Cuz after I clean installed CIS 7, half of my programs became unrecognized, but previous CIS didn’t seem to mind.
1 . If programs have digital signatures.
2 . If it is programs of suppliers which by default are in the list (suppliers).
That they automatically will be recognized.
If programs don’t conform to these requirements.
In the first cases to point 2.
You should add a programs that in the trust.
If you are sure these programs.
If the program (file) has a digital signature, it is possible to send through GUI online check.
If it is in base, she will be added in the entrusted.
The problem is, while installers may be digitally signed and recognized, files they install aren’t digitally signed… and that happend more often then we’d like, especially with legit programs not from some big company.
So that leads to this problem: while you can install program just fine, but if something is to happen to CIS trusted list down the road, you’ll end up with unrecognized stuff that was fine before, so you’ll either have to add stuff to trusted list manually, or use the installer again…Or submit file(s) to whitelisting thread and wait untill it’s aproobed.
If the isnstaller is signed and trusted, why can’t the files it installs be trusted as well? Globally, not locally, I mean.
If the isnstaller is signed and trusted, why can't the files it installs be trusted as well?Because it isn't checked Comodo and this file isn't present in the[url=http://camas.comodo.com/] CIMA [/url]database. As the publisher of the program probably has no certificate from Comodo The digital signature doesn't guarantee authenticity. The publisher of the program has to submit an application in Comodo, only then can be officially recognized. Or there have to be other agreements. I so believe.
while you can install program just fine, but if something is to happen to CIS trusted list down the road, you'll end up with unrecognized stuff that was fine before, so you'll either have to add stuff to trusted list manually, or use the installer againAbout it I already lifted long ago a subject at a forum. Also: If the cloud when scanning didn't recognize the file, possibly it isn't known. I faced already such problem at reinstallation CIS or system kickback.
Is there a solution? I mean can you think of one?
Personally I could care less about that, those files can stay in unrecognized list forever for all I care, but the problem is files in that list can’t do some things (I know, that’s the point), and if because of those limitations program can’t work prperly, or give error(s), what would avarege…and maybe not avarage user do? (S)he will most likely send that program to trusted list just so that it can work properly. And that kinda defeats the purpose of an autosandbox, I think.
I understand about what you speak.
Or to trust itself and to reinstall with trust ( To watch notifications and to make the decision).
Certainly for simple users there can be problems.
Or to wait for the analysis from Comodo.
More I can’t explain solutions of problems.…
This is my suggestion for this problem.
I don’t think that it is a problem. ( in this subject )
Tell if it is possible - the programs, which again don’t admit (after the new CIS 7 installation) have the same version and the digital signature?
You after the CIS installation did scanning with a cloud?
If it is the same version files with the same digital signature that CIS were recognized earlier ( Not you personally, namely a cloud CIS ), they after cloudy scanning have to be known.
The installer for those files had a signature, files themselves do not, that is why CIS doesn’t recognize them now.
Well I understood.
The installer (the supplier isn’t present in lists by default).
That I also spoke above.
This file with the digital signature and this version ( or new version ) isn’t present on the CIMA base.
It is just necessary to send for check (It is better through a forum for the analysis).
Well yeah, this is what this type of situation boils down to. You either manually add stuff to trusted list, re-run the original installer or send stuff to comodo and wait.
After a clean install of cis I always run a rating scan that usually finds most if the unrecognized files on your computer from there you can add them to the trusted files list.
When I did a clean install of CIS ver7 from CIS ver6.5 I imported my saved configuration(prior the clean install). From there whatever that CIS finds or flags as unrecognized I forward to Comodo for verification. Files with verdict as “clean” I place in the trusted list. I also check the flagged files on a separate partition with another firewall/hips program so I can decide for myself what to set in the meantime the sent files to Comodo still does not have a verdict. Using th ratings scan is a great help on this. I do not re-install or run the original installer just because “unrecognized” flag. If I run the original installer or re-install the program and they are also classified/flagged as “unrecognized” then I’d still have to send it to Comodo or any security app that can check it (I use Emsisoft’s OA Premium on the other partition).
Re: Combine functionality of HIPS rulesets and autosandbox \ Unrecognized files
Reply #7 by Chiron
- Go to D+ logs and discover that cis is blocking game.exe from using svchost.exe.
- You go to unrecognized files list, locate game.exe and press edit rules.
- You’re presented with a window similar to HIPS application rules editing window, where rules are set according to “partially limited” limitation.
- You look for “Protected com interfaces” and switch it to allow, or add svchost.exe as exception, and save the settings.
- CIS now asks you what you would like your new BB level to be saved as (You could choose something like ‘Partially Limited for svchost’)
- After this the game that runs as ‘partially unlimited for svchost’, but svchost.exe works fine.
- From this point on there is also an added BB level, called ‘Partially Limited for svchost’, which can be selected for the BB.
This is a good suggestion. I too gave some trouble with some games trying to connect to home previously and I do block that via D+. I am inclined to try it out this week.