CFP Defense+ Clean PC mode?

Anybody can explain how does the clean PC mode works? When I switch to clean PC mode it doesn,t scan the HD, how does then it marks all executables on HD trusted?

Thanks

It should have scanned during the installation, right now I can’t remember if you could opt that out, maybe it was done anyway even if you didn’t select clean pc mode at the time, not sure.

I think it doesn’t scan at all, instead it learns them on execution.

From the help file:

Clean PC Mode: From the time you set the slider to ‘Clean PC Mode’, Defense+ will learn the activities of the applications currently installed on the computer while all new executables introduced to the system are monitored and controlled. This patent-pending mode of operation is the recommended option on a new computer or one that the user knows to be clean of malware and other threats. From this point onwards Defense+ will alert the user whenever a new, unrecognized application is being installed. In this mode, the files in ‘My Pending Files’ are excluded from being considered as clean and are monitored and controlled.

Regards,
Mike

So it means that if I turn off file protection in CFP, clean PC mode will become useless. Am i true?

I will much prefer it to scan my C partition/ drive and then to make all scanned exe trusted on the base of MD5 check sum and then to give alerts for all new executables and exes with modified MD5/ SHA1 hash.

That,s the better way to go. I like to have an option to turn off file defence completely without much compromizing the security.

Will add to wish list.

What do you mean under file defence/file protection?

I will much prefer it to scan my C partition/ drive and then to make all scanned exe trusted on the base of MD5 check sum and then to give alerts for all new executables and exes with modified MD5/ SHA1 hash.

As far as I know clean pc mode does almost the same, except it doesn’t scan your hardrive, instead it makes the exe’s trusted on execution (of course only those that were already in your hd) and it doesn not recognize the modifications by watching md5/sha signatures but it monitors all sort of attempts trying to change the exe’s thus alerting you before the change takes place. If it were monitoring the file signatures then the alert would be given to you after the exe had been modified.
Feel free to correct me, this is only my interpretation of cleanpc mode.

If it does not scan HD, how it knows what executables were present when i installed CFP and what executables are added after that( new ones)?

Im not a programmer nor a developer of cfp, so I can only guess:
It monitors every file modification and newly introduced files, so it can distinguish them from the ones wich were already there. For example you have a sealed room full of people, and lets suppose you trust them all. You dont need to know how many are they or how do they look like to trust them, as the whole room is ‘trusted’ generally. If you open the doors, new people can go in too, which you dont trust. To distinguish them from the trusted ones already inside you only need to make notes about the new ones.
hope it helped a bit

ps: sorry if my post is idiotic, but im a bit hungover :■■■■

Deactivating file protection (or the entire Defense+) from the GUI doesn’t stop file monitoring. It just allow everything (except for files with network rules) but the monitoring is still working.