Basic question about Defense+ "pending files"

[Guest]

[zeke56]

As a new user, I'm afraid I'm not understanding the point of the "Pending files" in Defense+. Certain applications create files, and these files appear in the Pending files list. However, I don't receive any notice at the time they are created, and the applications don't seem to be prevented from using these files when they are created. So, my approval or disapproval after the fact seems to have no use. It's a bit like having a security guard who tells me that an intruder came in, but only after the fact, and only if I ask him. I could tell him not to let intruder X in *next* time, but of course the intruder gives a new name each time (typically applications create different file names each time). I haven't found any setting to change the associated behavior of Defense+, so as far as I can see, all it does is create a continually increasing list of files that have been created in the past. I would appreciate any  explanation of the point of Defense+ in this regard.

[exproff]

Welcome zeke56 to the forum!

A newly created files (or modified exist files) appearing in Pending Files. D+ will alert about any activity of these files only if THEY will start activity. But other applications (wich NOT in Pending Files) able to read, load to memory and so on without any alert.

[hullboy]

So if you remove all the files in the list you will have no more alerts about those files?
The Defense+ policy will be applied from that moment on?

[exproff]

If you'll remove any file from list - that file will become "safe" for system and you will be alerted of it's activity only if it will try to do something unusual.

And YES, D+ policy will be applied

[zeke56]

OK, thanks, exproffs' explanation answers my question, except that some of the files I see there are dll's, which as far as I understand aren't able to execute independently -  of course they contain code, so I can see why they would be important, and it seems like there should be an alert if these dlls are used by an application.  However, these dll's seem to be successfully used w/o any alert by the application that creates them, altho I don't really understand why an executable is *creating* dlls, so I don't really know what it's doing. The application in question is siw.exe (System Info for Windows), and it seems to be creating, for example, siw_sdk.dll, and SiwTaskDlg.dll.

[exproff]

Ok. there is some misunderstanding with dlls and some other types of files =)
Let me explain - if application assumed to be safe, then this application IS able to load any type of files, even those wich in "My Pending Files". And all because it is SAFE application =)
But if it will try to run another application (in Pending Files) you will be alerted (anyway you SHOULD be alerted, other way it is a bug if not).
If Application is in Pending Files, then you will be alerted of every activity of this app.

All this only my IMHO, so I also want to see any explanation of COMODO Team

[Tags:]