Author Topic: [Solved]How to Override "Trusted Software Vendors" without Deleting it  (Read 5223 times)

Offline RichardGv

  • Newbie
  • *
  • Posts: 11
I'm using a software (Firefox) that has a digital signature from a "Trusted Software Vendor" of mine, and I want to grant less permissions to the software without deleting that "Trusted Software Vendor". But it seems the permissions are automatically granted shortly after I changed the permissions. Are there any ways to override "My Trusted Software Vendors" without deleting it?
« Last Edit: July 09, 2009, 06:19:38 AM by RichardGv »

Offline kail

  • Mostly Benevolent
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11277
  • The future is much like the present, only longer.
    • COMODO's free software!
Re: How to Override "Trusted Software Vendors" without Deleting it
« Reply #1 on: July 09, 2009, 02:40:56 AM »
Hi RichardGv

Have you tried un-checking the Defense+ option Trust applications digitally signed by Trusted Software Vendors (Defense+ - Advanced - Defense+ Settings)? I think this might help, but it would have a global impact (not just Mozilla).
My System Details: W8Px64 with CIS 6, Firefox 26 & Becky! 2.65
Forum Policy.
____
The problem is not the problems, the problem is people's attitude towards those problems.

Offline RichardGv

  • Newbie
  • *
  • Posts: 11
Re: How to Override "Trusted Software Vendors" without Deleting it
« Reply #2 on: July 09, 2009, 04:44:11 AM »
I don't want to do that! That would cause a lot of trouble if I want to install something new! No way except that?

Offline Endymion

  • Comodo's Hero
  • *****
  • Posts: 1360
  • Reality is subordinate to perception.
    • Faces -The Madman (Kahlil Gibran, 1918)
Re: How to Override "Trusted Software Vendors" without Deleting it
« Reply #3 on: July 09, 2009, 04:50:00 AM »
It should be possible to edit the policies and set explicit block permission (even using modify button to finertune the override )  even for safelisted/signed applications.
« Last Edit: July 09, 2009, 04:52:18 AM by Endymion »
I have learnt silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet strange, I am ungrateful to these teachers.
Kahlil Gibran (1883 - 1931)

Offline RichardGv

  • Newbie
  • *
  • Posts: 11
Re: How to Override "Trusted Software Vendors" without Deleting it
« Reply #4 on: July 09, 2009, 05:11:23 AM »
It should be possible to edit the policies and set explicit block permission (even using modify button to finertune the override )  even for safelisted/signed applications.
Oops, you are right, "Block" does the thing well. But "Ask" doesn't work, and "Ask" is what I need. How make "ask" work on a file with digital signature?

Offline Endymion

  • Comodo's Hero
  • *****
  • Posts: 1360
  • Reality is subordinate to perception.
    • Faces -The Madman (Kahlil Gibran, 1918)
Re: How to Override "Trusted Software Vendors" without Deleting it
« Reply #5 on: July 09, 2009, 05:54:12 AM »
Oops, you are right, "Block" does the thing well. But "Ask" doesn't work, and "Ask" is what I need. How make "ask" work on a file with digital signature?

The only option left would be to use D+ in paranoid mode without switching back to the other modes that make use of safelisted auto-learning.

This way it is possible to initially configure the policy for many applications in other modes and then apply additional changes in paranoid mode.

In paranoid mode it is still mentioned if an app is safelisted, so it would be possible to also create custom predefined policies and assign them to any application regardless if safelisted.

This way it is possible to choose how many additional alerts safelisted apps are going to trigger as soon an alert is displayed.


Installing some new trusted application can be addressed using Treat as Installer or updater as usual, whereas it would be reasonable to not use that option for unknown applications.

Some members also prefer to temporarily switch to  an alternate configuration with CleanPC mode enabled when they are installing new apps.
This will allow them to monitor what files are created during an installation (in cleanpc mode the pending file list is updated automatically and list all unknown/non-safelisted files)

As policy changes and settings are stored in the active configuration, switching configurations will not retain policy changes and in those cases it is only meant to have the installers to work seamlessly.


I have learnt silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet strange, I am ungrateful to these teachers.
Kahlil Gibran (1883 - 1931)

Offline RichardGv

  • Newbie
  • *
  • Posts: 11
Re: How to Override "Trusted Software Vendors" without Deleting it
« Reply #6 on: July 09, 2009, 06:17:21 AM »
The only option left would be to use D+ in paranoid mode without switching back to the other modes that make use of safelisted auto-learning.

This way it is possible to initially configure the policy for many applications in other modes and then apply additional changes in paranoid mode.

In paranoid mode it is still mentioned if an app is safelisted, so it would be possible to also create custom predefined policies and assign them to any application regardless if safelisted.

This way it is possible to choose how many additional alerts safelisted apps are going to trigger as soon an alert is displayed.


Installing some new trusted application can be addressed using Treat as Installer or updater as usual, whereas it would be reasonable to not use that option for unknown applications.

Some members also prefer to temporarily switch to  an alternate configuration with CleanPC mode enabled when they are installing new apps.
This will allow them to monitor what files are created during an installation (in cleanpc mode the pending file list is updated automatically and list all unknown/non-safelisted files)

As policy changes and settings are stored in the active configuration, switching configurations will not retain policy changes and in those cases it is only meant to have the installers to work seamlessly.



OK, it's working under Paranoid Mode. Thanks a million.

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek