cis and cygwin

Comodo Internet Security - CIS AntiVirus Help - CIS
1

Hello,
I am looking into new av/fw software and thought I’d try Comodo. I just downloaded the free version and ran a scan. unfortunate it really did not like my cygwin installation and quarantined a couple hundred files.

I know I can restore them but my real question is how can I grab a group of files in quarantine and add them to the scan exception list? doing this singly is certainly not a good option and placing an entire directory in the exclusion list also seems like a bad idea.

also ( keep in mind I just downloaded the software last night ) is there a way to export/import comodo exception lists and general configuration so i don’t have run through the set up for each machine?

oh, and i’d give you the version of the software, but I can’t seem to figure out where that is at the moment.
Thanks for you time.

John Cutler

2

never mind I’m an idiot. the restore function give the option to add the files to the exception list awesome.

though I still would like to hear about config export/import unless they are equally obvious.

there are a lot of false positives for the cygwin application is that something I should bring up in the another forum?

John Cutler

3

Hello John,

I see you found a solution to the initial problems so I’m just going to answer your other questions.

How to get Version info:

[ol]- Open CIS main window.

  • Click the question mark in the top-right corner.
  • Click About.
  • The version info should be in the window that pops up.[/ol]

How to export/import configurations:

[ol]- Open CIS main window.

  • Click Tasks in the upper-right corner.
  • Expand Advanced Tasks.
  • Click Open Advanced Settings.
  • Click Configuration in the left menu of the new window.
  • Right-click the configuration you’re choosing and click Export.

[li]Alternatively right-click anywhere and click Import.
[/li]

  • When done click OK on all the windows.[/ol]

I’d like to point out though that you can’t export just certain things, it’s either all or nothing. (All does not include AV signatures, TVL (trusted vendors list) and TFL (Trusted files list), other exceptions I’m unaware of may apply)

Regarding the false positives, please report them here but please read this first.

Hope that helps,
Sanya IV Litvyak.

4

Thank you for your quick response. One question, is TFL the same as the av exception list?

John Cutler

5

Well… not really… but if I remember correctly the AV won’t react on trusted files, so if you add a file to the TFL you may not get any alerts for it.

But no the lists are not the same, the TFL can be found here (Refer to image):

962×676 41.6 KB

AV Exclusion list - Only excludes files from the AV module.

Trusted Files List - HIPS/BB/FW/(AV?) will trust the files and not alert about them (However for HIPS and FW it depends on what level you have them set to, Paranoid Mode for HIPS and Custom Ruleset for FW ignores the TFL)

6

av exlusion will only exclude the file from the AV nothing else (sandbox/HIPS)

trusted files list will exclude the file from everything except the firewall (av/sandbox/HIPS)

7

You sure about that? By default CIS sets the FW to Safe Mode, I thought this mode allows trusted files by default and only if you set the FW to Custom Ruleset does it alert about trusted files?

8

actually you are correct i just tested it with an unknown file. sorry about the misunderstanding