Add Option to Trusted Vendors List to not use it as an exclusion for AV

Chiron494 · November 15, 2012, 5:25pm

Hello, currently any vendor trusted via the Trusted Vendors List (TVL) will automatically be excluded from detection by the AV. While that is nice in many ways, and will certainly help cut down on false positives (especially for Windows files), it also means that signed malware may not only be allowed complete access to your computer, but will also be excluded from being detected by the AV.

While this is a trade-off, which provides an undeniable increase in usability at the expense of some security, I personally am okay with it. Of course I would also like it if they incorporated my other wish, which can be found here. However, I realize that there are many out there who do not believe this trade-off is worth it.

One good thing is that V6 will have an option to disable using the TVL entirely. However, certainly there are many out there who would like to use the TVL, to drastically cut down the number of Defense+ alerts they will receive, but would still like the AV component to alert them to any dangerous files it finds.

Thus, my wish is for there to be more fine grained control in how the TVL is used. Instead of an option to disable it entirely I think there should be an option to disable its use for Defense +. Then I think there should be a separate check-box to disable its use for the AV.

Please let me know what you think of this idea.

Thank you.

wasgij6 · November 15, 2012, 5:32pm

Sounds like a good idea to me :-TU

Dolphin66 · November 15, 2012, 5:38pm

+1

Wisdom · November 15, 2012, 6:26pm

+1 :-TU

It can be a good option against signed malware, Like it

L.A.R_Grizzly · November 15, 2012, 7:28pm

First, they should make sure that opting out of the TVL is actually working. It isn’t on my system:

https://forums.comodo.com/beta-corner-cis/comodo-internet-security-602528292560-bug-reports-t87325.0.html;msg636530#msg636530

Chiron494 · November 15, 2012, 7:31pm

That was just for the first Beta of V6. I’m confident that by the time it is released all bugs like that will be fixed.

Thus, we can assume that once it is public the ability to completely disable the TVL will be working properly.

L.A.R_Grizzly · November 15, 2012, 7:42pm

When they do get it working properly, it would be nice to be able to use it selectively as you suggest.

+1 :-TU

andrei1997 · November 16, 2012, 4:04am

What is TVL? I don’t know what it is.

L.A.R_Grizzly · November 16, 2012, 4:38am

Trusted Vendors List

andrei1997 · November 18, 2012, 3:45pm

I think it would be nice to have it.

spywar · November 18, 2012, 6:04pm

That means if AV engine detects a trusted malware it wont be “Detected and safe” anymore… Good idea +1 :-TU

layman · November 26, 2012, 6:42am

Good idea

Citizen_K · July 6, 2013, 12:19am

+1

SanyaIV · July 6, 2013, 12:35am

+1024

Sicknero · July 6, 2013, 7:31am

I see that this is quite an old thread, so, are all items that have a TVL certificate exempt from AV scans?? That’s worrying, especially in light of last week’s news from Opera.

thug4real · July 6, 2013, 12:46pm

+1 very good idea :-TU

SanyaIV · July 6, 2013, 3:07pm

Indeed.