Wishlist sticky locked - hope this is the right place to post a suggestion - if not please move.
Just had an idea, this is from another post of mine.
I’ve found Whitelisted and Trusted files have absolute rights to do everything - defense+ rules set for these CRC checked files are ignored/over-ridden unless you go into paranoid mode. You can also disable cloud lookup so unknown files are forced to use defense+ rather than immediately get Trusted status from the cloud.
If you disable the automatic sandbox, you can use Defense+ rules for unknown files under the safe policy and below (rather than them being listed in Unreognized files) but Whitelisted and Trusted files still have absolute rights to the system and over-ride defense+ rules.
It would be brilliant to have a separate tab under computer security that contains a Defense+ policy for trusted/whitelisted files, so you can specify a rule for example that all files notify you when certain events occur (like protected startup keys). You end up with the current Defense+ policy tab for unknown files, and a Defense+ tab for whitelisted files that starts out blank.
Power users can then add rules that notify them when say, the trusted Adobe or QTime installers/programs attempt to add junk to the startup locations and decide for themselves to allow or not. This would also allow an exclude rule for the Avast file “Sf.bin” coded emulation issue to be easily added for the whitelisted AvastSvc.exe file, and would avoid a constant cloud lookup.
Doesn’t anyone think that being able to control trusted programs via a separate Defense+ policy tab (default blank/no entries) is a good idea?
You can then stop so much junk getting installed on your system and in the startup registry entries, even if the program is trusted. Many trusted programs need an element of control as they take advantage by installing junk sometimes.
Plus it solves incompatibility problems with certain trusted programs, like the Avast issue which popped up recently, by allowing the user to give a trusted program extra or special rights and rules which bypass the current system.
That is the best idea, since it’s almost impossible to stop CIS from re-adding trusted files without using paranoid mode.
I strongly support this. Or any other method suggested in the wish-list.
Sorry for resurrecting this but it’s the best search result I found. This needs to be adressed as it’s not very clear to users that the security policy rules are COMPLETELY INEFFECTIVE for anything on the trusted list (except for paranoid mode)
Yes, for Trusted files Defense+ Rules are ignored. And what do you mean under Whitelisted ?
Creating two places for Defense+ Rules? I don’t think that it is a best choice. Better we must control the placement of the file to TFL. And also Comodo must check the correspondence of the file in Firewall Rules and Defense+ Rules by the hash not by the path as it is made now. See here.