I just noticed it today inspite of the fact that I am using CFP since long. If you put Defence Plus in learning mode, it never learns the complex parent-child rules. In its lerning mode all rules made by Defence Plus are simple rules.
Example:
I execute abc.exe and this application installs and loadsa specific driver gurad.sys. Now in learning mode defence plus makes a rule that allows abx.exe to install and load ANY driver( not only guard.sys).
Is this the way CFP is expected to work? If it,s like this I am sorry to say that I am really disappointed on this implementation and feel frustrated that it was never obvious and rather obscured by the so called Proactive Security and paranoid Mode.
I wil mark it as a bug( even though it,s not). What is the fun of making a paranoid mode available when learning mode will make simple rules rather than complex parent-child rules?
There are some number reports about this kind of learning… Seems like that is the way they (at least partly) solve problem with numerous Comodo registry entries: smaller number of exceptions (everything is set to allow except Registry modifications and Protected files) means smaller number of reg. entries :-X
Yes, I have noticed this as well. I changed to Training Mode to see what ‘services.exe’ needed to run properly and afterward, when checking, I saw that almost every access right was set to “Allow”. I never use Training Mode anymore because I really don’t like this behavior.
I have been complaining about this for years, seemingly to deaf ears. There is no protection from safe applications with might not be so safe with the wrong macro, add-on, bug etc. I cannot use paranoid mode as I have users with no computer knowledge and I don’t want loads of pop-ups. Looking through my computer security policy just about every application is allowed direct disk access, device driver installation and physical memory. I bet very very few require any of these and these are potentially very dangerous actions. I might be easier this way for some users but we are not given any choice (I do not consider paranoid mode a usable choice).