Defense+ keeps asking the same questions over and over


I did a clean install of CIS and expected to have a bit of work ahead of me.

I was surprised that D+ would ask about an application, I would assign it “Trusted” status and two seconds later I got the same popup again for the same application. This has happened a number of times. I have also noted it in the past while using V3 in the beginning.

The other thing is in regard to Trusted Vendors. I a vendor is assigned “Trusted” status, why do I continue to get popups relating to their products. Microsoft, for example, is assigned the status of TV by Comodo out of the box. Yet when I started “Word” and “Excel” I got popups either from the firewall or D+.

I know others have had similar experiences but I never understood why this happens. Is it a bug or a feature? :THNK


Concerning Vendors:
can not check right now for word or exel, but Microsoft often does not sign it’s exe files.
CIS assumes the file came from trusted vendor only if it has digital signature.

Thanks for your reply. My copy of Excel is signed. See attached digital signature.


[attachment deleted by admin]

Let me explain…

The difference between Clean PC and Safe mode of Defense+ is that in Safe mode only applications digitally signed by trusted vendors are considered to be safe but in Clean PC mode only applications already installed on your PC are.

So, when you install a new application on your PC with Defense+ in Clean PC mode it’s not considered to be safe regardless of that, is it signed or not. Thus you obtain a notification about it’s activity.

Hi and thanks for your clarification.

Let me see if I get this. Are you saying that in Clean PC mode I will get an alert EVEN if I have declared the APPLICATION or the VENDOR as TRUSTED? Because that is what I am getting at times.


Yes, in Clean PC mode you will obtain alerts even if the application is signed by trusted vendor until the allowing rule is created.
Note that Trusted Application predefined Defense+ policy contains Ask setting for Run an executable action. So you will get alerts about this actions even for the applications treated as Trusted.

Thanks very much. I didn’t know that. Actually it doesn’t make much sense for Defense+ to be programmed that way. It is not logical. If something is “trusted” it should be trusted. Period. Just my opinion.