Defense+ changes "Preset" security policy to "Custom"

In dealing with a very rare, but very troubling, conflict between CFP and Avira AntiVir Free 8.1, I have defined a special Computer Security Policy “Avira Antivir”. This policy is currently identical to “Trusted Application”, but I chose a special name to allow simple tweaking of the situation if it becomes necessary.

I have assigned this policy to each AntiVir executable file, nine in all (I think). However, Defense+ does not reliably remember these assignments; instead, it occasionally reverts some of them to “Custom”. The three affected executable files have not been modified and still bear dates from several months ago. If they had been altered in an update, I could understand the problem, but this seems not to be the case. Two of the files (preupd.exe and sched.exe) are (or appear to be) associated with the update process and/or the scheduling of system scans; both of these occur on a daily basis. Any ideas about why the policy is changed by Defense+ would be welcome, especially if they tell me how to prevent the changes. The Defense+ log contains nothing about this.

I am using Windows XP Home SP3 on a 1.7 GHz P4 with 512 MB RAM. Note that I have not explained the “troubling conflict”, mainly because I don’t know yet whether the policy change will alleviate it. It has been 3 weeks since the last occurrence and six weeks since the one before that. The policy changes date from about two weeks ago.

This may be a bug however I guess there is a chance that CFP does that way to enable somethig.

Can you post a CFP configuration report about your config befor and after the issue hapened?

It could prove useful to check the differences of the changed policies.

This is actaully normal. You make it trusted but when Windows modify s it it changes to custom. There are other posts about this and a modder who said it.


I suspected that modification of an executable file by Windows (or whomever) would cause the cahcnge from “Avira AntiVir” to “Custom” (see my OP). But such alterations ought also to change the “Modified” date in the file’s Properties display. The changes I mentioned earlier do not do this. The Modified dates are months ago; the changes a day ago or so. Defense+ ought not to change things without reason!


Yes this does happen and it may be a bug. I put certain applications to “trusted” too in Computer Security Policy pre-set and then they are set to custom. I am guessing it’s the type off application (Whether if its an installer, a browser, an email client, etc) that has an effect on things that change to custom when you already pre-set it.


From what i have observed,this happens to executables which have been set to "Trusted" and then perform the action "Run an executable" which is the only one with an ask under trusted application. Have a look at Modify next to the run an exe for the apps set to trusted.
I think it`s to do with the registry entry \HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy(a number)\rules------->being changed.


When I pre-set a certain executable and run it, it pop ups then it changes to custom under most circumstances with me.

I wonder…? :-\


Thanks for pointing this out :-TU

Windows System Application policy could handle these cases.

Policy  [Windows System Application] is defined as

Access Right 0: {      Run an Executable     }	Default Action: Ask
[0]  Allowed:	*

Access Right 1: { Interprocess Memory Access }	Default Action: Allow
Access Right 2: {    Process Terminations    }	Default Action: Allow
Access Right 3: {      Windows Messages      }	Default Action: Allow
Access Right 4: {   Windows/WinEvents Hooks  }	Default Action: Allow
Access Right 5: {   Protected COM Interfaces }	Default Action: Allow
Access Right 6: {      Phyisical Memory      }	Default Action: Allow
Access Right 7: {            Disk            }	Default Action: Allow
Access Right 8: {          Keyboard          }	Default Action: Allow
Access Right 9: {      Computer Monitor      }	Default Action: Allow
Access Right 10: {   Protected Files/Folders  }	Default Action: Allow
Access Right 11: {   Protected Registry Keys  }	Default Action: Allow
Access Right 12: {     DNS Client Services    }	Default Action: Allow
Access Right 13: {Device Drivers Installations}	Default Action: Allow
Access Right 14: {     Loopback Networking    }	Default Action: Allow