Welcome, Guest. Please login or register.
March 19, 2010, 11:40:56 AM

Login with username, password and session length

372844 Posts
41352 Topics
94016 Members

Latest Member: wasm1984

Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Desktop Security Products & Services
| |-+  Comodo Internet Security - CIS
| | |-+  Bug Report - CIS
| | | |-+  Defence Plus has no Paranoid learning mode?
« previous next »
Pages: [1] Go Down Print
Author Topic: Defence Plus has no Paranoid learning mode?  (Read 1956 times)
aigle
Comodo's Hero
*****
Offline Offline

Posts: 521



« on: November 02, 2009, 07:27:18 PM »

I just noticed it today inspite of the fact that I am using CFP since long. If you put Defence Plus in learning mode, it never learns the complex parent-child rules. In its lerning mode all rules made by Defence Plus are simple rules.

Example:

I execute abc.exe and this application installs and loadsa  specific driver gurad.sys. Now in learning mode defence plus makes a rule that allows abx.exe to install and load ANY driver( not only guard.sys).

Is this the way CFP is expected to work? If it,s like this I am sorry to say that I am really disappointed on this implementation and feel frustrated that it was never obvious and rather obscured by the so called Proactive Security and paranoid Mode.

I wil mark it as a bug( even though it,s not). What is the fun of making a paranoid mode available when learning mode will make simple rules rather than complex parent-child rules?
Logged
OmeletGuy
Good gamer, Omelet Chef, Rogue AV hater!
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 2001


The only thing i ask for are eggs.


WWW
« Reply #1 on: November 02, 2009, 07:34:16 PM »

What application did you test with?
Logged
SS26
Comodo's Hero
*****
Offline Offline

Posts: 1666


« Reply #2 on: November 03, 2009, 04:07:27 PM »

I execute abc.exe and this application installs and loadsa  specific driver gurad.sys. Now in learning mode defence plus makes a rule that allows abx.exe to install and load ANY driver( not only guard.sys).


There are some number reports about this kind of learning.... Seems like that is the way they (at least partly) solve problem with numerous Comodo registry entries: smaller number of exceptions (everything is set to allow except Registry modifications and Protected files) means smaller number of reg. entries Lips Sealed 
Logged
.FaZio93.
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 2290



« Reply #3 on: November 03, 2009, 05:14:18 PM »

Yes, I have noticed this as well. I changed to Training Mode to see what 'services.exe' needed to run properly and afterward, when checking, I saw that almost every access right was set to "Allow". I never use Training Mode anymore because I really don't like this behavior. 
Logged

Vista Home Prem x32 SP2
CIS 3.14.130099.587
Please remember to follow the Forum Policy.
SS26
Comodo's Hero
*****
Offline Offline

Posts: 1666


« Reply #4 on: November 04, 2009, 12:23:06 PM »

I never use Training Mode anymore because I really don't like this behavior. 
Seems like all modes except paranoid are affected by this kind of "learning".
Logged
.FaZio93.
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 2290



« Reply #5 on: November 04, 2009, 04:45:29 PM »

Seems like all modes except paranoid are affected by this kind of "learning".

Hmm..sure hope it is changed.
Logged

Vista Home Prem x32 SP2
CIS 3.14.130099.587
Please remember to follow the Forum Policy.
tcarrbrion
Comodo's Hero
*****
Offline Offline

Posts: 541


« Reply #6 on: November 05, 2009, 03:45:57 AM »

I have been complaining about this for years, seemingly to deaf ears. There is no protection from safe applications with might not be so safe with the wrong macro, add-on, bug etc. I cannot use paranoid mode as I have users with no computer knowledge and I don't want loads of pop-ups. Looking through my computer security policy just about every application is allowed direct disk access, device driver installation and physical memory. I bet very very few require any of these and these are potentially very dangerous actions. I might be easier this way for some users but we are not given any choice (I do not consider paranoid mode a usable choice).

I hope V4 gives us more choice.

Clean PC mode on windows 7, 64 bit.
Logged
aigle
Comodo's Hero
*****
Offline Offline

Posts: 521



« Reply #7 on: November 07, 2009, 07:00:48 PM »

Seems like all modes except paranoid are affected by this kind of "learning".
Hi, even in the paranoid mode, same thing.  Thumb Down
Logged
aigle
Comodo's Hero
*****
Offline Offline

Posts: 521



« Reply #8 on: November 07, 2009, 07:16:54 PM »

Yes, I have noticed this as well. I changed to Training Mode to see what 'services.exe' needed to run properly and afterward, when checking, I saw that almost every access right was set to "Allow". I never use Training Mode anymore because I really don't like this behavior. 
The stupid thing is that you can never control driver install/ load by services.exe, no matter what rules and config you use.

See my thread here.

https://forums.comodo.com/defense_bugs/servicesexe_driver_install_no_way_to_control-t47159.0.html

What do you think about this?
Logged
SS26
Comodo's Hero
*****
Offline Offline

Posts: 1666


« Reply #9 on: November 09, 2009, 10:00:09 AM »

Seems like all modes except paranoid are affected by this kind of "learning".
even in the paranoid mode, same thing.  Thumb Down

Is there autocreation of rules (learning) in Paranoid mode  Shocked ?  Example?
Personally never noticed Undecided
Logged
aigle
Comodo's Hero
*****
Offline Offline

Posts: 521



« Reply #10 on: November 09, 2009, 08:01:04 PM »

Yes in paranoid learning mode. You can try and see.
Logged
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.229 seconds with 17 queries.
Powered by SMF 1.1.11 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Design by 7dana.com