OS: Windows XP SP3 32 latest patches.
CF 4.0.141842.828 Proactive config defaults
Disabling “Automatically trust files from trusted installers” (Defense+ Tasks > Sandbox >Sandbox Settings) doesn’t appear to prevent D+ from automatically adding new entries (unrecognized files resulting the installation of some installer often signed by trusted vendor) to “My Own safe files”.
The latter action appear totally unrelated to the state of “Automatically trust files from trusted installers” (enabled vs disabled).
Implicit mention to such option (‘this setting’ link) is available in “Comodo Internet Security - Understanding Alert” whereas Elevation alerts are described.
5. Run with elevated Privileges Alerts usually occur on running an Installer or an application that requires administrative privileges. If you trust the publisher, you can allow the request. Based on your response, CIS will trust the Installer, treat all the files from this installer as safe files and no alerts will be generated in future on executing the files. However, you can change [u]this setting[/u] under Defense+ Tasks > Sandbox > Sandbox Settings.
It is unclear what disabling “Automatically trust files from trusted installers” actually achieve (whereas it is enabled in all configuration defaults)
The following available testcases pertain installers that generate unrecognized files (thus won’t be trusted if not added to “My safe files”) but are not seemingly affected by changing “Automatically trust files from trusted installers” ( this setting)
-
Notepad++ unsigned installer generate an elevation alert (thus unrecognized installer) but do not add the installed files to “My own safe files” and thus the corresponding applications won’t be trusted.
“Automatically trust files from trusted installers” state (enabled vs disabled) won’t affect this in any way. -
Entries to “My own safe files” will BE added for Latest Opera msi installer which is an application digitally signed by a Trusted vendor (Opera Software ASA) but in such case no elevation alert will be displayed for the installer.
“Automatically trust files from trusted installers” state (enabled vs disabled) won’t affect this in any way. -
Removing “Opera Software ASA” from trusted vendors will have the installer trigger an elevation alert whereas entries will BE nevertheless added to “My own safe files” whenever “Always trust the Publisher of this file” is left unchecked.
“Automatically trust files from trusted installers” state (enabled vs disabled) won’t affect this in any way. -
IDrive Online Backup Classic Version 3.3.3 is a digitally signed installer whose vendor (Pro Softnet Corp) is not featured in " My Trusted vendor". Entries to "My own safe files will NOT BE added for this installer whereas “Always trust the Publisher of this file” is left unchecked on elevation alert
“Automatically trust files from trusted installers” state (enabled vs disabled) won’t affect this in any way. -
Adding “Pro Softnet Corp” to " My Trusted vendor" will not have the installer trigger an elevation alert (will be silently elevated) whereas entries will BE added to “My own safe files”
“Automatically trust files from trusted installers” state (enabled vs disabled) won’t affect this in any way.
NOTES: The above mentioned testases might not apply anymore whereas the insofar unrecognized files (generated by those installers) will be eventually added to Comodo’s own safelist (eg Smartdefrag 1.45 does not apply anymore) and thus cannot be added to “My own safe file” list anymore
Related topic: How does disabling “Automatically trust files from trusted installers” work? (help boards)