One of the components of Comodo Client Security is Containment. The containment setting in the endpoints can be configured from Configuration Templates → Profiles→ Containment.
Initially, the CCS will be loaded with some default containment settings, those default containment setting are based on the default profiles. These setting will protect your endpoint from malware.
More containment rules can be created.The rules defined and changes made in the containment section Endpoint Manager will be reflected in the associated endpoints.
Add a new rule:
Step : Click "Add Rule" button at the top. Rule can be configured using six sections
1.General - The General tab includes the main setting of the rule.
You can Enable the rule, set the target, its type and define an action.
2.Origin - Origin defines the source of the target.
3.User - Select the users to whom you want to apply the rules.
4.Process - Add the process details here.
5.Reputation - Based on the file type, filters can be applied.
A rule can be defined in two ways
1. Define a rule to perform the actions like "Block","Ignore","Run Contained","Run restricted" on the target files by specifying the "Action", "Type" and "Target" in the General Setting.
2. Define a rule specifying the "Action", "Type" and "Target" in the General Setting and the filters like "Origin", "User", "Process", "Reputation" can be added to narrow down the rules to specific type of the application
Step : The General tab includes
1.Enabled - Select this option to enable the rule.
2.Action - Allows you to define the actions that are needed to perform on the target.
1.Run restricted - The file/program allowed to use resources and operating system files based on the value of “Set restriction level to”.
2.Run contained - Runs the file/program virtually, such that the other files and operating system will not be affected.
If you run an application as "Run Contained", the green border will appear around the interface.
3.Block - Blocks the target.
4.Ignore - It allows the target to run with all privileges
Examples: If you run an application like Comodo Client Communication with full privileges you can select this option.
3. Type - Select the type of the target.
1.Files - Select this option if your target is a file.
2.Filegroups - The rules will be applied to all files under the file group.
A new file group can be created
3.Folder - Select this option to apply the rules to a folder.
Step : The origin is the source of the file, it helps you to narrow the target files.
There are three options available “Internet”,”Removable Media”, “Intranet”.
For example: To Execute the applications in the USB devices as in Run Contained state.You can select the Removable Media.
Step : The users' type can be chosen here. This option is available only if the CCS version 10 or higher should be installed at the endpoints.
Click "Add Creator" button to select the User from the drop down to whom you want to apply the rule and then click OK button. Users will be added.
You can add more users later if required.
Step : The Process tab allows you to add the process details.You can select the process from the drop-down and the options included are Files, Filegroups, Folder, File Hash, Process Hash.
Step : The files are categorized by the CCS based on their behavior.
You can narrow down the rule to some specific reputed files along with their created time.
1.Reputation - Select any reputation Any, Trusted, Unrecognized, Malware.
2.Match files that are created - select and define any one of the following options
1.File Creation Date: Provide the date at which the file created
2.File Age: Give the file lifetime.
For example More than 3 days
Step : The options tab helps you customize the rules.
1.Log when this action is performed - Enable this option to Log the actions
2.Set restriction level to - The Run restricted option is based on this option.
The level of restriction can be set here using the following available options
3. Limit maximum memory consumption to (MB) - Give the maximum memory that a target can be consumed.
4.Limit program execution time to (sec) - Enter the maximum time a target program can be executed
The “Limit maximum memory consumption to (MB)” and “Limit program execution time to (sec)” Options will be available only if the “Run contained ” and “Run restricted” selected.