Avast/Comodo and behavior shield

I read on another tech site (not here) that, if using Avast free with Comodo Firewall with Defense+ enabled, that Avast’s behavior shield should be disabled to avoid possible conflicts. Any views on this would be appreciated.

If you are running Windows 7 make sure you got CIS 5.12 ( Firewall and D+ only. No AV ) to have complete control on your outbound connections. Also decide which Autosandbox or Sandbox you want to have active.

Both, Avast! Behavior Shield and Comodo D+ play well with these exclusions

In Avast!:

Open Avast! > REAL-TIME SHIELDS > File System Shields > Expert Settings > Exclusions > Add > Browse:

C:\Program files\COMODO*

In > REAL-TIME SHIELDS > Behavior Shields > Expert Settings > Trusted Processes > Add > Browse:

C:\Program files\COMODO\COMODO Internet Security\cfp.exe
C:\Program files\COMODO\COMODO Internet Security\cfpconfg.exe
C:\Program fies\COMODO\COMODO Internet Security\cmdagent.exe

In Comodo:

Open Comodo > Defense+ > Computer Security Policy > set:

C:\Program files\AVAST Software\Avast\AvastUI.exe Set as Trusted Application
C:\Program files\AVAST Software\Avast\aswRegSvr.exe Set as Trusted Application
C:\Program files\AVAST Software\Avast\AvastEmUpdate.exe Set as Trusted Application
C:\Program files\AVAST Software\Avast\AvastSvc.exe Set as Installer or Updater
C:\Program files\AVAST Software\Avast\Setup\avast.setup Set as Installer or Updater

Also in Defence + > Defence+ Settings > Detect ShellCode Injections(i.e. Buffer overflow protection) > Exclutions > Add:

C:\Program files\AVAST Software*

I got these settings in Comodo because I run D+ in Paranoid mode.

The use of a 3rd party firewall when running Windows 7 is not necessary.

Well, if you say so…

@ n01clueless

If you are running Windows 7 with Avast! 7 Free or Pro, better read these threads to understand why you need another firewall that is not Windows firewall or Comodo 5.10 or older if you want to have control over your outbound connections.

http://forum.avast.com/index.php?topic=93953.msg759534#msg759534

https://forums.comodo.com/firewall-help-cis/comodo-firewall-and-avast-7-t82382.0.html;msg588619#msg588619

I love statements such as yours. With the advancements in Windows 7 firewall the need for a 3rd party firewall is no longer needed. Outbound protection is for paranoid people who feel like they need full control of everything going on in there pc. Avast with Windows 7 Firewall and Advanced Security is all the average user needs. Backed by a router with full NAT your all set.

http://www.askthecomputertech.com/windows-7-firewall.html

I can link you to hundreds of articles but why bother. The proof is out there. Also Windows 7 firewall can be setup to be just as effective if not more effective then Comodo. There is a guide at Wilders to show how.

@ Aventador,

(with apologies to n01clueless beforehand),

How does what you say help the original poster resolve his/her issue? Seems more of a distraction than helpful assisitance to the OP; this is not a social webpage or forum, btw. Just so you know. Please keep your opinions out of a post that is not yours. :o

If you wish to help, please do.

But glad you like AIS, though.

It helps by less confusion.

Thanks for all the responses and info. Really appreciated. Firstly, apologies for not originally saying I have Vista OS. I also ensure everything (security critical apps anyway) are always up to date with Secunia PSI. I recently updated to CIS 5.12. (obviously without the A/V part). I also only have the Comodo sandbox enabled.

@iroc9555: Wow, that’s some list of exclusions! I think I had most of those at some point but when I did a clean install of Avast 7 a while back I forgot to redo them. I use D+ in safe mode - are all these exclusions still necessary? Anyway, from what you say it seems it’s fine to have both D+ and Avast behaviour shield enabled.

@Aventador: I’m sure you meant well but I’m with mchain on this one. Regardless of whether or not you believe 3rd party firewalls, outbound monitoring etc are necessary, this may be a valid topic for discussion elsewhere, but not relevant to the question I was asking.

n01clueless

Yes, you can have Avast! BS and Comodo D+ enabled. The exclusions are just a fail safe that I do on all my security programs.

