Clean PC Mode doesn't alert on new executables with logging disabled [resolved]

I’m worried about this.

-Sandbox and Antivirus disabled
-all Vendors removed from list except of course Comodo,
-enabled Parental Control to supress all alerts (disabling made no difference)
-tried disabling Trust the applications digitally signed by Trusted Software Vendors option
-Image Execution left default - confirmed .exe is listed

-downloaded a couple of new .exe’s to my desktop (both are from Piriform, but shouldn’t matter since I removed all Vendors…)
-those .exe’s never get caught in My Pending Files
-result: I can execute them without any word from Defense+ :o.

-Switched to Safe Mode and Paranoid Mode as well to test under the same conditions, but they both prevented all executables from launching ??? I don’t like this all or nothing deal.

Can anyone duplicate?


CIS 4.0.1383777.779 - Installed only Firewall (and Defense+ of course), disabled all Sandbox options
32 Bit Windows XP Pro
Using the original Administrator account
No other security or potentially conflicting software that runs during testing

Ill try when I get home on a VMWare XP image.

It is a new default for Safe Mode that Explorer will start safe applications without notification and will make a subsequent rule in the “Run an executable” of the Explorer rule. I assume this will also extend to Clean PC Mode.

First make sure these Piriform programs are not on the safe list. Test by trying to add them to My Own Safe Files. It will tell when they are on the safe list.

try this…

  1. disable sandbox
  2. goto Defense +
  3. sandbox
  4. sandbox settings
  5. UNCHECK all options in this menu
  6. click on. try again.

works?

I installed with Proactive Defense+, so explorer.exe is “Custom” and it is also set to “Ask” next to Run an executable (as per the default).

That’s the problem; it shouldn’t matter whether they are safe listed or not when all the default Vendors are deleted…unless there’s some other file that CIS still utilizes that relates to a hidden safe list ??? Just to destroy any doubts, I attached a screenshot. Clean PC Mode should automatically add all new executables to the Pending List for me, but it doesn’t.

That was the first thing I did after I installed CIS 4 - disabled all options in Sandbox. I tried to replicate as close as possible to my CIS 3 settings, but the outcome is undesirable :-.

[attachment deleted by admin]

If files are in Comodo’s safe list they will be trusted by CIS unless it’s in Paranoid mode. Removing the trusted vendor from the list merely means that if a file is not in your safe list and is not in Comodo’s safe list you will be prompted.

Let me know if I misunderstood your question.

Yes. That’s what it’s supposed to do, but it’s not working. Sure I can manually add files to the Pending List, but the point was to be automatic like it was in v3.

Is this a bug or a misconfig on my part? Right now, I feel like Defense+ is in Training Mode (aka might as well disable it since it allows everything 88)).

You are forgetting there is a thing as the, humongo, safe list (approx 15,000,000 programs) that works independent of the Trusted Vendors list.

Just to destroy any doubts, I attached a screenshot. Clean PC Mode should [u]automatically[/u] add all new executables to the Pending List for me, but it doesn't. That was the first thing I did after I installed CIS 4 - disabled all options in Sandbox. I tried to replicate as close as possible to my CIS 3 settings, but the outcome is undesirable :-\.

Remember you cannot disable the safe list. I looked up how Clean PC mode is supposed to work according to the manuals of v4 and v3:
v4:

From this point onwards Defense+ will alert the user whenever a new, unrecognized application is being installed.

v3:

From this point onwards Defense+ will alert the user whenever a new, unrecognized application is being installed.

The manuals tell that only for unrecognised application the user will be alerted. So it doesn’t add all new executables automatically to the My Pending list like you suggested in the above.

What Pirifrom programs did you use for testing? This way we can think with you and verify/falsify your aussmption about the Clean PC behaviour. Please test them to see if they are on the white list.

Why in God’s green earth did they (comodo devs) fiddle with all this stuff… ???

I found some interesting bugs. Remember, I disabled all the vendors and safe list options in CIS, still in Clean PC Mode, but this time, I enabled Parental Control with all alert suppression options enabled AND the CIS GUI closed* (this is important and I’ll explain):

  1. I downloaded an executable Recuva portable (cause I like testing with portable programs that don’t mess with the registry) - although one could use any executable and it’ll work (I’ve tested with others to confirm)

  2. When I unzip the setup file, drag the files to say my desktop, then try to launch Recuva.exe, Windows alerted me that this file doesn’t have the proper permissions (I forgot the exact message but it’s easy to reproduce). I checked to see that nothing is still in My Pending Files list…

  3. I attempt to relaunch Recuva.exe, but this time Recua successfully launches!

*4. If the CIS GUI was opened in Step 2, Recuva would’ve successfully launched without that permission error message.

How do you disable safe list options other than putting D+ in Paranoid mode?

Paranoid mode? I only used that once - and that was just to test out the differences.

  1. Go to that screen and hold Alt + R until everything is gone but the 2 undeletables > Click Apply
  2. Go to that screen and disable that long-named option > Click Apply

If there’s anything more I can delete or disable, let me know. Although I think I already over killed it.

[attachment deleted by admin]

That still doesn’t remove the working of the Safe List. Only Trusted Vendors.

As I stated in the above Trusted Vendors and Safe List are two different animals. Preventing CIS to use the Trusted Vendors list can be done as you described. To prevent it from using the Safe List you need to go to Paranoid Mode. In Clean PC mode rules will automatically be made for Safe Files.

Dude, you are logged in with an old account…:wink:

Sorry, but all that is irrelevant, perhaps including this whole topic by me…

It took a while, but I got it working after reinstalling CIS many times and finding the real culprit. A few of the files in C:\Program Files\COMODO\COMODO Internet Security\scanners (and perhaps others) are now necessary for Pending List to activate. Those are supposed to be just used by the AV…Don’t ask me why, especially since version 3 never included such dependencies. Also, it seems that if any file in the Repair folder is removed, CIS doesn’t uninstall properly (once again, version 3 doesn’t have this problem :-). I fear that I’ll have to endure the bloat if I want to continue on with v4. It’s now 83.8 MB for me (and that’s being generous since I removed some unneeded files). I remember that CFP was in the ten’s for MB space. With each new version the components are so integrated that it reminds me of Windows Explorer and Internet Explorer 88).