Component Monitor - Learning mode better ?

[Guest]

[ocky]

I have been using Comodo PF for about 2 weeks now, and whilst I have not encountered any problems, I am still confused as to the benefit of switching the component monitor from 'learning' to 'on', especially for average home users.
Let's say I install a new version of 'X' application and some of the .dll files have changed - in learning mode I will be alerted and would select 'allow' because I know what I am installing and from which source. In 'on' mode I would also select 'allow' - the difference being that if I choose I can see the .dll files by clicking 'Libraries' and would then need to allow them, otherwise my updated program will not connect.
Am I missing something vital to my security - or can I leave the component monitor in 'learning' mode ?

Also I don't understand the PC Flank Leak test. There is a dripping tap, but when pasting the url into my browser the result definitely does not reflect what I typed before ?

Thanks in advance for any help/advice.        
                                                                              

[ocky]

Sorry to 'bump' this - I did come across a thread, or was it a poll ? where some of the members mentioned their preferences or methods regarding the Component Monitor modes. Alas, I can't find this thread anymore.

Some guidance will be welcome. Apologies for being impatient !     

[Graham1]

Sorry to 'bump' this - I did come across a thread, or was it a poll ?

The link below may help.

http://forums.comodo.com/index.php/topic,2546.0.html

[Soyabeaner]

Learning mode is best during the initial few weeks of CFP's installation to avoid unnecessary alerts about known programs/components.  It's been weeks, but I still keep my on Learn because of another problem (causes high cmdagent.exe cpu usage when web browsing).

[ocky]

The link below may help.

Many thanks for the link. That's what I was searching for. However please advise if there are any benefits of turning the Component Monitor on ...... unless it is only a matter of being curious as to what components are shown in Libraries. See my initial post.

Anyone on my PC Flank leak test query ?

Sorry, but noobs do need some pampering to become at least mini heros   

[Soyabeaner]

The supposed advantage of ON mode is that any time new components are loaded (after the first weeks of it being on LEARN), you will be alerted.  Learn mode automatically defaults all components to accept as you can see from the huge list.  ON mode will default to deny unless you explicity allow the components to load.

I'll state this up front: there is no honour to being a hero other than self-reward of helping others.   

[ocky]

Thanks ♥ soyabeaner ♪ !

At this stage I think I will leave the Comp. Monitor in 'Learning' mode, in line with several "Comodo Hero" folks, as gleaned from the link kindly supplied by Graham1.
I assume that, when say downloading an application update where .dll, ActiveX etc. have changed, I will be asked to allow/deny. As I know the source to be safe (touch wood), I will choose allow, thereby also allowing the associated components. Is this right ?
I also assume that when Comodo was first installed and I initiated, "scan for known applications" this is what is to be seen in the Comp. Monitor. If there are any changes, I will be alerted as mentioned above; so I really don't see the need for "On" mode although I will certainly give it a try.     

[Soyabeaner]

 I may be a "hero", but it doesn't mean I know much .

At this stage I think I will leave the Comp. Monitor in 'Learning' mode, in line with several "Comodo Hero" folks, as gleaned from the link kindly supplied by Graham1.
I assume that, when say downloading an application update where .dll, ActiveX etc. have changed, I will be asked to allow/deny. As I know the source to be safe (touch wood), I will choose allow, thereby also allowing the associated components. Is this right ?

I think you're right.  At least it seems logical  .

I also assume that when Comodo was first installed and I initiated, "scan for known applications" this is what is to be seen in the Comp. Monitor.

No.  Scan for known apps does not do anything to the component monitor - it only adds allowed AppMon rules.  Everytime I reinstall CFP the CompMon list is empty as expected, even after scanning known apps.  

If there are any changes, I will be alerted as mentioned above; so I really don't see the need for "On" mode although I will certainly give it a try.     

Yes.  Go ahead and try.  The worst it can do is blow up your computer.  Joking.

[ocky]

No.  Scan for known apps does not do anything to the component monitor - it only adds allowed AppMon rules.  Everytime I reinstall CFP the CompMon list is empty as expected, even after scanning known apps.  

Hi again, and thanks for your time ! One more question. How do the CompMon items get listed ?
Surely they are the components of the various applications and should be tied to the process of scanning for known apps. so that CPF can validate them before giving the OK to access the internet ? Tricky stuff for a noob ....   

[Soyabeaner]

I don't know the exact technical details, but you are on the right track.  It depends. 

If you're in Learn mode, all programs that are allowed to connect (I think the AppMon rules and the certified apps if you enabled that option) are automatically allowed for all their related components (dll's, drivers, libraries, etc.) and appear in that big CompMon list.  Although, I believe there is a something deeper or hidden because I've noticed dlls are were never used by programs I haven't even loaded yet.  It's almost as if CFP learns your entire computer components in time.

In On mode, if you deny the components, they will appear in the big Component Monitor list as denied (or in different combinations if you selectively deny/allow when clicking on the Show Libraries button on a pop-up).

There may be more unexplainble factors involved.  For example, even though I don't click Remember when I deny a given group of components, even after rebooting I never get asked the same dll's anymore.

[ocky]

Although, I believe there is a something deeper or hidden because I've noticed dlls are were never used by programs I haven't even loaded yet.  It's almost as if CFP learns your entire computer components in time.

I have also noticed this .... interesting. Anyway I have a lot to learn and will monitor more closely what goes on when I next do an uninstall/reinstall. Great firewall. (Miss the detailed logs in my olde Sygate with Whois lookup et al). 
 

[Soyabeaner]

I'm sure the logging will improve as time progresses.  There's another thread on voting polls about which plugins users would like to see in future versions (if Comodo decided to implement them), and Whois lookup currently seems to be the most popular . 

[Little Mac]

Regarding the connections and logs, I know that we shall soon have our beloved "Closed" button back, so that we can terminate any given connection.  We shall also have the "Listening" connections shown again.

It has been requested in the WishList that IP resolution (ie, Whois) be added; I would anticipate that will be in there soon as well... 

LM

[Tags:]