Comodo Internet Security

• Introduction To Comodo Internet Security
  • Special Features
  • Download, Installation And Activation
  • Start Comodo Internet Security
  • The Main Interface
    • The Home Screen
    • The Tasks Interface
    • The Widget
    • The System Tray Icon
  • Understand Security Alerts
• General Tasks – Introduction
  • Scan And Clean Your Computer
    • Run A Quick Scan
    • Run A Full Computer Scan
    • Run A Rating Scan
    • Run A Custom Scan
      • Scan A Folder
      • Scan A File
      • Create, Schedule And Run A Custom Scan
  • Secure Shopping Settings
  • Manage Virus Database And Program Updates
  • Get Live Support
  • Manage Blocked Items
  • Instantly Scan Files And Folders
  • Process Infected Files
• Firewall Tasks - Introduction
  • Configure Internet Access Rights For Applications
  • Manage Network Connections
  • Stop All Network Activities
  • Stealth Your Computer Ports
  • View Active Internet Connections
• Containment Tasks - Introduction
  • Run An Application In The Container
  • Reset The Container
  • Identify And Kill Unsafe Running Processes
  • View Active Process List
  • The Virtual Desktop
    • Start The Virtual Desktop
    • The Main Interface
    • Run Browsers Inside The Virtual Desktop
    • Open Files And Run Applications Inside The Virtual Desktop
    • Configure The Virtual Desktop
    • Close The Virtual Desktop
• Advanced Tasks – Introduction
  • Create A Rescue Disk
    • Download And Burn Comodo Rescue Disk
  • Remove Deeply Hidden Malware
  • Manage CIS Tasks
  • Manage Quarantined Items
  • View CIS Logs
    • Antivirus Logs
    • VirusScope Logs
    • Firewall Logs
    • HIPS Logs
    • Containment Logs
    • Website Filtering Logs
    • Device Control Logs
    • Autorun Event Logs
    • Alerts Logs
    • CIS Tasks Logs
    • File List Changes Logs
    • Vendor List Changes Logs
    • Trusted Certificate Authority Change Logs
    • Configuration Change Logs
    • Secure Shopping Activity Logs
    • Search And Filter Logs
  • Submit Files For Analysis To Comodo
• CIS Settings
  • General Settings
    • Customize User Interface
    • Configure Program And Virus Database Updates
    • Log Settings
    • Manage CIS Configurations
      • Comodo Preset Configurations
      • Personal Configurations
  • Antivirus Configurations
    • Real-time Scan Settings
    • Scan Profiles
  • Firewall Configuration
    • General Firewall Settings
    • Application Rules
    • Global Rules
    • Firewall Rule Sets
    • Network Zones
      • Network Zones
      • Blocked Zones
    • Port Sets
  • HIPS Configuration
    • HIPS Settings
    • Active HIPS Rules
    • HIPS Rule Sets
    • Protected Objects
      • Protected Files
      • Blocked Files
      • Protected Registry Keys
      • Protected COM Interfaces
      • Protected Data Files And Folders
    • HIPS Groups
      • Registry Groups
      • COM Groups
  • Containment Configuration
    • Containment Settings
    • Auto-Containment Rules
    • Containment - An Overview
    • Unknown Files - The Scanning Processes
  • File Rating Configuration
    • File Rating Settings
    • File Groups
    • Submitted Files
  • Advanced Protection Configuration
    • VirusScope Settings
    • Scan Exclusions
    • Device Control Settings
    • Script Analysis Settings
    • Miscellaneous Settings
    • Comodo Secure Shopping
  • Website Filtering Configuration
    • Website Filtering Rules
    • Website Categories
• Comodo GeekBuddy
  • Download And Install GeekBuddy
  • Overview Of Services
  • Activation Of Service
  • Launch The Client And Use The Service
  • Accept Remote Desktop Requests
  • Uninstall Comodo GeekBuddy
• TrustConnect Overview
• Dragon Browser
• Comodo Backup
• Comodo Internet Security Essentials
  • What Is Comodo Internet Security Essentials
  • What Is A Man-in-the-middle Attack
  • How Does Comodo Internet Security Essentials Protect Me From A Man-in-the-middle Attack
  • What Is The Install Location Of Comodo Internet Security Essentials
  • How Do I Update CISE
  • Understand Alerts And Configure Exceptions
  • How Do I View CISE Help
  • How Do I View The Version Number And Release Notes
  • How Do I Remove Comodo Internet Security Essentials
• Appendix 1 CIS How To... Tutorials
  • Enable / Disable AV, Firewall, Auto-Containment, VirusScope And Website Filter Easily
  • Set Up The Firewall For Maximum Security And Usability
  • Block Internet Access While Allowing Local Area Network (LAN) Access
  • Block/Allow Specific Websites To Specific Users
  • Set Up HIPS For Maximum Security And Usability
  • Create Rules To Auto-Contain Applications
  • Password Protect Your CIS Settings
  • Reset Forgotten Password (Advanced)
  • Run An Instant Antivirus Scan On Selected Items
  • Create An Antivirus Scan Schedule
  • Run Untrusted Programs In The Container
  • Run Browsers In The Container
  • Run Untrusted Programs In The Virtual Desktop
  • Run Browsers In The Virtual Desktop
  • Restore Incorrectly Blocked Items
  • Restore Incorrectly Quarantined Items
  • Submit Quarantined Items To Comodo For Analysis
  • Enable File Sharing Applications Like BitTorrent And Emule
  • Block Any Downloads Of A Specific File Type
  • Switch Between Complete CIS Suite And Individual Components (just AV Or FW)
  • Switch Off Automatic Antivirus And Software Updates
  • Suppress CIS Alerts Temporarily While Playing Games
  • Renew Or Upgrade Your License
  • Use CIS Protocol Handlers
  • Configure Secure Shopping
  • Comodo Cloud Backup
  • Give Contained Applications Write Access To Local Folders
  • Use The Comodo Uninstaller Tool
• Appendix 2 - Comodo Secure DNS Service
  • Router - Enable Comodo Secure DNS Service
  • Windows - Enable Comodo Secure DNS
• Appendix 3 - Glossary Of Terms
• Appendix 4 - CIS Versions
• About Comodo Security Solutions

