Author Topic: Performance issue when remembering answer from Def+ alerts (V3.0.18 - .25 X32)  (Read 33589 times)

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Do you/Comodo have a special tool/script which will fire off a number of Defense+ Alerts?

AFAIK there is no such script .

But I guess you could remove your cmd.exe rule and create a bat file with a bunch of different applications paths (eg c:\program files\mozilla\firefox.exe) and test it using parampyd mode.

This should create a bunch of execute alerts for cmd.exe

IIIRC this doesn't happen with cleanpc mode because an *.exe rule will be created.
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13543
  • Retired - Volunteer Moderator
This also depends on the way you configure CIS/CFP.

If you run safe/para mode and train every app without using the predefined rules you will get a lot of registry entries for this one application you train.

How more entries in the registry how longer it will take to save those.

If you first train an application and a lot of key's and parameters are set in registry and you decide to switch this one to "Trusted" the amount of registry bytes to save stay's the same because the configuration "remembers" the "old" Custom values. And only switches one key to tell CIS/CFP to look for predefined profile X.

Therefore if you would like to save registry space you have to decide to trust it from the start, or manually clean up the "mess" later if you decide to switch to predefined.

My full custom registry export was almost 6MB large, now i've trained it a little different and it's only 2,5MB so there is much less delay in saving rules, or training apps with 20 alerts.

But then again, I'd really like it full custom, so i can decide when i think something strange is happening.
Try to import a 6MB file in to registry with "right click merge" under windows and see what happens !!
The same high cpu load and time consuming process with windows own routines.
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek