Defense+ doesn't alert enough

Today I did a clean install of my pc and installed Comodo Firewall (not CIS).
During installation, I selected Defense+ with the Maximum protection option.

Whenever I install or run a program, I am not alerted by Defense+

Both firewall and defense+ are running in Safe mode (default). I disabled the option ‘Trust the applications digitally signed by Trusted Software Vendors’. Sandbox security level is enabled.

I even tried running some non-installed tools, that can’t be trusted by comodo.

Comodo 3 used to alert me the first time I ran a program or executable.
Comodo 3 used to alert me whenever I installed a new program.

Am I missing something? How can I be sure CPF and defense+ are working correctly? I don’t like the idea of a trusted vendor list or trusted file list (unless I can define what’s on the list and what not).

Is this normal behaviour with 4?

You have to accept that the program was not written for you personally. There has to be a trusted vendor and software list (and it needs to be much bigger) if CIS is ever to gain widespread acceptance. The overwhelming opinion from users and reviewers is that there are too many alerts for known safe things.

Having said that, you should be getting alerts for anything new being introduced, especially since you have disabled the trusted list. I was under the impression that the sandbox was only enabled when the AV was. Maybe having it enabled when you only have the firewall is causing problems.

I do understand that the Trustes List has it’s use. Only not for me. Being able to disable it, is all I need.

But what worries me is that I don’t seem to get alerts for new installations, or when I first run a program.
And I’m trying to understand if this is by design, or (my) human error.

You should be getting something. It’s not working right somehow.

You stated you have Sandbox enabled.
Do you have “automatically detect installers’ and 'automatically trust files from trusted installers” checked?
(until proven otherwise, I believe Trusted Installers comes from the Trusted Vendors list)

If so, this is why you do not see any popup when you run an installer.

Note - I have tested this disabled, with a driver update from Nvidia.
The installer crashed (with popup) repeatedly, each time a new location further in the install.
I found it easier to run installs with these options checked.

[attachment deleted by admin]


You are absolutely right. As a test, I have completely disabled the sandbox feature. And I got all the alerts I expected. I didn’t notice the two options you mentioned, and they have been causing my ‘problem’.
Thank you very much!

And yes, it might be easier to run the installs with those options enabled, but I was worried my pc wasn’t protected as it should be.