Windows 7: Comodo firewall question

tuckeratlarge · 13 Mar 2010

I use Comodo firewall and am pleased with it. When I click on an exe obviously comodos proactive defence pops up to ask for permission for things to run. All nice and secure.

However, I downloaded a PDF viewer ( PDF -XChange, very light, very quick ) which came as an msi file, and whilst running it comodo remained silent.

Is this the norm with msi files?

Is this a security risk that needs addressing?

If bogus apps or malware use the msi extension could they install themselves without triggering comodo?

thathagat · 13 Mar 2010

Quote: Originally Posted by tuckeratlarge

However, I downloaded a PDF viewer ( PDF -XChange, very light, very quick ) which came as an msi file, and whilst running it comodo remained silent.

Defense+ will not give a pop-up if the file has already been analyzed by Comodo and added to the safe list. That is why there was no pop-up. This allows the user to greatly increase security without much of the frustration that would otherwise come with it.

Quote:

Is this the norm with msi files?

i hope not

Quote:

Is this a security risk that needs addressing?
If bogus apps or malware use the msi extension could they install themselves without triggering comodo?

for that eventuality you run an av...plus some on demand scanners like mbam/sas/hitman etc to scan the downloaded files.... plus periodic scans

hackerman1 · 13 Mar 2010

hi !

i´m using Comodo´s firewall & Defence+ (D+).
D+ reacts to every program i install.
i have both firewall & D+ in "Safe Mode".
what settings are you using ?

tuckeratlarge · 13 Mar 2010

Safe Mode.

CarlTR6 · 13 Mar 2010

I found this regarding .msi files:

Windows Installer

The Windows Installer (previously known as Microsoft Installer) is an engine for the installation, maintenance, and removal of software on modern Microsoft Windows systems. The installation information, and often the files themselves, are packaged in installation packages, loosely relational databases structured as OLE COM Structured Storages and commonly known as "MSI files", from their default file extension.

If I understand the above correctly, the msi files themselves are not executables; therefore, I don't think they will trigger Comodo. The installer itself would definitely trigger unless you have previously approved that installer.

Just my take and I may be wrong.

thathagat · 13 Mar 2010

well..........

Quote:

HIPS (Defense+)

Comodo's HIPS (host intrusion prevention system), known as Defense+, is designed to provide protection against unknown malware. It is designed to restrict the actions of unknown applications, and restrict access to important files, folders, settings and the Windows Registry. Defense+ employs Default Deny [7] Protection, by default refusing any unknown file permission to install or execute except when specifically allowed by the user or when the file appears on Comodo's whitelist

and

Quote:

Host Intrusion Prevention System (HIPS) Application Control
Comodo Firewall Pro integrated HIPS technology whereas most often HIPS is only available as stand alone solution. Using HIPS, Comodo Firewall Pro can prevent spyware and malware from ever being installed on a user's PC. When activated, the user is warned EVERY time an unknown executable (.exe) attempts to run that is not found in Comodo's white list database. The user has the option to allow or block the application from running. This approach is only practical when used in conjunction with a comprehensive white list database that only allows safe and trusted programs from ever being installed on a PC.

And if you think for some reason you don't trust the whitelist.. You can use "Paranoid Mode" This will treat EVERY application as unknown, Regardless if it's in the whitelist or not.

Windows 7: Comodo firewall question

Comodo firewall question problems?