There is no need to make a millions posts when all you need to do is read the “Help” file. Simply click on “what do these settings do”. That option is on all the tabs and boxes you open up in Comodo. Please read them.
Paranoid Mode: This is the highest security level setting and means that Defense+ will monitor and control all executable files apart from those that you have deemed safe. Comodo Internet Security will not attempt to learn the behavior of any applications - even those applications on the Comodo safe list. and will only use your configuration settings to filter critical system activity. Similarly, the Comodo Internet Security will not automatically create ‘Allow’ rules for any executables - although you still have the option to treat an application as ‘Trusted’ at the Defense+ alert. Choosing this option will generate the most amount of Defense+ alerts and is recommended for advanced users that require complete awareness of activity on their system.
Safe Mode: While monitoring critical system activity, Defense+ will automatically learn the activity of executables and applications certified as ‘Safe’ by Comodo. It will also automatically create ‘Allow’ rules these activities. For non-certified, unknown, applications, you will receive an alert whenever that application attempts to run. Should you choose, you can add that new application to the safe list by choosing ‘Treat this application as a Trusted Application’ at the alert. This will instruct the Defense+ not to generate an alert the next time it runs. If your machine is not new or known to be free of malware and other threats as in ‘Clean PC Mode’ then Train with Safe Mode’ is recommended setting for most users - combining the highest levels of security with an easy-to-manage number of Defense+ alerts.
Clean PC Mode: From the time you set the slider to ‘Clean PC Mode’, Defense+ will learn the activities of the applications currently installed on the computer while all new executables introduced to the system are monitored and controlled. This patent-pending mode of operation is the recommended option on a new computer or one that the user knows to be clean of malware and other threats. From this point onwards Defense+ will alert the user whenever a new, unrecognized application is being installed. In this mode, the files in ‘My Pending Files’ are excluded from being considered as clean and are monitored and controlled.
‘Installation Mode: Installer applications and updaters may need to execute other processes in order to run effectively. These are called ‘Child Processes’. In ‘Paranoid’, Train with Safe’ and ‘Clean PC modes’, Defense+ would raise an alert every time these child processes attempted to execute because they have no access rights. Whilst in one of these 3 modes, Comodo Internet Security will make it easy to install new applications that you trust by offering you the opportunity to temporarily engage ‘Installation Mode’ - which will temporarily bestow these child processes with the same access rights as the parent process - so allowing the installation to proceed without the usual alerts.
So the my question would be: On a system which is not new, what is the difference between Clean PC Mode vs. Safe Mode? Both will monitor the new applications. If an new application does not figure on the white list, Clean PC mode will move it in the My Pending File while Safe Mode will generate an Alarm. Is there anything else I have miss?
So far, when I move the slider from Safe Mode to Clean PC mode, my pending file folder fills and I don’t always see all the alerts when I install a new application (but the file is in the my pending file folder, so CSI has blocked it).
This is from MY knowledge.
Only the files that are in Safe Database of CIS are considered safe…
When you set, All the files currently present in your local system are considered safe… any new executable introduced into your system that is not available in the Safe Database of CIS will be added to My pending Files thereby you will be alarmed for that application…
Purpose of Pending Files is you can submit or perform online look-up… So that comodo can analyze the file on submit and will be added to the SAFE DB If found safe… Also, If you’re Sure, you can also make them safe by moving it to My Own Safe files… etc
CleanPC minimize the pop-up by considering all the local files in your system are safe…
In either mode you won’t get alert from CIS for safe files…
CIS hasn't blocked it, but the file will be monitored for any threatening activity and notify you before it is permitted to proceed.
I see, so Safe Mode blocks the installation and asks you to make a choice on the Alarm window (straight process). Clean PC Mode will install the application and place the files(s) in the my pending file folder (kind of deferred process), and an Alarm will only occur when I launch the file in my pending file folder. Is that correct.
So, let’s imagine.
a. x application is not on the white list.
b. I install the application using CSI in Clean PC Mode.
c. No Alarm pops-up.
d. I launch the application > Window Alarm pops-up.
e. I select Allow
f. Then I can delete the file in my pending folder
g. Or if I need the file again, I have to move it to my trusted file folder.
