Endpoint Manager

• Introduction To Comodo Client Security
  • Special Features
  • System Requirements
  • Install Comodo Client Security
  • Start Comodo Client Security
  • The Main Interface
    • The Home Screen
    • The Tasks Interface
    • The Widget
    • The System Tray Icon
  • Understand Security Alerts
  • Password Protection
• General Tasks - Introduction
  • Scan And Clean Your Computer
    • Run A Quick Scan
    • Run A Full Computer Scan
    • Run A Rating Scan
    • Run A Custom Scan
      • Scan A Folder
      • Scan A File
      • Create, Schedule And Run A Custom Scan
    • Automatically Scan Unrecognized And Quarantined Files
  • Instantly Scan Files And Folders
  • Process Infected Files
  • Manage Virus Database Updates
  • Manage Blocked Autoruns
  • Manage Quarantined Items
• Firewall Tasks - Introduction
  • Configure Internet Access Rights For Applications
  • Stealth Your Computer Ports
  • Manage Network Connections
  • Stop All Network Activities
  • View Active Internet Connections
• Containment Tasks - Introduction
  • Run An Application In The Container
  • Reset The Container
  • Identify And Kill Unsafe Running Processes
  • Open Shared Space
  • The Virtual Desktop
    • Start The Virtual Desktop
    • The Main Interface
    • Run Browsers Inside The Virtual Desktop
    • Open Files And Run Applications Inside The Virtual Desktop
    • Pause And Resume The Virtual Desktop
    • Close The Virtual Desktop
  • Containment Statistics Analyzer
• DLP Tasks - Introduction
  • Run Data Loss Prevention Scans
  • Manage DLP Quarantined Files
• Advanced Tasks - Introduction
  • Create A Rescue Disk
    • Download And Burn Comodo Rescue Disk
  • Remove Deeply Hidden Malware
  • Manage CCS Tasks
  • View CCS Logs
    • Antivirus Logs
    • VirusScope Logs
    • Firewall Logs
    • HIPS Logs
    • Containment Logs
    • Website Filtering Logs
    • Device Control Logs
    • Autorun Event Logs
    • Alert Logs
    • CCS Tasks Logs
    • File List Changes Logs
    • Vendor List Changes Logs
    • Configuration Changes Logs
    • Virtual Desktop Event Logs
    • Data Loss Prevention Event Logs
    • Search And Filter Logs
  • Submit Files For Analysis To Comodo
  • View Active Process List
• CCS Advanced Settings
  • General Settings
    • Customize User Interface
    • Configure Virus Database Updates
    • Log Settings
    • Manage CCS Configurations
      • Comodo Preset Configurations
      • Personal Configurations
    • Manage Performance
  • Antivirus Configurations
    • Real-time Scanner Settings
    • Scan Profiles
  • Firewall Configuration
    • General Firewall Settings
    • Application Rules
    • Global Rules
    • Firewall Rule Sets
    • Network Zones
      • Network Zones
      • Blocked Zones
    • Port Sets
  • HIPS Configuration
    • HIPS Settings
    • Active HIPS Rules
    • HIPS Rule Sets
    • HIPS Groups
      • Registry Groups
      • COM Groups
  • Protected Objects
    • Protected Objects - HIPS
      • Protected Files
      • Blocked Files
      • Protected Registry Keys
      • Protected COM Interfaces
    • Protected Objects - Containment
      • Protected Files And Folders
      • Protected Keys
  • Data Loss Prevention
    • DLP Monitoring Rules
    • DLP Discovery Rules
    • DLP Keyword Groups
  • Containment Settings
    • Containment Settings
    • Auto-Containment Rules
    • Virtual Desktop Settings
    • Containment - An Overview
    • Unknown Files - The Scanning Processes
  • File Rating Configuration
    • File Rating Settings
    • File Groups
    • Submitted Files
  • Advanced Protection
    • VirusScope Settings
    • Scan Exclusions
    • Device Control Settings
    • Script Analysis Settings
    • Miscellaneous Settings
  • Web Filter Settings
    • Website Filtering Rules
    • Website Categories
• Appendix 1 - CCS How To... Tutorials
  • Enable / Disable AV, Firewall, Auto-Containment And VirusScope Easily
  • Set Up The Firewall For Maximum Security And Usability
  • Block Internet Access While Allowing Local Area Network (LAN) Access
  • Set Up HIPS For Maximum Security And Usability
  • Create Rules To Auto-Contain Applications
  • Run An Instant Antivirus Scan On Selected Items
  • Create An Antivirus Scan Schedule
  • Run Untrusted Programs Inside The Container
  • Run Browsers Inside The Container
  • Restore Incorrectly Quarantined Items
  • Submit Quarantined Items To Comodo Valkyrie For Analysis
  • Enable File Sharing Applications Like BitTorrent And Emule
  • Block Any Downloads Of A Specific File Type
  • Disable Auto-Containment On A Per-application Basis
  • Switch Off Automatic Antivirus Updates
  • Suppress CCS Alerts Temporarily
  • Control External Device Accessibility
• Appendix 2 - Comodo Secure DNS Service
  • Router - Manually Enable Or Disable Comodo Secure DNS
  • Windows - Enable Comodo Secure DNS
• About Comodo Security Solutions

