ITarian Help

Find the desired product help

IT Endpoint Manager

IT Endpoint Manager

Comodo Client Security for Windows - User Guide 12.10

English

Print Help Download Help
CCS Advanced Settings > Advanced Protection > Miscellaneous Settings
  • Introduction To Comodo Client Security
    • Special Features
    • System Requirements
    • Install Comodo Client Security
    • Start Comodo Client Security
    • The Main Interface
      • The Home Screen
      • The Tasks Interface
      • The Widget
      • The System Tray Icon
    • Understand Security Alerts
    • Password Protection
  • General Tasks - Introduction
    • Scan And Clean Your Computer
      • Run A Quick Scan
      • Run A Full Computer Scan
      • Run A Rating Scan
      • Run A Custom Scan
        • Scan A Folder
        • Scan A File
        • Create, Schedule And Run A Custom Scan
      • Automatically Scan Unrecognized And Quarantined Files
    • Instantly Scan Files And Folders
    • Process Infected Files
    • Manage Virus Database Updates
    • Manage Blocked Autoruns
    • Manage Quarantined Items
  • Firewall Tasks - Introduction
    • Configure Internet Access Rights For Applications
    • Stealth Your Computer Ports
    • Manage Network Connections
    • Stop All Network Activities
    • View Active Internet Connections
  • Containment Tasks - Introduction
    • Run An Application In The Container
    • Reset The Container
    • Identify And Kill Unsafe Running Processes
    • Open Shared Space
    • The Virtual Desktop
      • Start The Virtual Desktop
      • The Main Interface
      • Run Browsers Inside The Virtual Desktop
      • Open Files And Run Applications Inside The Virtual Desktop
      • Pause And Resume The Virtual Desktop
      • Close The Virtual Desktop
    • Containment Statistics Analyzer
  • DLP Tasks - Introduction
    • Run Data Loss Prevention Scans
    • Manage DLP Quarantined Files
  • Advanced Tasks - Introduction
    • Create A Rescue Disk
      • Download And Burn Comodo Rescue Disk
    • Remove Deeply Hidden Malware
    • Manage CCS Tasks
    • View CCS Logs
      • Antivirus Logs
      • VirusScope Logs
      • Firewall Logs
      • HIPS Logs
      • Containment Logs
      • Website Filtering Logs
      • Device Control Logs
      • Autorun Event Logs
      • Alert Logs
      • CCS Tasks Logs
      • File List Changes Logs
      • Vendor List Changes Logs
      • Configuration Change Logs
      • Virtual Desktop Event Logs
      • Data Loss Prevention Event Logs
      • Search And Filter Logs
    • Submit Files For Analysis To Comodo
    • View Active Process List
  • CCS Advanced Settings
    • General Settings
      • Customize User Interface
      • Configure Virus Database Updates
      • Log Settings
      • Manage CCS Configurations
        • Comodo Preset Configurations
        • Personal Configurations
    • Antivirus Configurations
      • Real-time Scanner Settings
      • Scan Profiles
    • Firewall Configuration
      • General Firewall Settings
      • Application Rules
      • Global Rules
      • Firewall Rule Sets
      • Network Zones
        • Network Zones
        • Blocked Zones
      • Port Sets
    • HIPS Configuration
      • HIPS Settings
      • Active HIPS Rules
      • HIPS Rule Sets
      • HIPS Groups
        • Registry Groups
        • COM Groups
    • Protected Objects
      • Protected Objects - HIPS
        • Protected Files
        • Blocked Files
        • Protected Registry Keys
        • Protected COM Interfaces
      • Protected Objects - Containment
        • Protected Files And Folders
        • Protected Keys
    • Data Loss Prevention
      • DLP Monitoring Rules
      • DLP Discovery Rules
      • DLP Keyword Groups
    • Containment Settings
      • Containment Settings
      • Auto-Containment Rules
      • Virtual Desktop Settings
      • Containment - An Overview
      • Unknown Files - The Scanning Processes
    • File Rating Configuration
      • File Rating Settings
      • File Groups
      • Submitted Files
    • Advanced Protection
      • VirusScope Settings
      • Scan Exclusions
      • Device Control Settings
      • Script Analysis Settings
      • Miscellaneous Settings
    • Web Filter Settings
      • Website Filtering Rules
      • Website Categories
  • Appendix 1 - CCS How To... Tutorials
    • Enable / Disable AV, Firewall, Auto-Containment And VirusScope Easily
    • Set Up The Firewall For Maximum Security And Usability
    • Block Internet Access While Allowing Local Area Network (LAN) Access
    • Block / Allow Specific Websites To Specific Users
    • Set Up HIPS For Maximum Security And Usability
    • Create Rules To Auto-Contain Applications
    • Run An Instant Antivirus Scan On Selected Items
    • Create An Antivirus Scan Schedule
    • Run Untrusted Programs Inside The Container
    • Run Browsers Inside The Container
    • Restore Incorrectly Quarantined Item(s)
    • Submit Quarantined Items To Comodo Valkyrie For Analysis
    • Enable File Sharing Applications Like BitTorrent And Emule
    • Block Any Downloads Of A Specific File Type
    • Disable Auto-Containment On A Per-application Basis
    • Switch Off Automatic Antivirus Updates
    • Suppress CCS Alerts Temporarily
    • Control External Device Accessibility
  • Appendix 2 - Comodo Secure DNS Server
    • Router - Manually Enable Or Disable Comodo Secure DNS Service
    • Windows - Enable Comodo Secure DNS
  • About ITarian

