Now I’ll say first have only recently discovered your free internet security suite, having moved to Win7 x64, for which Endpoint Protection still has a couple of compatibility issues. In most regards have been pleasantly surprised, but there are a couple possible deal-breakers that I’d like to get sorted out.
One is the ability (or seeming lack of ability) to exclude a particular drive or partition, from the AV scanner. In the case of my wife’ notebook, Comodo Internet Security keeps flagging Acer-branded apps and even core files and app uninstallers over on the alternate OS (Vista). Now the easiest sollution should be to first white-list the files, then excluded the partition from AV - first part worked OK, but when I go into "Scanner Settings > Exclusions and try to add the entire drive… nothing!! Is one SERIOUSLY expected to excluded each and every folder??
The other possible deal-breaker is in regards to make Internet Security even usable in Win7 is to completely disable the Defence & Security features, as it kept asking permission for each and every Windows core processes to run… and this was on a fresh install of Win7! How quickly would this feature confuse the daylights out of the more novice user??
There was a bug in which excluded files were still being scanned. That is solved with the latest version. When coming from v3.8 please uninstall and don’t import a previous configuration in 3.10. The latter is because of changes under the hood that came with 3.9 that changed storage of rules after changing/adding rules faster.
CIS tended to be chatty under Win 7 with regards to rundll32.exe. That has changed considerably with v 3.10.
I’m running Internet Security 3.10 on 2 notebooks running Win7 x64 (previous Comodo builds stripped before upgrade), and still unable to exclude an entire drive. System “Defence and Security” is still very chatty, and not just in relation to rundll32.exe. The one Windows component which is forever churning “warnings” is svchost.exe Comodo even TELLS me it is a Microsoft Windows component, but still flags it.
What part of CIS is warning about svchost? The Firewall or D+? Can you show screenshots of the logs of both Firewall and D+? Can you also show a screenshot of the Global Rules of Firewall?
How is your svchost set in Firewall and D+? What CIS configuration are you using? Are there more files that keep coming back with alerts?
The catch with svchost.exe, rundll32.exe and services.exe is that they can be called by any other program. That’s why they get flagged more often.
For the most part, it isn’t the Firewall flagging svchost, but the “defence and security” protection. With the Firewall, one only has to whitelist as a “trust app” and will leave me alone. Sytem protection however, never seems to learn no matter how many times you tell it a particular process is safe. My only “wish list” for the firewall would be the abilty to block MULTIPLE processes through a single policy (so far Endpoint Protection is the ONLY bundled firewall I have seen which has this capability), as it just makes life so much easier.
I’ll run an update/upgrade, and every time it still remains over chatty, and that part of the suit just gets shut off again.
Now in my case, this is a non-issue… I’m probably what you would call a “power user” - I’ve been using computers for nearly 25 yrs, so I kinda know when alert-levels should be raised without an application having to tell me. My concern is for the average user who ends up shutting off the system protecion feature because it is too verbose, and ends up paying a high price for doing so. To me, a good security suite should know the difference btwn when Windows is simply acting the way it is s’posed to and when it is not. If it can’t tell the difference it will simpy frustrate and confuse the average end-user