Is that correct?
Now from a usability perspective isn’t Safe mode easier? Straight choice for any new installation/modification?
Correct. This mode allows the setup file and any spawned files to do what they need to do to install or update the application. It does not automatically create rules for the installed applicaton, unless it is already in the safe list.
That could be one of the benefit using Clean PC Mode, but am still I not clear about the benefit using Clean PC Mode. On a new PC, Clean PC would speed up the process, it’s understood. But I wonder if that’s the only purpose of using Clean PC Mode, or if there are other reasons to use this mode instead Safe Mode on a daily basis? Thanks for more input.
In safe mode safe listed applications have their rules automatically learnt without a pop-up.
I clean PC mode any application not in “my pending files” has its rules automatically learnt. Any new or modified application that is not in the safe list is automatically is added to my pending files.
Rules for an application are inherited from the parent application so if setup.exe in “installer or updater” and setup.exe runs InstallThisPart.exe then InstallThisPart.exe is also “installer or updater” and will give no pop-ups. Unsafe programs not part of the installation will still give pop-ups.
IMHO, you shouldn’t use Clean PC mode for long term use. Clean PC mode is for when you have first installed CIS, are certain that you’re PC is actually clean and you have run all your normal applications. Once these steps have been done, you should switch to Safe Mode.
Safe list = COMODO white list + all the applications added by the user as trusted?
I use clean PC mode long term and like it. The problem is that you have to manage “my pending files” and the developers have not made it easy. The advantage is to do not have to add things to “my safe files”.
Maybe I will be more luckier today? I still don’t get the big picture of the Clean PC Mode!!!
tacarrbrion gave me a hint: you have to manage ‘my pending files’. Could be there.
Alright, I understand the definition on the manual and on the thread. Good!
I also understand that Clean PC Mode considers all the application as safe on the system. Very well.
But practically, I don’t get it. So, I gave it one more try with a fresh install of 3.9 today:
a. Clean PC Mode selected
Installation of songbird http://getsongbird.com/
No alarm pops-up
the installation completes
the software starts
My pending file folder is full of files (songbird installation files among others)
There lies my confusion about this mode, but I want understand it, and I guess it is a simple question or relation I just don’t get.
If my pending file folder is full of songbird files, why can I install and run the application, shouldn’t I first select the files or discard them to be able to install ? - I am lost.
Why can I launch and application when the installation process generates many files considered unsafe in the my pending file folder. So Install is not safe, but run is safe? - I am lost.
What do I do with the files inside my pending file folder? Are they important? How can I decide? Do I have to move them in my trusted files? - I am lost.
In comparison Safe mode is pretty straighforward
a. Install an application
b. select yes/no during the Alarm windows session
c. eventually modify your rule in the computer security policy.
If you add all the applications you install to my safe files then clean PC mode and safe mode are the same except you get a list of changed/new files in clean PC mode so you know what is going on on your PC.
The downside of clean PC mode is that the developers have not made it easy made it a right pain to manage my pending files.
There are two choices (each could be subject to user error):
Clean PC mode: take files out of my pending files to prevent pop-ups
Safe mode: add files to my safe files to prevent pop-ups
In each case the process is automatic for files in Comodo’s safe list.
The catch is that “Clean PC” mode isn’t working properly in your PC. I just ran a simple test - First I executed Revo Uninstaller setup file after adding it to “My Pending Files” and then removed it from “My Pending Files and” executed it. In the first case, I got an alert for the execution; in the second case, I didn’t.
The above “test” is basically how “Clean PC” mode should work. There are a few exceptions though: 1) If “Revo Uninstaller” were a file in COMODO’s safe list, you wouldn’t even be able to add it to “My Pending Files”.
2) If you installed a program which had access at the kernel level, COMODO cannot prevent it from doing anything even if were treated as an “unsafe” file. You will probably get alerts, but you won’t be able to restrict accesses to that particular program attempting them, even if you blocked them.
When I install a program I look at my pending files and if I am sure of what I have installed I remove every file associated with the install. This is where I would like multiple file select as any other files I leave behind so I do not want to select all. If I was not sure the program was safe I would leave all the files there but I never do this as I only install what I am fairly sure is safe.