Miscellaneous Settings


  • Click 'Settings' > 'Advanced Protection' > 'Miscellaneous' 
  • The miscellaneous settings panel lets you: 
  • Configure protection against shellcode injections (buffer overflow attacks)
  • Skip automatic cleanup of suspicious certificates.
  • Configure protection settings for auto-start entries and scheduled tasks

Open 'Miscellaneous' settings:

  • Click 'Settings' on the CCS home screen
  • Click 'Advanced Protection' > 'Miscellaneous'



This interface allows you to:
  • Disable shellcode injection detection for certain applications
  • Skip automatically clean-up of suspicious certificates
  • Define actions to be taken on unrecognized auto-start entries/scheduled tasks
  • Specify the signature level for monitoring processes launched and DLL's loaded during system start-up
  • Enable or disable monitoring DLL files loaded to memory by currently running processes

Disable shellcode injection detection

 

By default, protection against shellcode injection is enabled for all applications on your computer. Use this setting to define applications which you do not want to monitor for shellcode injections.


Background:

  • Shellcode injection is a malicious technique which allows an attacker to cause a buffer overflow on your system.

  • A buffer is an area of memory designed to hold a specific amount of data. A buffer overflow occurs when a process stores data beyond the boundaries of this fixed-length buffer.

  • The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data.

  • Malware can deliberately cause buffer overflows in order to run malicious code or make the program operate incorrectly.


    Exclude certain applications from shellcode injection protection

    • Make sure 'Don't detect shellcode injections in these applications' is enabled then click the 'these applications' link. The 'Manage Exclusions' dialog appears
      • Click the 'Add' button at the top

      You can add items by selecting the required option from the drop-down:


       

      • File Groups - Select a category of pre-set files or folders. For example, 'Executables' lets you create a ruleset for all files with the extensions .exe .dll .sys .ocx .bat .pif .scr .cpl, *cmd.exe *.bat, *.cmd. Other categories available include 'Windows System Applications', 'Windows Updater Applications', 'Start Up Folders' etc. See File Groups for more details on file groups.
      • Running Processes - Select an application or executable from the processes that are currently running on your PC.
      • Folders - Specify a folder on your computer to include all files in the folder to the exclusions .
      • Files - Select a specific executable file you wish to add to the exclusions.

      Click 'OK' to implement your settings.

       

      Do not automatically cleanup suspicious certificates

      • Choose whether or not to delete any root certificates that were not signed by a trusted certificate authority
      • By default, CCS warns you if any fake root certificates are found in your browsers but does not delete them
      • Disable this option if you want CCS to delete those fake certificates whenever they are found

      Background:

      • SSL certificates are used by websites to encrypt the connection between your browser and their web-server.
      • This ensures nobody can intercept the traffic sent between you and the site. All information sent from your browser to the site is private. This is especially important for sensitive transactions like online payments, where you send your credit card information over the internet.
      • You can tell a site is using an SSL certificate by the padlock icon in the browser address bar.
      • SSL certificates are issued to website owners by an organization known as a ‘Certificate Authority’ (CA). The CA checks that the applicant owns the website in question, and is a legitimate business.
      • Once these checks have been passed, the CA will sign the applicant’s certificate with what is known as a ‘root certificate’. You should only trust websites whose certificates have been signed by the root certificate of a trusted CA.
      • These trusted root certificates are embedded in your browser (Firefox, Chrome, Edge etc). Your browser checks that the SSL certificate on a site is signed by a trusted root each and every time you visit the site.
      • A fake root certificate would, therefore, bypass this check of legitimacy. It could tell you to trust a website run by a hacker.
      • CCS can detect and remove fake root certificates from the endpoint during on-demand and scheduled scans. Disable 'Do not automatically cleanup suspicious certificates' to activate this feature.


