Add a "manually untrusted"/"monitored" files section to D+

I often wanted to have stricter control over a few trusted programs.

Here is the issue:
one example:
I want to be alerted when my web-browser start a program (any program) so I made a custom rule in computer security policy for my web browser with run an executable set to ask. But this did not trigger.

My web browser was detected by CIS as a “Trusted File” it is in the Trusted Files list.
Trusted Files take precedence over allow and ask settings of computer security policy. Only deny settings will be effective. Strange decision by the devs but that’s how it is.
Note that the Sandbox must be off for this to work.


  • If I am using D+ in Paranoid Mode then it will alert me, because it ignores all trusted files.
    This would give a whole lot of new alerts I don’t really want.
  • Disable Online Lookup for files and add programs to trusted files manually except for the programs I want more control over. Much work, and defeats the purpose of the cloud scanner.

Add a new section in addition to Unrecognized Files and Trusted Files.
This section could be called Monitored Files.
Files in this section would be treated like Unrecognized Files but no further attempts to look them up online or classify them (except by malware and virus scanning modules) will be made.
For these files only the rules in computer security policy will be applied.
It’s like a Paranoid Lite Mode where only some files are treated paranoid.

What do you think?

The wish for higher priority of computer security policy rules was there since v4 but apparently is not going to happen, maybe this is a better solution.

Seems to be the theme “Automatic adding of files in TFL” interests many people. :slight_smile:
And there are several suggested solutions. I also don’t know why comodo developers don’t pay attention to this.
My topics: 1 and 2.

What I would like is an “always ask” option in computer security policy. You could then set up a program group and set selected dangerous but rare operations to always ask. This could include direct disk access and driver installation. The programs in the group then would always ask for selected thing even if the program is trusted.

That is a good idea. Some way to set rule priority manually would be good. But that would probably need a completely new GUI.