Miscellaneous Settings

• Click 'Assets' > 'Configuration Templates' > 'Profiles'
  

• Open the Windows profile you want to work on
  

• Click the 'Miscellaneous' tab then 'Edit', if it has already been added to the profile
  

OR

• Click 'Add Profile Section' > 'Miscellaneous' if it hasn't yet been added
  

The 'Miscellaneous' settings screen opens:

• Detect shellcode injections:
  

• A shellcode injection is an attack which exploits software vulnerabilities to give attackers control of a compromised machine.
  

• For example, shellcode attacks are often used to create buffer-overflows on victim machines. Enable this setting to turn-on buffer overflow protection.
  

• By default, Xcitium Client Security (XCS) monitors all applications to make sure they do not suffer shellcode attacks.
  

• However, you may want to omit certain applications from protection for compatibility reasons. Click the 'Exclusions' link to do this.
  

• The process to add exclusions is similar to that explained in Containment Settings.
  

Background: A buffer overflow is an anomalous condition where a process/executable attempts to store data beyond the boundaries of a fixed-length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data, and may cause a process to crash or produce incorrect results. As such, buffer overflows cause many software vulnerabilities and are the basis of many exploits.

• Apply the selected action to...' - XCS will monitor registry entries related to Windows services, auto-run items and scheduled tasks. If any entries are created or modified by unrecognized files/scripts, they will handled per the action chosen. (Default = Enabled)

Xcitium recommends this setting is left enabled (Default = Enabled).

• Apply the selected signature level while.... - XCS identifies untrusted DLLs, apps, portable executables (PE) and autoruns launched before XCS starts on the endpoint. These may expose the endpoint to a danger if those items turn to be malicious. (Default = Disabled)

• XCS checks whether startup items are signed by a trusted authority and marks them as trusted or untrusted. The flag is used at next restart to allow or block the item.
  

• You can choose how strict the certificate check should be:

• Windows- Only items signed by Microsoft certificates are marked as trusted
  

• Antimalware - Trusts files signed by either Microsoft or Antimalware certificates

• Authenticode - Flags all signed files as trusted
  
  

• Monitor DLL files being loaded by running processes - XCS monitors the DLL files loaded to system memory, by processes that are currently running on the endpoint (Default = Disabled).

• If enabled, XCS runs a file rating scan on each DLL loaded to identify its trust rating.
  

• The trust rating is reported to Xcitium. Files with an Unrecognized' rating are submitted to Valkyrie for analysis

• You can view these details at 'Security' > 'Endpoint Security' > 'Application Control'. See Manage File Trust Ratings on Windows Devices for more details. 

•  Detect the process if it loads unsigned DLL file(s) - XCS will detect the process if it loads unknown DLL file(s) (Default = Disabled)

  1) If the 'Monitor DLL files being loaded by running processes' option is not enabled, the 'Detect the process if it loads unsigned DLL file(s)' option should be displayed as disabled, shouldn't be selectable.

• Self-Protection Options: Allows to protection for Xcitium Client - Security agent's own processes and assets. (Default = Enabled).
  
  
• Protect comodo files - Access to blocking protected folders (CCS folders), driver/guard dll files. 

• Protect comodo Registry key – Allows you to protect system critical registry keys against modification.  

• Protect comodo processes - Access blocking to processes (XCS processes) with write/terminate permissions and on win10and block loading unsigned DLLs into processes (XCS processes).

•  Audit Only - The audit mode sends a notification about access to protected folders (xcs folders), drivers/guard dll files, notification about access to services in the registry, (XCS processes) with write/terminate permissions and loading unsigned DLLs into processes (CCS processes). 
  
  
• Click 'OK' to save your settings.