Exclude applicatoin detection

I have Comodo Internet Security Premium version 8.2.0.4508 installed.

As a developer I continually create new applications which - by their nature - are unknown to Comodo.
By ‘create new’ I really mean it is the same application being ‘modified’ but it appears as new to Comodo every time.

As a result Comodo adds it to the ‘File rating >> File List’ as ‘unrecognized’ on every new instance of my application.
Is there a way to set up ‘exclude application detection’ for my application so that my application is not added to the File List?

Have you tried adding the folder in which your programs are compiled & run from as trust to the file list?

I don’t think you can do what you ask for the File List, however you can set up exclusion rules for the Auto-Sandbox/HIPS so they don’t get sandboxed/blocked if that is the end-goal.

That, at least in older versions, simply adds the current files in the folders to the list but if the files are changed or new files gets added then they will be recognized as unknown… However that was when the trusted files list and unknown applications list were separate, don’t know if it’s the same with the new combined list.

Thank you for your responses.

aim4it,
I have tried what you suggested, to add the output directory to the file list. But it did not resolve it. ‘Adding a folder’ just adds all the files (including my application) within that folder to the File Rating >> File list and marks them as Trusted - when I re-compile my application Comodo still sees it as a new application and mark the new file list entry as Unrecognized.

Sanya IV Litvyak
The objective is:

  1. enable Auto-Sandbox
  2. not have a new entry in the File Rating >> File List when my application recompiled (and the exe changes).

HIPS: is turned off

Action taken:

  1. An entry has been made in the Auto-Sandbox List where the application is stored - this doesn’t appear to have any noticeable effect.

  2. Checkbox: 'Do not virtualize access to" is checked and ‘the specified files/folders’ has a folder entry where my app is stored - this doesn’t seem to have any effect either.

When my app is recompiled a fresh entry is made in the File Rating >> File List.

So I still do not have the resolution to this.

I would enable the HIPS and make a HIPS rule for the folder or file.

That still doesn’t deal with the file rating list being populated with unknown entries, does it?

We have already established that HIPS is not the way to go in our case - and Sandbox suits our purpose.
And as Sanya IV Litvyak says it is not addressing the issue.

Does this mean that Comodo cannot give an exclusion for a modified application?!
It makes Comodo unusable for me if this cannot be done.
… so any help is appreciated.

The ‘Installer or updater’ is part of HIPS which I am not using.
I am using the auto-sandbox feature. The sandbox feature is only paying attention to the File Rating >> File List. And from what I can see there is no way I can exclude my application from being picked up by the sandbox as a “new application” when my application is modified (recompiled).

I have already added both the file and the folder (output directory for my application) on the auto-sandbox page, but it is not preventing my application from being added to the File Rating >> File List on recompile.

Since I have tried everything that has been suggested it appears that there is either a fault in Comodo or a feature to ‘exclude application modification detection’ is lacking.
Is there a way to notify the developers at Comodo about this?

No, the issue is this:

  1. I have auto sandbox enabled and HIPs disabled.
  2. An application I’m developing is called abc.exe - I add this to the File Rating File List with status of ‘Trusted’ also I added an entry for abc.exe in the auto-sandbox file list with Action set to ‘ignore’.
  3. I run the abc.exe and it does not run sandboxed - this is what I want to happen.
  4. BUT I recompile my application - so abc.exe now has different timestamp/size.
  5. I run abc.exe - it now runs sandboxed but I want it to run un-sandboxed.
  6. The File Rating File List now shows another entry for abc.exe that has status of ‘untrusted’ - hence it’s running sandboxed again.
    In summary I need a rule that can exclude abc.exe from application modification detection. I think this is rather a basic thing to want to do.

Is the ignore auto-sandbox rule positioned at the top of the list? The higher on the list the higher priority.

The key is that the file and its hash changed. From File list in the online Help:

For the files assigned with ‘Trusted’ status by the user, CIS generates a hash or a digest of the file using a pre-defined algorithm and saves in its database. On access to any file, its digest is created instantly and compared against the list of stored hashes to decide on whether the file has ‘Trusted’ status. By this way, even if the file name is changed later, it will retain its Trusted status as the hash remains same.

You will have to enable the HIPS and make a HIPS rule for the folder or file in question. HIPS rules are path based, not hash based, and will give you what you want. With HIPS in Safe Mode you will have a limited set of HIPS alerts.

airatgab,
Thank you for your perseverance.
And I appreciate your creativity showing it pictorially by a video.
Your suggestion has addressed the main issue I had: Comodo now lets abc.exe run non-sandboxed after I recompile it.
So now the only remaining ‘nuisance’ is that my app is entered into the File Rating | File List as a new ‘unrecognized’ entry on each recompile.

EricJH,
Thank you for drawing the attention to the relevant section of the help manual.
I now know how to exclude my app (or any app) from being run in the auto-sandbox (from airatgab’s video).
I do not wish to use HIPS - the sandbox feature suits my purpose better.

That’s a nice video.

In my suggestion you would enable the HIPS alongside the sandbox. It also shows I’m an old school users of CIS… :wink: