Defence Plus has no Paranoid learning mode?

[Guest]

[aigle]

I just noticed it today inspite of the fact that I am using CFP since long. If you put Defence Plus in learning mode, it never learns the complex parent-child rules. In its lerning mode all rules made by Defence Plus are simple rules.

Example:

I execute abc.exe and this application installs and loadsa  specific driver gurad.sys. Now in learning mode defence plus makes a rule that allows abx.exe to install and load ANY driver( not only guard.sys).

Is this the way CFP is expected to work? If it,s like this I am sorry to say that I am really disappointed on this implementation and feel frustrated that it was never obvious and rather obscured by the so called Proactive Security and paranoid Mode.

I wil mark it as a bug( even though it,s not). What is the fun of making a paranoid mode available when learning mode will make simple rules rather than complex parent-child rules?

[OmeletGuy]

What application did you test with?

[SS26]

I execute abc.exe and this application installs and loadsa  specific driver gurad.sys. Now in learning mode defence plus makes a rule that allows abx.exe to install and load ANY driver( not only guard.sys).

There are some number reports about this kind of learning.... Seems like that is the way they (at least partly) solve problem with numerous Comodo registry entries: smaller number of exceptions (everything is set to allow except Registry modifications and Protected files) means smaller number of reg. entries  

[.FaZio93.]

Yes, I have noticed this as well. I changed to Training Mode to see what 'services.exe' needed to run properly and afterward, when checking, I saw that almost every access right was set to "Allow". I never use Training Mode anymore because I really don't like this behavior. 

[SS26]

I never use Training Mode anymore because I really don't like this behavior. 

Seems like all modes except paranoid are affected by this kind of "learning".

[.FaZio93.]

Seems like all modes except paranoid are affected by this kind of "learning".

Hmm..sure hope it is changed.

[tcarrbrion]

I have been complaining about this for years, seemingly to deaf ears. There is no protection from safe applications with might not be so safe with the wrong macro, add-on, bug etc. I cannot use paranoid mode as I have users with no computer knowledge and I don't want loads of pop-ups. Looking through my computer security policy just about every application is allowed direct disk access, device driver installation and physical memory. I bet very very few require any of these and these are potentially very dangerous actions. I might be easier this way for some users but we are not given any choice (I do not consider paranoid mode a usable choice).

I hope V4 gives us more choice.

Clean PC mode on windows 7, 64 bit.

[aigle]

Seems like all modes except paranoid are affected by this kind of "learning".

Hi, even in the paranoid mode, same thing. 

[aigle]

Yes, I have noticed this as well. I changed to Training Mode to see what 'services.exe' needed to run properly and afterward, when checking, I saw that almost every access right was set to "Allow". I never use Training Mode anymore because I really don't like this behavior. 

The stupid thing is that you can never control driver install/ load by services.exe, no matter what rules and config you use.

See my thread here.

https://forums.comodo.com/defense_bugs/servicesexe_driver_install_no_way_to_control-t47159.0.html

What do you think about this?

[SS26]

Seems like all modes except paranoid are affected by this kind of "learning".

even in the paranoid mode, same thing. 

Is there autocreation of rules (learning) in Paranoid mode  ?  Example?
Personally never noticed

[aigle]

Yes in paranoid learning mode. You can try and see.

[Tags:]