      Define actions to be taken on unrecognized auto-start entries/scheduled tasks

      • Apply the selected action to unrecognized autorun entries related to new / modified registry items - Specify what CCS should do if applications added to Scrip Analysis > Autoruns Scans try to create or modify one of the following registry items:
      • Windows services
      • Auto-start entries
      • Scheduled tasks

      The available options are:

      • Ignore - CCS does not take any action (Default)
      • Terminate - CCS stops the process / service
      • Terminate and Disable - Auto-run processes are stopped and the corresponding auto-run entry removed. In the case of a service, CCS disables the service
        • Quarantine and Disable - The application is quarantined and the corresponding auto-start entry is removed. In the case of a service, CCS disables the service.

          Background:

          • CCS can perform heuristic command-line analysis and embedded code detection in order to protect Windows services, autostart items and scheduled tasks
          • CCS ships with a list of predefined applications for which it performs heuristic analysis on programs that are capable of executing code
          • You can also add programs for which you want CCS to perform heuristics analysis in 'Settings' > 'Advanced Protection' > 'Script Analysis' > 'Autoruns Scan'. See Autoruns Scans in Script Analysis Settings for more details on this

           

          Monitor processes and DLLs loaded atstart up:

          • You can instruct CCS to identify untrusted DLLs, apps, portable executables (PE) and autoruns launched before CCS starts on the endpoint. These may expose the endpoint to a danger if those items turn to be malicious.
          • By default, CCS does not monitor these items.
          • CCS checks whether startup items are signed by a trusted authority and marks them as trusted or untrusted. The flag is used at next restart to allow or block the item.
          Apply the selected signature level...loaded on early system start – Choose how strict the certificate check should be:


          • Microsoft - Only items signed by Microsoft certificates are marked as trusted
          • Antimalware - Trusts files signed by either Microsoft or Antimalware certificates
          • Authenticode - Flags all signed files as trusted


          Monitor DLL files loaded by currently running processes

          • By default, CCS does not monitor the DLL files loaded to system memory, by processes that are currently running on the endpoint.

          Monitor DLL files being loaded by running processes–If enabled, CCS runs a file rating scan on each DLL loaded to identify its trust rating

          • The trust rating is reported to Endpoint Manager and added to local logs. Files with an Unrecognized' rating are submitted to Valkyrie for analysis
          • You can view these details at 'Security Sub-Systems' > 'Application Control'
          • See https://help.comodo.com/topic-399-1-786-10102-Manage-File-Trust-Ratings-on-Windows-Devices.html for more details
             
          • Self-Protection Options: Allows to protection for Xcitium Client - Security agent's own processes and assets. (Default = Enabled).                                                                                                                                                                                                                                                                                                                                                                                            
            • Protect comodo files - Access to blocking protected folders (CCS folders), driver/guard dll files.                                                                                                            
            • Protect comodo Registry key – Allows you to protect system critical registry keys against modification.                                                                                                 
            • Protect comodo processes - Access blocking to processes (XCS processes) with write/terminate permissions and on win10and block loading unsigned DLLs into processes (XCS processes).                                                                                                                                                                                                                
            • Audit Only - The audit mode sends a notification about access to protected folders (xcs folders), drivers/guard dll files, notification about access to services in the registry, (XCS processes) with write/terminate permissions and loading unsigned DLLs into processes (CCS processes).                                                                                                                                                                                                                               
              • Click 'OK' to save your settings.
            Comodo Help
            • IT Platform:
            • Help
            • Scripts
            • Wiki
            • Forum
            • Developer
            • RMM
            • Patch Management
            • Service Desk
            • ITSM
            • Managed Service Provider
            • Managed Detection and Response
            • Ticketing System
            • Helpdesk
            • ITIL

            Copyright 2025 Itarian