Clean PC mode clarification [Resolved]

I have one quick question about clean pc mode and adding new .exe files. I understand that clean pc mode will assume that all files on your pc are clean at the time of installation and will monitor new files. However, if I download a new application/exe or what ever and run it, what protection do I have if it does have some form of malware in it? how will the fiewall protect me from the malware if I allow the program to run?

PS.
I have used both safe mode and clean pc mode. safe mode is too safe for what I need and clean pc mode allows any program to run without question. I am looking for a setting in between these two. Basically I want to run any program without giving permission, but I want to be informed of any program (safe or not) that is accessing the internet with out my permission (the norton firewall used to do that).

Comodo is a Firewall with HIPS. Having Comodo in Safe mode for both the firewall and D+ is a perfect setting. Allowing all programs to pass by D+ but only getting alerts for the firewall is very poor security. Not all programs need internet access nor does malware. if you read the hel file you can get a good explaination of each mode. Here is it. I copied and pasted it. Read the part about clean pc mode and you will see you are protected. Just go ahead and download a leak test and you will see. Download System Shutdown Simulator and run the 3 tests on the bottom.

Paranoid Mode: This is the highest security level setting and means that Defense+ will monitor and control all executable files apart from those that you have deemed safe. The firewall will not attempt to learn the behavior of any applications - even those applications on the Comodo safe list. and will only use your configuration settings to filter critical system activity. Similarly, the firewall will not automatically create ‘Allow’ rules for any executables - although you still have the option to treat an application as ‘Trusted’ at the Defense+ alert. Choosing this option will generate the most amount of Defense+ alerts and is recommended for advanced users that require complete awareness of activity on their system.

Safe Mode: While monitoring critical system activity, the firewall will automatically learn the activity of executables and applications certified as ‘Safe’ by Comodo. It will also automatically create ‘Allow’ rules these activities. For non-certified, unknown, applications, you will receive an alert whenever that application attempts to run. Should you choose, you can add that new application to the safe list by choosing ‘Treat this application as a Trusted Application’ at the alert. This will instruct the firewall not to generate an alert the next time it runs. If your machine is not new or known to be free of malware and other threats as in ‘Clean PC Mode’ then Safe Mode’ is recommended setting for most users - combining the highest levels of security with an easy-to-manage number of Defense+ alerts.

Clean PC Mode: From the time you set the slider to ‘Clean PC Mode’, Defense+ will learn the activities of the applications currently installed on the computer while all new executables introduced to the system are monitored and controlled. This patent-pending mode of operation is the recommended option on a new computer or one that the user knows to be clean of malware and other threats. From this point onwards Defense+ will alert the user whenever a new, unrecognized application is being installed. In this mode, the files in ‘My Pending Files’ are excluded from being considered as clean and are monitored and controlled.

‘Installation Mode: Installer applications and updaters may need to execute other processes in order to run effectively. These are called ‘Child Processes’. In ‘Paranoid’, Safe’ and ‘Clean PC modes’, Defense+ would raise an alert every time these child processes attempted to execute because they have no access rights. Whilst in one of these 3 modes, Comodo Firewall Pro will make it easy to install new applications that you trust by offering you the opportunity to temporarily engage ‘Installation Mode’ - which will temporarily bestow these child processes with the same access rights as the parent process - so allowing the installation to proceed without the usual alerts.

If you are installing a new, unknown application. Defense+ will alert you with a pop-up notification and, as you want to allow this application to continue installing, you should select ‘Treat this application as an Installer or Updater’ at the Defense+ alert. You will subsequently see the following

What was the problem with “safe mode”. I run both my pc’s in safe mode and its a perfect setting. If you were getting alot of alerts then simply use training mode for a week or so. Read here. Safe mode is fine. The alerts will stop after Comodo learns all your programs.

https://forums.comodo.com/help_for_v3/games_application_installation_comodo_firewall_pro_3-t24179.0.html

I did read the help file for the settings. My main concern was while in clean pc mode if I run a new application that is malware how would I be protected? I just gave it permission to enter my pc so it can install at will. EDIT: I guess it would not matter if it was in clean pc mode or safe mode, either way I give it permission. nevermind

I will check out those tests soon.

The problem I have with safe mode is all the .dll and global hooks that like to run on my computer. I never realized how many there were since previous firewalls never alerted me to them. Either Im filled with malware or comodos safe list is seriously lacking because all the .dll files that run (msctf.dll for example) are unknown to comodo. I do like the setting since I have so much control over everything, so I will tough it out or try learn mode.

thanks

Did you read this part of “clean pc mode”.

From this point onwards Defense+ will alert the user whenever a new, unrecognized application is being installed.

Ya, but I didnt think about one thing. It would not matter what mode its it since I would have to give it access anyway.

Heres one more for ya.
One problem I have with safe mode is the insane amounts of .dll an app will access. Just a little while ago firefox tried to access literally 100’s of other files. I sat there for 10 mins clicking allow or block till I finally gave up and tried to shut down. But it would not so I had to pull the plug. THat was just ridiculous.

The only thing I changed was: Image execution control settings from normal to aggressive (and set executables to be checked). I can only assume that is what caused every single warning to pop up.

One weird thing was of all those .dll files comodo did not recognize most of them. if they are windows files or legitimate files, shouldn’t comodo safe list most of these?

Thanks for helping

The only thing I changed was: Image execution control settings from normal to aggressive (and set executables to be checked). I can only assume that is what caused every single warning to pop up.

Absolutely correct - agressive image control will trigger alerts on just about everything, but only becuase YOU explicitly told it to. That what it means by agressive.

Ewen :slight_smile:

OK thanks I set it back to normal and it will only check the .exe.

Vettetech, panic, and anyone else who wants to answer. What do you have your Image execution control setting and files to check set too?

Mine is on normal. All my settings are stock actually.

Default at normal here. Anyway, since the main topic/question on Clean PC mode has already been answered, thread closed. For other questions please open new threads.