Active HIPS Rules

  

Click 'Settings' > 'HIPS' > 'HIPS Rules'

• The rules screen shows your installed applications classified into file groups, and the HIPS ruleset that applies to them.

• You can change the ruleset of a specific application or file group, and create your own custom rulesets.

Open the HIPS Rules panel

• Click 'Settings' at the top of the CIS home screen to open the 'Advanced Settings' interface

• Click 'HIPS' > 'HIPS Rules' on the left.

The first column, Application, displays a list of the applications on your system for which a HIPS ruleset has been defined. If the application belongs to a file group, then all member applications assume the ruleset of the group. The second column, Treat As, displays the name of the HIPS ruleset assigned to the application or group of applications.

You can use the search option to find a specific file in the list by clicking the search icon at the far right of the column header and entering the name in full or part.

General Navigation:

The control buttons at the top of the list enable you to create and manage application rule sets.

• Add - Allows the user to add a new application to the list and then create its ruleset. See 'Create or Modify a HIPS Ruleset' for more details.

• Edit - Allows the user to modify the HIPS rule of the selected application. See 'Create or Modify a HIPS Ruleset' for more details.

• Remove - Deletes the selected ruleset.

Note: You cannot add or remove individual applications from a file group using this interface - you must use the 'File Groups' interface to do this.

• Purge - Runs a system check to verify that all the applications for which rulesets are listed are actually installed on the host machine at the path specified. If not, the rule is removed, or 'purged', from the list.

• Move UP/Move Down - Users can re-order the priority of rules by simply selecting an application name or file group and selecting 'Move Up' or 'Move Down' from the options. To alter the priority of applications that belong to a file group, you must use the 'File Groups' interface.

Create or Modify a HIPS Ruleset

 

Defining a HIPS Ruleset for an application or File group involves two steps:

1. Select the application or file group that you wish the ruleset to apply to

2. Configure the ruleset for this application

Step 1 - Select the application or file group that you wish the ruleset to apply to

• To define a rule for a new application (i.e. one that is not already listed), click the 'Add' button at the top of the HIPS Rules pane.

This brings up the 'HIPS Rule' interface as shown below.

The 'Name' box is blank because you are defining a HIPS rule settings for a new application. If you were editing an existing rule, this field would show the application name and its installation path, or the application group name.

• Click 'Browse' to begin.

You now have 3 methods available to choose the application for which you wish to create a Ruleset - File Groups; Applications and Running Processes.

