Default-allow likely when alert expires (V3.9.95478.509 X32)[Resolved]

Environment: Win XP Pro SP3, no other security software running
Comodo stresses the importance of default-deny in advertising.
But Defense+ selects the response given by the user to the last alert when the present alert expires/times out. This is the same as defaulting to the user clicking on OK. Really bad if the user is not at his/her PC when malware attacks. >:(

I experienced cases where I had selected Allow and Remember for the previous alert, and then the next alert expired because I did not respond in time, which resulted in Allow and Remember again!

I also experienced cases where the alert did not display. I waited until the time-out, only to find that Defense+ had Allowed and Remembered the dangerous behavior I was testing! Non-displayed alerts is a separate, independent bug that I am trying to reproduce. However, it increases the importance of default-deny behavior for Defense+.

are you sure I will test this with my CIS
it should be
It does not matter what the alert defaults to if it goes unanswered it is the same as a deny

Windows XP 32bit SP3 latest patch.

I tested V3.9.95478.509 X32 Proactive Configuration and D+ Safe mode.
Defense+ Tasks > Advanced > Defense+ Settings > Keep an alert on screen for maximum (n) seconds > set to 6 seconds

After the 3 sec timeout actions get denied by default regadless one of the previous alert of the same app was allowed or allowed and remembered.

Tested appliaction: AKLT (Anti-Keylogger Tester (AKLT) - put your anti-keylogger protection to the test)

thanks Endymion

that´s what I thought


the only way things would be allowed by default is if they are on the safe list and paranoid mode in D+ should override this.

Here is more info…

I found it is necessary to test with an executable that is not on Comodo’s Safe List (since I use Clean PC Mode). I added the executable to My Pending Files so that CIS considers it unsafe.
When I double-click on the executable, Defense+ alerts about it not being allowed to run from Explorer, and I click Allow without Remember. I close the application and double-click on it again. It runs without a Defense+ alert.

What I learned is that Defense+ remembers allowed executables until logoff, even if Remember was not checked in the alert. I am not sure if this is a bug or not.

I was confused in the first post of this thread because of this unexpected remembering, cases where the alert did not display, and the bug I posted here:

Unless someone wants to pursue the unexpected remembering, I am satisfied to mark this thread as resolved, and then start a new thread if I can reproduce the undisplayed alerts bug.