CIS6: Classify files by path, not file hash

Apparently the trusted files list in CIS6 works by hashing files. Please add back the feature that works by path name alone. This may be desired in some cases. If you’re worried that users may use this unsafe feature then perhaps make the hash default and add a warning for when adding trusted files by path. According to a mod (see relevant threads below) this is not possible to do in CIS6.

Relevant threads:
https://forums.comodo.com/news-announcements-feedback-cis/my-cis-wishlist-thread-t96812.0.html
https://forums.comodo.com/install-setup-configuration-help-cis/understanding-cis6-advanced-t96062.0.html;msg693861#msg693861


Please also consider voting in these other threads: [[url=https://forums.comodo.com/wishlist-cis/perapplication-sandbox-rules-more-options-t93177.0.html]Configurable sandbox[/url]] [[url=https://forums.comodo.com/wishlist-cis/fix-the-darn-fullscreen-freeze-already-t97376.0.html]Full screen freeze[/url]] [[url=https://forums.comodo.com/wishlist-cis/hips-process-policy-inheritance-t97373.0.html]HIPS Policy inheritance[/url]] [[url=https://forums.comodo.com/wishlist-cis/cis6-classify-files-by-path-not-file-hash-t97372.0.html]Classify by file path[/url]] [[url=https://forums.comodo.com/wishlist-cis/hack-tools-disable-av-unwanted-software-t97371.0.html]Hack tools[/url]] [[url=https://forums.comodo.com/wishlist-cis/cloud-lookup-disable-safe-files-t97374.0.html]Cloud lookup control[/url]] [[url=https://forums.comodo.com/empty-t29948.0.html]Better SVCHOST handling[/url]] [[url=https://forums.comodo.com/empty-t69214.0.html]Firewall WHOIS[/url]] [[url=https://forums.comodo.com/wishlist-cis/configurable-sound-options-with-poll-t76512.0.html]Configurable sounds[/url]]

Could you explain when the path rule is better than hash?

This is a request I had when I started using compilers. A compiler will often generate different executable code that has the same file name. Please note that this is an old request. If the “policy inheritance” feature I mentioned was to be implemented, this would become obsolete.

CIS allows you to add files and executables to the list of Trusted Files so that those files will be given Trusted status. For the files added manually, it generates a hash or a digest of the file using a pre-defined algorithm and saves in its database. On access to any file, its digest is created instantly and compared against the list of stored hashes to decide on whether the file has 'Trusted' status. By this way, even if the file name is changed later, it will retain its Trusted status as the hash remains same. [b]However you can also add files by their file names, but if you happen to change the file name later, it looses its 'Trusted' status[/b].

This snippet is from the CIS 6.2 docs. According to that it is already possible to add files by path. But in one of my threads someone suggested me that in CIS6 this is not possible, neither I could find an option to add trusted files by path.

Which is the correct answer? Is it or is it not possible to add files by pathname in CIS6.2?

You can use BB exclusions :slight_smile: