Component Monitor: Learn Mode

Just a quick question about component monitor :). If this module is set to “learn mode”, does it only allow legit dll’s (if that is possible) and deny rogue ones or will it allow all? (i.e no check is made).



I’m pretty sure that when any of the modules are in “Learn” mode, CPF will prompt you for an action so that it can learn what to do. If you turn “Learn” mode off, it will base further decisions on what it has already learnt.

I’m not 100% certain on this, so if anyone else has more concrete info, please add it it here, or confirm my suspicions.

Ewen :slight_smile:

It will ask for suspicious ones like the ones loaded by registry injection or global hooks. But it will not ask for any others.


I have a couple questions regarding the Component Monitor also. What is the preferred state that it should be in, i.e. “On”, “Off” or “Learn”?

I can understand having it in “Learn” mode for a while after installing the firewall but does there come a time when you should switch to another mode. Or is it best to leave it in “Learn” mode all the time?


The general consensus of opinion is to leave it in Learn mode. Mine’s been there for over 6 months and I can’t see a need to change it.

ewen :slight_smile:

Works for me. Thanks


Does CPF contain an internal list of suspicious dll’s or just monitor parts of the registry and area’s that can be hooked into the system? Would turning this option on offer better protection than learning mode?