I’ve been called, since one application (nested one - one exe calls another) cannot start.
It seemed that Comodo was very slow. Attempt to add rule for those applications freezed it and the computer.
So i opened it and cleaned non-existing files from firefall, defense+ and unknown files lists. There was a lot including some on removable drives paths - mostly temporary installers/updaters.
It went okay and faster, yet now it seems it deleted somethign predefined.
I shutdown Windows and popup came saying SYSTEM tries to write into c:\windows\logs\shutdown…
i do something unrelated and popup came saying SYSTEM tries to write into c:\windows\logs\httpsrv…
I mark “remember my choice” and click yes, but soon this comes again, probably log files are with timestamps in names…
i cannot mark this ‘application’ as trusted or Windows Core - the only option is “installer/updater” which it is not.
Funny thing, checkbox “upload to COMODO” is active and i checked it - wonder what ■■■ uploaded…
but still - it seems liek a bug and very annoying one
Installer/Updater for me seems too powerfull policies to apply to everything without selecting.
In the end, it is always OS that copies/runs all the programs, and marking Windows components Installers might end with any program being installed w/o user prompt.
The System process should be under the Windows System Applications group in D+/Computer Security Policy and this group, by default, has the Windows System Application policy. If, for some reason, System is not under this group, you should still be able to assign the Windows System Application policy, which is the most appropriate policy for this process.
Probably for the best, even though it’s a bit of a pain. Just one thing. it’s really not advisable to keep the system in training mode for more than a few days, at most. Also, please be certain that your PC is clean of all malware, before using this mode.