Hello,
I am looking into new av/fw software and thought I’d try Comodo. I just downloaded the free version and ran a scan. unfortunate it really did not like my cygwin installation and quarantined a couple hundred files.
I know I can restore them but my real question is how can I grab a group of files in quarantine and add them to the scan exception list? doing this singly is certainly not a good option and placing an entire directory in the exclusion list also seems like a bad idea.
also ( keep in mind I just downloaded the software last night ) is there a way to export/import comodo exception lists and general configuration so i don’t have run through the set up for each machine?
oh, and i’d give you the version of the software, but I can’t seem to figure out where that is at the moment.
Thanks for you time.
I see you found a solution to the initial problems so I’m just going to answer your other questions.
How to get Version info:
[ol]- Open CIS main window.
Click the question mark in the top-right corner.
Click About.
The version info should be in the window that pops up.[/ol]
How to export/import configurations:
[ol]- Open CIS main window.
Click Tasks in the upper-right corner.
Expand Advanced Tasks.
Click Open Advanced Settings.
Click Configuration in the left menu of the new window.
Right-click the configuration you’re choosing and click Export.
[li]Alternatively right-click anywhere and click Import.
[/li]
When done click OK on all the windows.[/ol]
I’d like to point out though that you can’t export just certain things, it’s either all or nothing. (All does not include AV signatures, TVL (trusted vendors list) and TFL (Trusted files list), other exceptions I’m unaware of may apply)
Regarding the false positives, please report them here but please read this first.
AV Exclusion list - Only excludes files from the AV module.
Trusted Files List - HIPS/BB/FW/(AV?) will trust the files and not alert about them (However for HIPS and FW it depends on what level you have them set to, Paranoid Mode for HIPS and Custom Ruleset for FW ignores the TFL)
You sure about that? By default CIS sets the FW to Safe Mode, I thought this mode allows trusted files by default and only if you set the FW to Custom Ruleset does it alert about trusted files?