However I will, at least, add AvastSvc.exe and avast.setup as Installer or Updater in Comodo Security Policy and cfp.exe, cfpconfg.exe, and cmdagent.exe in trusted processes in Avast! just to avoid any fortuitous alert.

Regards

Thanks again iroc9555. Some really useful info there. Although I was personally unaffected with Vista, I had no idea about the problem with CIS and Windows 7 and I was even more surprised how long it took Comodo to fix the problem with 5.12.

I tried the latest versions of Avast and Comodo, still blocked programs connected to the net. I will have to do a fresh install of both to see if the problem is still there.

Not sure what you mean, but Comodo Autosandbox and Execution Control have the nasty habit of autosandboxing or partially run programs and not alerting when Comodo is new in the comp. Check your D+ Events.

Post removed.

http://i1201.photobucket.com/albums/bb360/iroc9555/think1.gif

What about exclusions/settings setup for Avast!free 2014.9.0.2016 and Comodo firewall 7.0 (both latest versions)?

Sorry but do not run Comodo 7. Since CIS 6 never ran good in my sys, I kept CIS 5.12.

Avast, now, has one different file that was substituted or replaced for avast.setup
C:\Program files\AVAST Software\Avast\Setup[b]instup.exe[/b] that would be set up in Comodo as an Installer or Updater. Anyways, any avast! file running should be set as trusted in Comodo.

I knew that CIS 6 also changed and added some files:

C:\Program files\COMODO\COMODO Internet Security\cis.exe

C:\Program files\COMODO\COMODO Internet Security\cmdinstall.exe

C:\Program files\COMODO\COMODO Internet Security\CisTray.exe

C:\Program files\COMODO\COMODO Internet Security\cavscan.exe

C:\Program files\COMODO\COMODO Internet Security\cavwp.exe

C:\Program files\COMODO\COMODO Internet Security\virtkiosk.exe

C:\Program files\COMODO\COMODO Internet Security\cmdvirth.exe

C:\Program files\COMODO\COMODO Internet Security\cmdupd.exe

C:\Program files\COMODO\COMODO Internet Security\cisbf.exe

but I have not tried CIS 7 yet. Also you can just exclude the whole COMODO folder in avast! File System Shield and be done with it.

I run Comodo Firewall v5.12 With CFW v.6.0 or later it is best to disable the “behavior blocker” in CFW.
There seems to be a conflict between the avast file shield and the CFW behavior blocker.

You can give CFW v5.12 a go http://www.filehippo.com/download_comodo/13662/
How to install just the firewall see http://www.knightwithapc.com/2011/11/download-comodo-firewall/

I install Comodo v7, latest version (firewall and defense+) with this settings while installing:

Uncheck “Change my DNS servers to COMODO SecureDNS servers”. Uncheck “I want to enable “Cloud Based Behavior Analysis”. At the bottom of the window click on “Customize Installer”. You will now see a window with more options. On the first window uncheck “Install COMODO GeekBuddy”.

NO changes made to Avast or Comodo settings/excludes and ALL works fine together.

Avast tested with http://www.eicar.org/85-0-Download.html and Comodo firewall with http://personalfirewall.comodo.com/cltinfo.html

I recommend you guys update to last Comodo version, no conflict with Avast and very low cpu usage

CFW v6.0 and later have quite a bit of bloat. CFW v5.12 has a smaller footprint and is runs quietly in the background.
If you like and have no problems with CFW v7.0 go for it. FYI we have one forum member who runs CFW v3.14 and has
been running it for years. If it works why change?

I might try 7. I don’t know yet. V. 6 gave me a lot of grievances. Meanwhile 5.12 is working very nice. I have it set like I like it and running FW in Custom Policy ( Nothing come in or out without my Knowledge ) and D+ in Paranoid Mode ( Nothing executes until I say so ) in Proactive Security configuration ( Monitors all my software and harware ). Like Para-Noid I found 6 and therefore 7 a bit “fat” and to visualize it nicely one needs a big screen and high resolution set up, and my old eyes, even with eye glasses, are finding those litle letters harder to read every passing day ;D

BTW I would have chosen " Cloud Based Behavior Analysis " that way autosandbox and D+ would know what to do with unkown files.