Add a new term in "Protection Settings"

How if comodo add a new term in Protection Settings at Defense+ Rules so that the file can defense from be modifying by another process (like delete, rename, etc…)?

It’s not comfortable to setting exclusion on Access Rights rule (to be locked) for many other files not to modifyng this files.

Sorry for the bad grammar… :smiley:

Here is the screen shoot…

[attachment deleted by admin]

Hi Herman Salim,

This can be done in a different way.
If you wish to add files to the CIS protection so you get an alert or have to approve for certain files you can do the following.

Say you wish to protect all files in C:\Data* against modification, open Defense+, Computer Security Policy.
Click on the ‘Protected files and folders’ tab en then ‘Groups’ Add, New Group.

Give this a name e.g. ‘My protected files’, click Apply.
Now scroll to the bottom to find this new group, right click on it and select ‘Add’, now type C:\Data*| (make sure to add the ‘pipe’ at the end*) in the ‘add new item’ box and click the [nobbc][+][/nobbc] button then Apply.
Apply again so your back to ‘Protected files and folders’ select Add, File Groups, My protected files, and click OK.

This should now protect your files in C:\Data* against modification by unknown processes.

*The ‘pipe’ | at the end is to block sandboxed processes access to this location automatically.

Thanks for your answer…

By this way, i will receive a alert if unknown process want to modify this protected files, right? But no automatically block several process to modifying this file…

I mean, can I create a rule for certain file so that only several process can modify this file and automatically block many process if they want to do this without some any alert?

I want to ask another question too…
A case, a process want to terminate my protected execution files, Comodo gives alert that this process want to access the physical memory directly like this picture:

Can you explain how come a terminating process can be adequated with a access physical memory?
I argue that the word “access physical memory” is so common that we can’t know if this process means terminating another process…

Is it be better if this alert’s word be change to “xxx.exe is trying to terminate yyy.exe?”

Create a new group with all ‘several process’ processes in it, add it to the top of the Defense+ Computer security, select protected files and folders, switch to the ‘blocked files/folders’
Add the files you wish blocked to it and those ‘several process’ should not be able to modify those files.

If it has access to a process’s memory space it can do anything it wishes with it so allowing this will give ‘full control’ to the process.

Oke… I understand now… Thanks for your time… :wink:

Your welcome