that it can be trusted. You can also treat file archivers and self extracting archives as Installers and Updaters without making Comodo go into Installation Mode.

Treating the application as a Trusted Application will make it have unrestricted access to your system (unless you have another security measure to prevent that). Only do this if the application needs all the privileges and is 100% safe.

Next is something less known, the My Pending Files. In order to access it, you have to open Comodo and click waiting for your review under Proactive Defense in the Summary tab. When the window comes into view, first click Purge to get rid of non-existing entries. Then select all the safe and trusted files, and click Move to: My Own Safe Files. After that, select all of the unsafe files (if any) and click Move to: My Blocked Files. As for the unknown ones, you'll have to determine what it is by looking at its directory, clicking Lookup... (maybe even submitting it to Comodo for analysis), googling, and uploading it to VirusTotal + Anubis (or similar sites). If you come up with nothing, than you might as well remove it from the list, Comodo will still monitor it and spring into action if it does something.

Don't check mark remember my answer for any temporary files. For example, I never keep installers after I install something, so I uncheck remember my answer, but still treat it as an installer or updater. Of course this also includes anything ending with the .tmp extension, and within temporary directories. Now as for the reason, it simply make Comodo faster in both short-term and long-term. By that, I mean the alert will acknowledge and disappear almost immediately, and it won't clutter the Defense+ rules with junk (which makes it slower in the future).

In order to optimize Comodo's speed, it is important to regularly purge old non-existing entries within both its Defense+ rules and Firewall rules. To do that, open up Comodo and go to the Defense+ tab. Next, click Advanced at the left side. Then click Computer Security Policy. After the window appears, click purge to get rid of non-existant entries. Do the same for Firewall rules (this time: Firewall tab>Advanced>Network Security Policy). More advanced users can manually remove unnecessary rules and create new ones. Purging My Own Safe Files (Defense+ tab>Common Tasks>My Own Safe Files) is a good idea too, mostly for security reasons.

Lastly, there's the old set Defense+ security level to Training Mode. I do not recommend it unless you are absolutely sure you have a clean computer and only do safe tasks on it during that time. That may be fine if you are lazy and security conscious, but definitely not if you are forgetful (forgetting to set it back make it completely useless).

I hope this article helps makes computing easier, and change your mind about Comodo Defense+.
I've made it into a How To article yesterday, and it's awaiting moderation. I'm wondering if/when it will pass, and how I can improve on it. I'm not an expert, but I would like to share my knowledge on this, because many people dislike Comodo for this reason, and there doesn't seem to be anything on this topic. Any advice will be appreciated.
J_L is offline   Reply With Quote
Old 19. Jun 2009, 10:31 PM   #2 (permalink)
Senior Member
 
peter's Avatar
 
Join Date: Apr 2008
Location: Denmark
Posts: 478
Default Moderation

Moderation isn't the best term we could have used, but I guess we're stuck with it for now. In effect, your article is blocked from public view (i.e visitors & Members). An Editor will check it, and it will then be "published" so everyone can see it, and comment on it and so on.

We simply have to work like this; you must appreciate that people are able to write almost anything they want, and we have to protect the site.

We don't have a huge problem with "naughty things", but we do need to check that you haven't included direct links to files, or violated someone elses copyright, advertising etc etc. I have absolutely no reason to think that your article isn't perfectly OK, but we do need a little time. Please be patient.

If time passes & nothing seems to happen, plz contact Gizmo.
__________________
lets the music play the band ...
peter is offline   Reply With Quote
Old 19. Jun 2009, 10:45 PM   #3 (permalink)
J_L
Co-Author, Best Free Security List
 
J_L's Avatar
 
Join Date: Dec 2008
Posts: 2,003
Default

Ok thanks, I'll be patient.
Seems like I posted it without the bolds, italics, and underlines, so here it is again:
Quote:
Many of us dislike Comodo's Defense+ simply because it is so naggy. It bombards us with pop-ups, sometimes causing lag, and doesn't seem to trust the safe software we have. This article will show you how to tame this overprotective HIPS.

