If you delete a vendor from the trusted vendor list, CIS now believes it is out of date and requires an update. Updating will reinstall the default trusted vendor list.
Bug is easy to reproduce.
1- Delete a vendor from the list (Deleting more vendors makes it easier to tell the default list returns)
2- Check for updates
4- Restart computer
5- Note that default list is back on your machine…
Unknown if also adding to the list causes this behavior.
* CPU (32 bit)
* WinXP Pro SP2
* Only CIS and Secunia PSI actively running
I can confirm that adding trusted vendor is triggering this update.
Removing new added ones and rechecking update within current session with Comodo (no closing/restarting needed) “fixes” the situation - no update offered
Added actually, probably thanks to the bug, I may say that the idea (if that was the intention) is not bad. What I mean is getting differential updates if some defaults/predefined policies/known trusted vendors’ list, etc. were changed. That should be stated in notification and delivered.
p.s. That I think will be easy to fix but I have a feeling that developers have to look at exporting/importing vendors too. The vendor added yesterday morning was exported/imported from 3.5.xxxx.439 to 3.8.xxxx.477 and I just accidentally found that “imported” is missing so I added it again yesterday.
(vendor export/import worked at least before 3.5)
You mean that it is temporary workaround to restore the default list if entries were removed from that list.
If you added something and didn’t touch the default list - temporary measure would be just removing new vendors (that’s what I did), no download needed until developers fix that.
Am I right?
If the “Fix” jeremybost came up with is to simply restore the default list so it will stop telling you there is an update, just let it update! The update will give you back the default list and CIS will stop thinking it needs to update. I fail to see how this is any sort of a workaround.
Yes, and I am not arguing in the first place
As it stated about the list: … “(which is the default)”.
So until the fix will come from developers any solution for not receiving Update notification is to stay with the default list which is good temporary solution.
Temporary solutions is “workaround” but you may correct me if I am wrong (no conflicts whatsoever from my side)
As for just “let it update” I may not agree. Why should you go through whole update because of it? I am not sure that it will be differential update, which will just restore the said list. Then why users have to receive back the default list from the update if they made changes they wanted?
Since that is most likely the case it will be whole update that may just create problems.
Therefore for those who removed modified default list Jeremy’s suggestion is excellent workaround (sorry )
For those who just added stuff and did not touch default list, as I did - workaround is - just removing new entries for a while (until the fix)
The update is differential if it’s the one that is prompted by
removing from trusted vendors list, very quick and painless,
then the update notice is gone.
So the workaround is more work, than to go with the flow 8)
As it stands now the options with regards to the Trusted Vendors list.
Boil down to -
Use it and go with the flow, or disable the use of the list with the check box.
Because… well we see that customizing the list, is folly until they figure out
this issue brought on by the Add and Remove buttons.
That’s good to know
The only thing to add - it would be nice to know about differential updates content when being notified in any case, because when that one came users are looking into “details” and all they can see is whole download link for the current version :o where link brings them