Win Xp sp3
Avast home 4.8
CFP 3.022.349
Always uses Limited user Account.
Good evening every body
To ensure least amount of pop ups and protection against the malware found on flash drives , i modified the computer security policy in following manner.
1- I created a New group Under My groups in which i included the all content of c:\windows Folder and c:\Program folder( as these folders are modified during Installation/updates only)
2- In computer security policy i added this group to preassigned policy of Trusted applications.
if we remember under trusted application policy there is a first option which is like “Run an executable ASk /block modify”
in this option i assigned it to Allow all apps in c:\windows and C:\program Files folder so that I will not receive pop ups when any executable there runs and modifies any protected file groups .This works fine, and I was not receiving any pop ups on my computer.
one day i decided to check whether D+ will generate any warning when i will try to run exe file on flash drive.
I created one file in notepad and renamed it as exe and saved it on usb drive. and tried to run it, no warning or sort of pop up that a attempt to run an unknown exe is being attempted.
It run smoothly.
upon checking it was found cmd.exe present in safe list loaded it and executed it from usb drive.
in fact when a safe application from a safe location is trying to load an exe. from a location not marked as safe it should have generated one warning.
Now my question to forum member is how to obtain max protection against Usb drive based executable
and no pop ups for any apps located in windows folder and program folder,
(the content of these locations are treated as safe as they can not be modified under limited user account except account with admin and and services running with system Priveleage, which are treated as safe)
i have not included C:\Documents and settings under safe list
You di not need to create a new group nor did you have to do what you did. D+ pop ups are normal till all your apps are learned. First of all download and install the latest version of Comodo. Secondly to miniumize pop ups use D+ in training mode. Which mode do you have D+ in now. Read here.
Paranoid Mode: This is the highest security level setting and means that Defense+ will monitor and control all executable files apart from those that you have deemed safe. The firewall will not attempt to learn the behavior of any applications - even those applications on the Comodo safe list. and will only use your configuration settings to filter critical system activity. Similarly, the firewall will not automatically create ‘Allow’ rules for any executables - although you still have the option to treat an application as ‘Trusted’ at the Defense+ alert. Choosing this option will generate the most amount of Defense+ alerts and is recommended for advanced users that require complete awareness of activity on their system.
Safe Mode: While monitoring critical system activity, the firewall will automatically learn the activity of executables and applications certified as ‘Safe’ by Comodo. It will also automatically create ‘Allow’ rules these activities. For non-certified, unknown, applications, you will receive an alert whenever that application attempts to run. Should you choose, you can add that new application to the safe list by choosing ‘Treat this application as a Trusted Application’ at the alert. This will instruct the firewall not to generate an alert the next time it runs. If your machine is not new or known to be free of malware and other threats as in ‘Clean PC Mode’ then Safe Mode’ is recommended setting for most users - combining the highest levels of security with an easy-to-manage number of Defense+ alerts.
Clean PC Mode: From the time you set the slider to ‘Clean PC Mode’, Defense+ will learn the activities of the applications currently installed on the computer while all new executables introduced to the system are monitored and controlled. This patent-pending mode of operation is the recommended option on a new computer or one that the user knows to be clean of malware and other threats. From this point onwards Defense+ will alert the user whenever a new, unrecognized application is being installed. In this mode, the files in ‘My Pending Files’ are excluded from being considered as clean and are monitored and controlled.
‘Installation Mode: Installer applications and updaters may need to execute other processes in order to run effectively. These are called ‘Child Processes’. In ‘Paranoid’, Safe’ and ‘Clean PC modes’, Defense+ would raise an alert every time these child processes attempted to execute because they have no access rights. Whilst in one of these 3 modes, Comodo Firewall Pro will make it easy to install new applications that you trust by offering you the opportunity to temporarily engage ‘Installation Mode’ - which will temporarily bestow these child processes with the same access rights as the parent process - so allowing the installation to proceed without the usual alerts.
If you are installing a new, unknown application. Defense+ will alert you with a pop-up notification and, as you want to allow this application to continue installing, you should select ‘Treat this application as an Installer or Updater’ at the Defense+ alert. You will subsequently see the following:
Defense+ doesn’t show any alerts for invalid programs.
I created a blank text file and named it invalid .exe. Then I used cmd.exe to launch it. There’s no alert from Defense+. Howver, it’s not needed, as the .exe can’t execute.
There is more to a file than the filename. There is also a file identifier byte inthe files header that indicates what type of file it is (PE etc.). Simply renaming a TXT file to EXE isn’t sufficient to fool CFP. It might fool others, but not CFP.
First at all i would like to thanks every one for their replies and clarifying many doubts.
-In fact as posted by ragwing i was receiving a hanged windows with following message its not a valid win32 application thanks for this clarification.
I have kept D+ in training mode. still i was receiving pop ups when any executable(valid) was trying to modify the protected resources ( as defined in my protected groups). therefore i created these groups where any executable from ( windows* OR Program files*) can run and and in turn call others and modify any any exe. ( including protected resources) inside these folders without generating any pop ups.
My personal opinion is training mode takes too much time to learn and it never completes.
Thanks every body once again for many clarification next time i will try to run a valid executable