Environment: Win XP Pro SP3, no other security software running
Comodo stresses the importance of default-deny in advertising.
But Defense+ selects the response given by the user to the last alert when the present alert expires/times out. This is the same as defaulting to the user clicking on OK. Really bad if the user is not at his/her PC when malware attacks. >:(
I experienced cases where I had selected Allow and Remember for the previous alert, and then the next alert expired because I did not respond in time, which resulted in Allow and Remember again!
I also experienced cases where the alert did not display. I waited until the time-out, only to find that Defense+ had Allowed and Remembered the dangerous behavior I was testing! Non-displayed alerts is a separate, independent bug that I am trying to reproduce. However, it increases the importance of default-deny behavior for Defense+.
I tested V3.9.95478.509 X32 Proactive Configuration and D+ Safe mode.
Defense+ Tasks > Advanced > Defense+ Settings > Keep an alert on screen for maximum (n) seconds > set to 6 seconds
After the 3 sec timeout actions get denied by default regadless one of the previous alert of the same app was allowed or allowed and remembered.
I found it is necessary to test with an executable that is not on Comodo’s Safe List (since I use Clean PC Mode). I added the executable to My Pending Files so that CIS considers it unsafe.
When I double-click on the executable, Defense+ alerts about it not being allowed to run from Explorer, and I click Allow without Remember. I close the application and double-click on it again. It runs without a Defense+ alert.
What I learned is that Defense+ remembers allowed executables until logoff, even if Remember was not checked in the alert. I am not sure if this is a bug or not.
Unless someone wants to pursue the unexpected remembering, I am satisfied to mark this thread as resolved, and then start a new thread if I can reproduce the undisplayed alerts bug.