CIS alerts don’t mention if the digital signature is invalid.
If possible I wish that code-signed executables with invalid signatures will be able to trigger a totally new alert to ask the user if they still wish to apply the existing policies for that app.
Code signing is actually a neglected by many users this would be a good way to increase end-user awareness.
Another wish would be to modify GUID alerts for COM objects to also provide a more informative progid and related InprocServer32 file.
I guess nobody will be able to tell what a GUID mean but a progid an file could do the trick.
If not we should print a cheatsheet of all protected guids.
Another related wish would be to add an alternative way to add COM components to protected COM interfaces.
Everytime it takes up to 20 seconds to populate the panels with all COM components (clicking abort close the entire dialog).
A simple way to add an entry directly would prove useful if the user already know the GUIDs or use the registry.
Basically the COM Components… menu entry could be renamed to Browse COM Components… and another menu entry named “Add…” could be added.
Or Maybe The com Component List could be hidden and enabled only sfter clicking a button. This way the user could awoid waiting if doesn’t need that list.
Please improve policy import/export support adding the possibility to import partial rulesets in a text-file format.
Another thing I miss is more aliases. They will make possible to share rules on the forum or to use a baseline configuration on “foreign” computers.
These Registry branches that contains useful alias I hope V3 will support
These improvements could make support topics more easy and it could be possible to share pre configured policies.
Future development could also make possible to create a centrad DB to index all those policies.
As I used no AV for moths I would like to mantain that light CPU-load usage pattern.
So the options are to manually scan pending file list or enable realtime scanning only when the installation mode is active (possibly only on the installer appchain and related written files).
At the same time I wish to prevent scanning of all applications that have a D+ policy and are not listed in my pending file list (an option to enable my pending file list for other modes would be good)
Maybe this will spare me only few CPU cycles but I see no point to scan the same applications everytime I run them.
IIRC CAVS should already have some kind of features as it was previously reported that CFP3 scan decrease scan time after multiple usage but there is no way to tell was file was just scanned lby Realtime AV ike (eg) avast.
Please ■■■ AV sig DB version to CIS about box
Please add a shortcut to CIS standalone Logviewer to Comodo startmenu folder and a logging menuentry (with f+, D+ and AV+ log submenu) to CIS tray icon menu