Duplicate entries in Defense+ Security Policy List

Files are listed twice in the security policy list. This was reported with CIS 3.8 and with CIS 3.5and the issue is still present in 3.9.

See the pic below!

It seems to me that there should only be ONE entry per program in the policy list. Comodo files should be defined so that the activity is KNOWN, and a new entry in the policy list (and a D+ alert) is not necessary. And if a user is presented with a D+ alert because the behavior of a program is different from the behavior he/she assigned to the group, then the D+ alert should allow you to either 1) re-define the behavior of only that one program, remove it from the group, and defined it separately, or 2) Re-define the behavior of the entire group to match what you have set for the individual program. Having 2 different policy entries for the same program seems illogical. Is it a bug?

  • CIS 3.9.76924.507 (firewall=custom policy, Defense+=safe mode, antivirus=on access, and all other security options activated)
  • Windows XP SP3 (32-bit) - admin account
  • Avira Antivir (On demand); Superantispyware Pro (realtime)
  • No crash, no BSOD, no symptoms

Note: this was a clean install of CIS 3.9 (not installed via updater).

[attachment deleted by admin]

This is what it is supposed to do. If something in a group has do do something not set to allowed in the group a separate entry has to be added to store the extra rule. run an executable is set to ask in the Comodo group so if one of the applications needs to run another exe it is added as a separate item below.

I did a Clean installation to, and i also have Duplicate entries…

CIS 3.9.76924.507 (firewall=custom policy, Defense+=safe mode, antivirus=stateful, Configuration=Proactive, and all other security options activated)
Windows XP SP3 (32-bit) - admin account
Superantispyware Pro (realtime)
No crash, no BSOD, no symptoms

[attachment deleted by admin]

okay…this is why I suggested to address the issue like this:

And if a user is presented with a D+ alert because the behavior of a program is different from the behavior he/she assigned to the group, then the D+ alert should allow you to either 1) re-define the behavior of only that one program, remove it from the group, and defined it separately, or 2) Re-define the behavior of the entire group to match what you have set for the individual program. Having 2 different policy entries for the same program seems illogical.

Hi Whoop what up?

“Having 2 different policy entries for the same program seems illogical.”

I guess that depends on the logic.

Dangerous to make sweeping changes to a group policy from a pop up for one.

If you removed an entry from it’s group to establish separate rues then all the groups rules would also have to be rewritten somewhere for that item. Then in short order you really would have a nasty mess of rules in double. triple, quadruple … entries.

Troubleshooting would be a breeze not.

Later

Hey Bad Frog,
I am certainly no expert in this area…so perhaps the logic I am applying lacks technical foundation.
Bottom line to me is this…if it works well and it is not confusing, then it’s okay by me.
I wonder what the developers have to say about this? Is this whole issue a moot point?
Is whoop making much dee-doo about nothing?

Well Whoop,

I totally understand that coming at it from a certain perspective, it seems illogical (confuzzling).

But it makes logical sense to me, and apparently tcarrbrion at the very least.
Also considering the lack of response and the fact that this has persisted over so many builds.
I have to consider it makes sense to the devs too.

So maybe a bit of “dee-doo”, I don’t feel I have the personal right to make that call. :wink:

Later

I also have duplicate entries problem.

About duplicate registry key/folder entries problem (~CIS 3.7)

examples (PeerGuardian)

%windir%\system32\services.exe

Allowed registry keys
HKLM\SYSTEM\ControlSet???\Services\pgfilter
HKLM\SYSTEM\ControlSet???\Services\pgfilter*

HKLM\SYSTEM\ControlSet???\Services\pgfilter*
not contain
HKLM\SYSTEM\ControlSet???\Services\pgfilter

examples (Gameguard)
HKLM\SYSTEM\ControlSet???\Services\dump_wmimmc
HKLM\SYSTEM\ControlSet???\Services\dump_wmimmc*

Protected files/folders (duplicate entries)
C:\AAA\updatefolder
C:\AAA\updatefolder*

C:\AAA\updatefolder*
not contain folder self.

Sorry for my bad english.