CFP should allow applications full control over folders and registry entries that applications create on install, and deny access to everything else, asking for rights to modify system folders and registry entries.
If I install firefox on BSD, it cannot by default change files or settings related to other apps.
Setting an app as “Trusted” in CFP gives the app carte blanche access all files and registry entries of every other app, and IMO, this is a security risk.
(:NRD)
If Microsoft can’t design a reasonably secure OS on their own, Comodo should help them out!
:THNK
HI Axl,
Thank you for your suggestions. I personally don’t use the pre-defined rules unless I am running an installer or uninstaller on my system and I regularly purge the old rules on my CPF3.
The safest bet is to simply check and allow rules individually though with some updaters it’s a little time consuming with the pop-ups.
I also think that Installation Mode should change back to normal once the computer is rebooted.
I don’t generally use Trusted App mode since there are very few apps I trust, but some of the pop-ups generated after installing software using Installation Mode are ridiculous.
For example, I install an app called Glib.
I put the firewall in Installation Mode, Glib installs itself in C:\Program Files\Glib Software\Glib.
Main executable is glib.exe, and at times it may execute config.exe from the same installation directory.
Now my question is this:
Why should I get a pop-up asking me to give glib.exe permission to execute config.exe when config.exe was copied by Glib into a directory created by Glib??
This has to do with CPF’s Behaviour Analysis. If one program tries to execute or alter another program you’ll get a pop-up. One program executing another is often a sign of Trojan behaviour. I believe you can change the behaviour analysis setting in the advanced bit of Defense+ or Firewall. It also depends on what type of communication is happening between the two programs. Trojans tend to use OLE communication but since these are legitamate actions you can just “Allow them” or turn CPF into Training mode temporarily so that it automatically learns the program’s normal behaviour.