Comodo protecting files it shouldn't [v5]

Comodo Internet Security - CIS Defense+ / Sandbox Help - CIS
1

So with protected files/folders turned on, Comodo seems to block files that it wasn’t told to.

I’ve manually cleared and added only the few folders I want protected in the computer security policy. I have also tested and made sure they all worked as intended. It is also important to note that none of the protected directories include any version of “program Files” on any of my drives.

The problem? Comodo seems to be marking some exes under “program files” (on any drive) as protected and I must allow the alert to continue. (The alert shouldn’t be there in the first place; these files should not be protected at all.)

It seems to only happen with signed exes. Not sure why though.

Why is Comodo blocking/‘protecting’ files it wasn’t told to? How do I disable this behavior?

Note: I’m still using v5. I would rather not switch to v6 unless it’s the only way to stop this.

2

I don’t understand what that means ‘protected files / folders’ on.

3

I am referring to Defense+ settings (‘Monitoring Settings’) where you can specify what objects Def+ should intercept and protect.

This screenshot should help:

http://s12.postimg.org/rjny75cvf/Defense_Settings.jpg

4

You forgot to attach the screenshot… :wink:

5

I didn’t think of attaching it. Instead I just uploaded it to postimg.org and included a tag to display it here. I assumed everyone could see it but here’s the image (attached) if it’s needed.

[attachment deleted by admin]

6

There’s a default file-group in protected files / folders called ‘executables’. Any file-type in that file-group anywhere in the system will incur the wrath of CIS unless an explicit allow rule is made for specific access by application; or allow the ‘all applications’ group-rule to access that specfic executable.

7

I appreciate the suggestion but that group is not in the current protected file/folder list. I deliberately removed it when I enabled the protection in the first place. (See “Current protected files and folders rules.jpg”)

I’ve also included an example of the problem. (See “Protecting an unprotected file.jpg”) As far as the rules in the previous screenshot go, this file should NOT be protected. So why then do I get an alert?

[attachment deleted by admin]