any comodo(av) gurus here?

pnamajck

Honorable Member
to all comodo(av) gurus … [i am needing advice]

for matters of discussion … pls understand i am using the "free" version. also, am using windows default firewall.

have used avg (and, recently, avast) … dislike them because of nagware and other reasons.
• avg, when upgrading, actually closes down the protection … causing windows-defender to throw up an alert (serious thanks, ms). takes anywhere from two-three minutes for the upgrade to finish. during that window of time … anything can infiltrate my defense portal. one of the things i liked is avg's "shred" feature.
• avast … same amount of nagware … has no shredder … does not, in my observation/recollection, close down the av during upgrade. mysterious "names and email-irls" appearing in browser form-fields … which, turns out, avast is responsible for.​
notably, both of the above products are part of the avast enterprise. using these products in default mode … just "let it fly and do it's thing".

now … i wish to discuss comodo (free version). having researched a bit here on windowsforum as well as the internet … seems to be my next logical progression. several members here swear by the product.

so … this here is my quandary …

from what i understand, comodo seeks intervention from the computer operator as to certain ports or files being authorized or being acceptable risk. how am i to determine what is acceptable and not? what is the methodology for making such decisions? could you pls illustrate a few totally different 'legitimate' real-world examples?

outlined below are a few fictitious examples i have manifested:
  1. youtube wants to open port-5088 … i currently have youtube.com open and the video is playing without problems. comodo is asking if i wish to close port-5088 … in this scenario, would it be advisable for me to instruct comodo to close the port or keep it open?

  2. registry-entry "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AuthHost …" is attempting to make changes … comodo deems the behavior as suspicious and wants to know should i allow or disallow the registry change? it is a microsoft switch … i have no idea if it should be allowed/disallowed … if disallowed, i run the risk of freezing/seizing my computer.

  3. microsoft wants to open new port in firewall … comodo asks if should allow or disallow? i have no idea if i should allow/disallow … if i disallow, i run the risk of freezing/seizing up my computer.

  4. "software is being installed … okay to proceed?" if it is microsoft, guess i should allow … but not certain?

  5. comodo alerts me "a port is wanting to be opened" by a totally alien entity (multiplex-adv.com) … guess i should disallow that from happening.

so, for those of you who are using comodo … can you pls site some examples of comodo's query … and, more importantly, how did you go about deciding what is acceptable or not?

ref:
 
Well the truth is generally you really don' know if operation X is required and whether or not you should allow it without research. A default deny approach should be ok and probably recommended. You should be able to revert any of these denies you approve. While comodo does well in malware blocking, it does a fairly poor job of catching modified samples (called encoding in malware land). The one time you allow something that ends up being bad, will most likely harm your system and comodo has no undo capabilities. If comodo give you the execuable and path for what is trying to complete some operation you could run it through virus total. An easy way to do this without having to upload it the site is use process explorer which has the capability built-in.

As always, I will typically recommend Webroot Secure Anywhere Amazon.com: Webroot Internet Security Antivirus | 2017 | 3 Devices | 1 Year Subscription | PC/Mac Disc: Software $18. Has a perfect detection rating, takes about 10 seconds to install. Scans take 4 minutes, small foot print 8MB of memory and can anlayze suspicious files and roll all changes back including ransomware encrypted files if it determines a sample to be malicious.
 
thanks for elaborating, neemobeer. yes … usually i call up process-explorer often enough. the 'deny-default' approach sounds right up my alley … think i will sit and reflect for a while.

webroot-secure-anywhere anti-virus seems to have a standing offer at $14.69 (download) via amazon … $19.88 (disk shipped). and $14.69 ain't going to break the bank. still … within a ten-year time frame … that's 150 big ones. could just see it now … and the epitaph reads "victim of ransomware".

anyway … onward we go.
 
Back
Top