First of all, something that quite a few people knows, is the Treat this application as: part of a Defense+ alert. In order to view it (if it's hidden), you have to click the more options trigger underneath the message at the left side. There you will see a variety of option, but the 2 most useful are: Installer or Updater and Trusted Application.

Treating the application as an Installer or Updater is pretty self-explanatory, and is best used when you are installing or updating something. Make sure you use it only when Comodo pops-up with an alert regarding the installer or updater file, not explorer or something else. Also, make sure Comodo goes into Installation Mode during the installation. Only use this if you are absolutely certain that it can be trusted. You can also treat file archivers and self extracting archives as Installers and Updaters without making Comodo go into Installation Mode.

Treating the application as a Trusted Application will make it have unrestricted access to your system (unless you have another security measure to prevent that). Only do this if the application needs all the privileges and is 100% safe.

Next is something less known, the My Pending Files. In order to access it, you have to open Comodo and click waiting for your review under Proactive Defense in the Summary tab. When the window comes into view, first click Purge to get rid of non-existing entries. Then select all the safe and trusted files, and click Move to: My Own Safe Files. After that, select all of the unsafe files (if any) and click Move to: My Blocked Files. Then remove all the useless entries such as files within your recycle bin, and other temporary files. As for the unknown ones, you'll have to determine what it is by looking at its directory, clicking Lookup... (maybe even submitting it to Comodo for analysis), googling, and uploading it to VirusTotal + Anubis (or similar sites). If you come up with nothing, than you might as well remove it from the list, Comodo will still monitor it and spring into action if it does something.

Don't check mark remember my answer for any temporary files. For example, I never keep installers after I install something, so I uncheck remember my answer, but still treat it as an installer or updater. Of course this also includes anything ending with the .tmp extension, and within temporary directories. Now as for the reason, it simply make Comodo faster in both short-term and long-term. By that, I mean the alert will acknowledge and disappear almost immediately, and it won't clutter the Defense+ rules with junk (which makes it slower in the future).

In order to optimize Comodo's speed, it is important to regularly purge old non-existing entries within both its Defense+ rules and Firewall rules. To do that, open up Comodo and go to the Defense+ tab. Next, click Advanced at the left side. Then click Computer Security Policy. After the window appears, click purge to get rid of non-existant entries. Do the same for Firewall rules (this time: Firewall tab>Advanced>Network Security Policy). More advanced users can manually remove unnecessary rules and create new ones. Purging My Own Safe Files (Defense+ tab>Common Tasks>My Own Safe Files) is a good idea too, mostly for security reasons.

Lastly, there's the old set Defense+ security level to Training Mode. I do not recommend it unless you are absolutely sure you have a clean computer and only do safe tasks on it during that time. That may be fine if you are lazy and security conscious, but definitely not if you are forgetful (forgetting to set it back make it completely useless).

I hope this article helps makes computing easier, and change your mind about Comodo Defense+.
J_L is offline   Reply With Quote
Old 19. Jun 2009, 11:07 PM   #4 (permalink)
Senior Member
 
peter's Avatar
 
Join Date: Apr 2008
Location: Denmark
Posts: 478
Default Oh dear

I'm rather confused now, I thought you were talking about moderation on the main site.
I can't think who you should contact.
There are hordes of Moderators on this board so perhaps one of them will contact you. If nobody posts here, plz contact Gizmo.
__________________
lets the music play the band ...
peter is offline   Reply With Quote
Old 20. Jun 2009, 12:50 AM   #5 (permalink)
J_L
Co-Author, Best Free Security List
 
J_L's Avatar
 
Join Date: Dec 2008
Posts: 2,003
Default

Oh, I'm just reposting an exact copy of my article. Bolds, italics, and underlines help make it easier to comprehend, but they don't show up by simply copying the text and pasting it here.
Maybe I'm a bit too much of a perfectionist?
J_L is offline   Reply With Quote
Old 21. Jun 2009, 08:21 AM   #6 (permalink)
Senior Member
 
