What is the difference between Treat as Installer vs Allowing everything?

[Guest]

[calvin-c]

On Windows 7 Home Premium, 64-bit, I have some games that run fine when I choose Treat as Installer, but lock up (black screen, no keyboard/mouse input) when I choose, instead, to simply allow all requests.

So what is the difference? What 'hidden' requests does Treat as Installer allow?

[-[NHATZ_JADE]-]

On Windows 7 Home Premium, 64-bit, I have some games that run fine when I choose Treat as Installer, but lock up (black screen, no keyboard/mouse input) when I choose, instead, to simply allow all requests.

So what is the difference? What 'hidden' requests does Treat as Installer allow?

Try using TRUSTED APPLICATION if it is available during DEF+ alert or edit it at DEF+ "COMPUTER SECURITY POLICY" as Trusted Application.

 
         
               

[panic]

if you have reached the menu of the game, go back to desktop, and set defense back to safe mode.

I would also do any in game updating or connecting to remote game servers that you would normally do, before exiting the game and changing CIS back from Training Mode to whatever mode you normally have CIS set to.
 
Cheers,
Ewen :-)

[panic]

what if a trojan wants to connect right in that moment when you have trainings mode on? comodo would welcome it, and give it all connection rights. so, no trainings mode for internet firewall section. just udp and tcp OUT allow for your program.

Agreed - that has always been the fatal flaw in Training Mode. Similarly, an inexperienced user attempting to manually create rules could conceivably create just as much havoc on their own system.

An alternative would be to create rules that allowed outbound access over all ports for whatever protocols the game requires, but I'm not a big fan of loose rules like these.

Caught between a rock and several hard places.

The best place to start is knowledge and getting the user to understand, even at a rudimentary level, about ports and protocols.

[-[NHATZ_JADE]-]

Agreed - that has always been the fatal flaw in Training Mode. Similarly, an inexperienced user attempting to manually create rules could conceivably create just as much havoc on their own system.

An alternative would be to create rules that allowed outbound access over all ports for whatever protocols the game requires, but I'm not a big fan of loose rules like these.

Caught between a rock and several hard places.

The best place to start is knowledge and getting the user to understand, even at a rudimentary level, about ports and protocols.

On my Case I used TRAINING MODE on Both FIREWALL and DEF+ for a couple of days. Then, before switching to CUSTOM for Firewall and PARANOID for DEF+, I run my MBAM and SAS. Even Trojan sweeps inside, Once you switch your DEF+ to PARANOID mode, trojan hiding inside will be detected...

 
         
                 

[HeffeD]

On my Case I used TRAINING MODE on Both FIREWALL and DEF+ for a couple of days.

Yikes! 

This is not a good idea... Training mode should only be used for as short of a duration as possible because of the inherent security risk. When in training mode, you are telling CIS to create "allow" policies for anything and everything that runs, regardless of whether it is a safe application or malware...

[calvin-c]

when you allow all requests, you mean that you answer the questions, right?
while the game is starting, and the screen becomes black, sometimes theres a missing question. so it freezes.

games are NO installers. so the rule is totally wrong in place there.
you could use safe mode. and in any cases where a game doesnt start though, you can switch ONLY for the FIRST start of that game to trainingsmode of defense.
if you have reached the menu of the game, go back to desktop, and set defense back to safe mode.

cis has then learned rules for that game. DONT forget to switch off trainings mode as soon as possible, it learns everything!

Y'know, the information about using the different modes that you, and others, have provided is wonderful-I've picked up several 'tips' that I didn't know before. But you're really the only one who's come close to answering my question, which was what the difference is between 'Treat as Installer' vs Answering every question with Allow?

To re-interpret your statement about there being a 'hidden' question, this sounds like there's something CIS is blocking automatically, without asking me whether or not I want it to be blocked? Or something else? Thanks.

[-[NHATZ_JADE]-]

Yikes! 

This is not a good idea... Training mode should only be used for as short of a duration as possible because of the inherent security risk. When in training mode, you are telling CIS to create "allow" policies for anything and everything that runs, regardless of whether it is a safe application or malware...

That's why I said "FOR A COUPLE OF DAYS" If Malwares seeks inside, during PARANOID MODE at DEF+ it is detected BASED on OUR own experienced in everyday PC-Repair. If TRAINING mode on firewall is not a good idea, so why comodo designed it in CIS? and for the record, DSL or other Broadband provider is being FIREWALLED before it enters to our LAN Card... Paranoid Mode on both DEF+ & FIREWALL is designed to detect irregular behavior on our PC thats why I firmly believed that Paranoid mode detects any bad behavior after training mode...

 
         
                 

[HeffeD]

That's why I said "FOR A COUPLE OF DAYS"
...
If TRAINING mode on firewall is not a good idea, so why comodo designed it in CIS?

A couple of days is too long...

The training mode is there to help define rules for applications making complex connections. If you attempt to run an application and you can't get it to do what it is supposed to do, then you put the firewall or D+ in training mode and start the application. This should learn all the applications processes. As soon as you have done this, you put the firewall and D+ back into its previous mode.

Training mode is definitely NOT a "put it in training mode for a couple of days" type thing unless you don't mind creating policies for anything and everything that runs on your system in that time. It's also not a blanket function, as most applications won't have any issues when not in training mode. It's only intended for those stubborn applications.

[-[NHATZ_JADE]-]

A couple of days is too long...

The training mode is there to help define rules for applications making complex connections. If you attempt to run an application and you can't get it to do what it is supposed to do, then you put the firewall or D+ in training mode and start the application. This should learn all the applications processes. As soon as you have done this, you put the firewall and D+ back into its previous mode.

Training mode is definitely NOT a "put it in training mode for a couple of days" type thing unless you don't mind creating policies for anything and everything that runs on your system in that time. It's also not a blanket function, as most applications won't have any issues when not in training mode. It's only intended for those stubborn applications.

LOL!!
1 to 2 days is a couple of days... If you are using a 3G Broadband connection [USB Modem HSPA for Laptops] training mode is good to let the firewall understand the SECTORS of ANTENNAS of the Cell Site if a HAND OVER is made in your area because it has a different IP. Well sorry Men I've been a long time Firewall user of Comodo [like you maybe] and I've been practicing TRAINING MODE for a hundreds of PC that we experimented during repair at our local shop... IRREGULAR BEHAVIOR is detected by DEF+ in Paranoid Mode.

 
        
                  

[HeffeD]

LOL!!
1 to 2 days is a couple of days...

Errrmmm... Yes, I'm aware of that...  That is too long...

[-[NHATZ_JADE]-]

Errrmmm... Yes, I'm aware of that...  That is too long...

That's too long if you are a Desktop user with a SINGLE IP and stays on your house...  But if you are using a Laptop with a 3G Broadband and if it has 2 to 3 3G Networks that your Laptops access a Internet, LOL!!! 2-days is not enough...

 
         
                 

[Tags:]