Auto-Containment 3 days rule

Hi there,

I have a question regarding the rule to contain unknown applications that are more than 3 days old.

This rule was added with CIS 10 if I’m correct. Before that, Comodo used to ignore everything that was already on the system regardless of age.
I remember this being an issue with some tests on Youtube (and probably other tests like back in the day, where people would drag and drop malware files directly into their virtual machines which were then not sandboxed and counted as a miss.

I, however, found the old ruleset much more userfriendly and seamless when it came to less known games from Steam for example.

So if I were to disable the file age rule and just use the remaining ones (downloaded from internet, external drive etc.), would that realistically reduce the security?

In other words: Was this rule added for any other reason than to improve testing scores? Is it possible that malware could be dropped (word macro or something) in a way that it would be ignored by all the rules except the file age one? I mean, Comodo does have exploit protection through command line analysis, right?

Looking forward to hearing from a developer or maybe a hobbyist who tested this extensively :wink:

Lonely Office Chair 3.0

*less than 3 days old. The rule is mostly used to auto-contain scripts created from the embedded code detection feature, the ones that get saved into ProgramData\Comodo\Cis\tempscrpt folder. And it should also deal with downloaded executables and scripts that are downloaded through office macros as you mentioned.