PsychEroc's Avatar
 
Join Date: Apr 2009
Posts: 216
Default

I just put some headings on the article, it makes it more digestable.
Tell me if that's ok.
All I'd suggest is adding a sentence to each section stating how/why that method helps to "tame" D+.
Although it might be obvious to us, for those unfamiliar with D+ it will not be obvious why your suggestions might improve performance.
PsychEroc is offline   Reply With Quote
Old 21. Jun 2009, 08:30 AM   #7 (permalink)
J_L
Co-Author, Best Free Security List
 
J_L's Avatar
 
Join Date: Dec 2008
Posts: 2,003
Default

Ah thanks, can't believe I forgot that, even though I'm a newbie at this.
As for the how/why statement, I'll get to that later, it's midnight right now and my brain's fuzzy with tiredness. Good night.
J_L is offline   Reply With Quote
Old 21. Jun 2009, 01:50 PM   #8 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,285
Default

First of all I'd like to thank for posting the article and having the courage to enter an extremely difficult area!

CIS has never been the easiest application to set up and manage and over time many attempts have been made to make this process easier. The included help file with CIS is very comprehensive but not easy to follow. This is'nt because it's laid out poorly but rather because the majority of users will not spend the time necessary to work through it logically and efficiently. This is not the sort of program where you can skip the bits you don't understand and move on to the next section. There are however several links to guides on the Comodo forum with screenshots and most users will find these visual aids a great benefit.

This is one:

http://forums.comodo.com/defense_gui...-t30473.0.html

To be blunt I would say that all programs like this have been designed for a purpose and that attempts to make them "quieter" or "faster" are misplaced if the purpose is this alone. Additionally, users with insufficient knowledge of how to set up this kind of software to best meet their system requirements would be better off using something else.

The best security solution will always be the one you can understand the most. This statement is repeated by so many knowledgeable folk all over the web for good reason.

In terms of the guide itself I find it difficult to follow and feel that more explanation is needed for instance about how a user can define which is an "unsafe" file to block. I can see important things being prevented from running with this feature and another reason for people to consider a different application if their system knowledge is insufficient to make these judgements.

Maybe a slightly different approach would have been to strip out everything into sections with headings like....
  • Action to perform
  • Why this is necessary
  • Benefits of doing so

....and restrict these to the common events that users do miss such as file cleansing. Including screenshots would help users to locate the controls for the various functions.

Normally I'd like to offer some more practical help myself but I'm down to one PC at the moment and having reformatted yesterday I don't really have a burning desire to put CIS back into it!

Again, I'm not criticizing your efforts at all but I feel that to be of value over and above what is already available, your article needs to be presented in a different format.
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 21. Jun 2009, 07:11 PM   #9 (permalink)
J_L
Co-Author, Best Free Security List
 
J_L's Avatar
 
Join Date: Dec 2008
Posts: 2,003
Default

Thanks, I have revised it. The article is still at its oldest revision though...
Here's the update:
Quote:
Introduction

Many of us dislike Comodo's Defense+ simply because it is so naggy. It bombards us with pop-ups, sometimes causing lag, and doesn't seem to trust the safe software we have. This article will show you how to tame this overprotective HIPS.

Treat this application as:

First of all, something that quite a few people knows, is the "Treat this application as:" part of a Defense+ alert. In order to view it (if it's hidden), you have to click the more options trigger underneath the message at the left side. There you will see a variety of option, but the 2 most useful are: "Installer or Updater" and "Trusted Application".

* Actions to perform

1. Make sure you use it only when Comodo pops-up with an alert regarding the installer or updater file, not explorer or something else.
2. Checkmark "Treat this application as: Installer or Updater", and click ok.
3. Make sure Comodo goes into Installation Mode during the installation. Only use this if you are absolutely certain that it can be trusted.
4. You can also treat file archivers and self extracting archives as Installers and Updaters without making Comodo go into Installation Mode.
5. Next is "Trusted Application", only do this if the application is 100% safe AND needs unrestricted access to your system.
6. Checkmark "Treat this application as: Trusted Application" when an alert regarding that application appears, and click ok.
7. Do the same for other "Treat this application as:" choices.

