Comodo safelist

Hi to all!

The manual states:
Note: Defense+ trusts the applications if:

  • The application/file is included in the Trusted Files list.
  • The application is from a vendor included in the Trusted Software Vendors list.
  • The application is included in the extensive and constantly updated Comodo safelist.
    (Source: Comodo Help)

With the first two points (“Trusted Files list” and “Trusted Software Vendors list”) are clear…

But with the third point (“Comodo safelist”) it is clear not all. Can someone explain what this list and in what file it is stored?

Comodo Safelist means Comodo Cloud Safelist i.e in the cloud more than 6 billion apps are analyzed & whitelisted by Comodo.


Hai! :slight_smile:
Would you mind sharing the statistics for that number, thank you? :-TU

Naren, thank You for Your reply!

Then why does the following:

If the lists of “Trusted files” and “Trusted software vendors” will be empty, and I run a file that is signed by a trusted software vendor (vendor included in that list before cleaning), then a Defense+ pop-up alert tells me that this file is safe? This is a “Safe mode” to Defense+.

Cloud testing and analysis files for Defense+ turned off.

After several runs these files appear in the list of “Trusted files”.

As CIS recognizes that the file is safe, because all the lists are empty?

Example files on which the experiments were performed:

Do you have sandboxing turned on?

Sandbox is off.

The Comodo safe list is both local and in the cloud and more than a year ago it had 6 million, not 6 billion, files in it. I don’t know how big it is these days.

The Comodo safe list is not viewable for us. The list is both local, it comes with CIS when it is installed, and it also has a cloud component. The cloud will make the latest safe files available for CIS.


After restarting the computer, work in “safe mode” of Defense+ returned to normal. Apparently, there is a cache of files or information about files.

EricJH, thanks…

I never fully did not understand…

This list is used only during the initial installation of the CIS to scan files that are not contained in the lists of “Trusted Files” and files signed by trusted vendors of programs?

This list is automatically used only if enabled Sandbox?

Automatic file check on this list is only done if the cloud scan of files allowed?


Thanxx for correcting me. I by mistake typed billion instead of million.



The list is always used when running in all D+ modes except Paranoid mode. The list is used regardless of whether the sandbox is enabled or not.

Automatic file check on this list is only done if the cloud scan of files allowed?


The safe list, which cannot be viewed, is both stored locally and in the cloud.

If you would disable the D+ cloud look up in Execution Control Settings you would still use the local list. Only in Paranoid mode the safe list and Trusted Files list are disregarded.

EricJH, “Comodo safelist” - that this list is used to scan unrecognized files if enabled “Automatically scan unrecognized files in the cloud” (in “Execution Control Settings”)?

No. As it says it used to scan unrecognised files; that means they are not on the safe list.