1. File Groups - Choosing this option allows you to create a HIPS ruleset for a category of pre-set files or folders. For example, selecting 'Executables' would enable you to create a ruleset for all files with the extensions .exe .dll .sys .ocx .bat .pif .scr .cpl, */cmd.exe, *.bat, *.cmd. Other such categories available include 'Windows System Applications', 'Windows Updater Applications', 'Start Up Folders' etc - each of which provide a fast and convenient way to apply a generic ruleset to important files and folders.

To view the file types and folders that are affected by choosing one of these options, you need to visit the 'File Groups' interface.

2. Applications - This option is the easiest for most users and simply allows you to browse to the location of the application for which you want to deploy the ruleset.

3. Running Processes - as the name suggests, this option allows you choose any process that is currently running on your PC in order to create and deploy a ruleset for its parent application.

Having selected the individual application, running process or file group, the next stage is to configure the rules for this ruleset.

Step 2 - Configure the HIPS Ruleset for this application

There are two broad options available for selecting a ruleset that applies to an application - Use Ruleset or Use a Custom Ruleset.

1. Use Ruleset - Selecting this option allows you to quickly deploy an existing HIPS ruleset on to the target application. Choose the ruleset you wish to use from the drop down menu. In the example below, we have chosen 'Allowed Application'. The name of the ruleset you choose is displayed in the 'Treat As' column for that application in the HIPS Rules interface (Default = Enabled).

Note on 'Installer or Updater' Rule: Applying this rule to an application defines it as a trusted installer. All files created by this application will also be trusted. Some applications may have hidden code that could impair the security of your computer if allowed to create files of their own. Comodo advises you to use this 'Predefined Ruleset' - 'Installer or Updater' with caution. On applying this ruleset to any application, an alert dialog will be displayed, describing the risks involved.

General Note: Predefined Rulesets cannot be modified directly from this interface - they can only be modified and defined using the 'Rulesets' interface. If you require the ability to add or modify settings for a specific application then you are effectively creating a new, custom ruleset and should choose the more flexible Use a Custom Ruleset option instead.

2. Use a Custom Ruleset - Designed for more experienced users, the 'Custom Ruleset' option grants full control over the configuration of each rule within that ruleset.
   

The custom ruleset has two main configuration areas - Access Rights and Protection Settings (Default = Disabled).

In simplistic terms 'Access Rights' determine what the application can do to other processes and objects whereas 'Protection Settings' determine what the application can have done to it by other processes.

 

Tip: You can use the 'Copy from' drop-down to choose an existing rule set for an application or file group. Using that as a starting point, you can customize the 'Access Rights' and 'Protection Settings' for the rules as required.

1. Access Rights - The 'Process Access Rights' area allows you to determine what activities can be performed by the applications in your custom ruleset. These activities are called 'Access Names'.

See HIPS Settings > Activities to Monitor to see definitions of the 'Action Names' listed above, and the implications of choosing 'Ask', 'Allow' or 'Block':

• Exceptions to your choice of 'Ask', 'Allow' or 'Block' can be specified for the ruleset by clicking the 'Modify' link on the right.

• Select the 'Allowed Files/Folders' or 'Blocked Files/Folders' tab depending on the type of exception you wish to create.

 

Clicking the 'Add' button at the top allows you to choose which applications or file groups you wish this exception to apply to. (click here for an explanation of available options).

In the example above, the default action for 'Interprocess Memory Access' is 'Block'. This means HIPS will block the action if 'DrivingSpeed.exe' tries to modify the memory space of any other program. Clicking 'Modify' then adding 'File Downloaders' File Group to the 'Allowed Files/Folders' area creates an exception to this rule. 'DrivingSpeed.exe' can now modify the memory space of files belonging to the 'File Downloaders' File Group.

2. Protection Settings - Protection Settings determine how protected the application or file group in your ruleset is against activities by other processes. These protections are called 'Protection Types'.
   

• Select 'Active' to enable monitoring and protect the application or file group against the process listed in the 'Protection' column. Select 'Inactive' to disable such protection.

Click here to view a list of definitions of the 'Protection Types' listed above and the implications of activating each setting.

Exceptions to your choice of 'Active' or 'Inactive' can be specified in the application's Ruleset by clicking the 'Modify' link on the right.

3. Click 'OK' to confirm your settings.