* Why this is necessary

1. This is the easiest way to make Comodo obey you and stay silent.
2. Installers and updaters, Trusted Applications, etc will be treated with the proper rights and privileges.

* Benefits of doing so

1. There will be far less, if any, pop-ups regarding the installation.
2. Comodo won't nag you about your file archiver whenever you extract your archives again.
3. Your trusted applications that requires unrestricted access to your system won't be troubled.
4. You won't have to bother with creating new rules.

My Pending Files

Next is something less known, the "My Pending Files". It monitors all new, unknown to Comodo's database, files that have potentially dangerous extensions. In order to access it, you have to open Comodo and click "waiting for your review" under "Proactive Defense" in the "Summary" tab.

* Actions to perform

1. When the window comes into view, first click "Purge" to get rid of non-existing entries.
2. Select all the safe and trusted files, and click "Move to: My Own Safe Files".
3. Select all of the unsafe files (if any) and click "Move to: My Blocked Files".
4. "Remove" all the useless entries such as files within your recycle bin, and other temporary files.
5. As for the unknown ones, you'll have to determine what it is by looking at its directory, clicking "Lookup..." (maybe even submitting it to Comodo for analysis), googling, and uploading it to VirusTotal + Anubis (or similar sites). If you come up with nothing, than you might as well remove it from the list, Comodo will still monitor it and spring into action if it does something.

* Why this is necessary

1. Comodo won't be overwhelmed with files that it doesn't know about, and become overprotective.
2. You will have full control over all potentially dangerous files on your system.

* Benefits of doing so

1. You will have a more secure and convenient system.
2. Major decrease in the amount of unnecessary alerts.

Remember my answer

Don't always check remember my answer in alerts, which creates rules in Comodo's Security Policies.

* Actions to perform

1. Don't check remember my answer for any temporary files.
2. Examples: Installers/Updaters (unless you keep them in the same directory permanently and need to use them), uninstallers, .tmp files, and anything within temporary directories.
3. Still press ok, and don't forget about the previous section.

* Why this is necessary

1. Comodo's rules won't be cluttered with non-existant entries, in other words, junk.

* Benefits of doing so

1. Comodo will respond to you almost immediately.
2. It will help prevent slowing down of Comodo in the future.

Purging

It is important to regularly purge old non-existing entries within both its Defense+ rules, Firewall rules, and "My Own Safe Files".

* Actions to perform

1. Open up Comodo and go to the "Defense+" tab.
2. Click "Advanced" at the left side.
3. Click "Computer Security Policy".
4. After the window appears, click "Purge" to get rid of non-existant entries.
5. Do the same for Firewall rules (this time: Firewall tab>Advanced>Network Security Policy), and "My Own Safe Files" (Defense+ tab>Common Tasks>My Own Safe Files).
6. More advanced users can manually remove unnecessary rules and create new ones.

* Why this is necessary

1. Improved speed and security.

* Benefits of doing so

1. Alerts will be more responsive.
2. Comodo won't confuse malware with the same name and directory as your old nonexistant file.

Training Mode

Lastly, there's the old set Defense+ security level to "Training Mode". I do not recommend it unless you are absolutely sure you have a clean computer and only do safe tasks on it during that time. That may be fine if you are lazy and security conscious, but definitely not if you are forgetful (forgetting to set it back makes it completely useless).

Conclusion

I hope this article helps makes computing easier, and change your mind about Comodo Defense+.

J. L. (Special thanks to Midnightcowboy, peter, and PsychEroc)
Note that it isn't what it exactly looks like. Copying and pasting (plus a correcting) can only do so much.

Last edited by J_L; 21. Jun 2009 at 07:39 PM.
J_L is offline   Reply With Quote
Old 21. Jun 2009, 09:20 PM   #10 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,285
Default

I'd welcome some other input into this now but I'm reading this much better.

Someone with a more pictorial brain than me might be able to suggest some amendments to the layout. Maybe just removing the * would help?

Despite the fact that I'm still criticizing CIS for various reasons it might be worth mentioning that Defense+ is now far quieter by default than it was a couple of releases ago.
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 01:23 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.