I’m considering Comodo Firewall+HIPS v11.
Where does File lookup service (FLS) database store on a local machine (which files)?
How to add new file signatures with their status (trusted/malicious) and new vendors to the database? Is it something similar a typical antivirus app signarure database update?
You can find the files and their rating in File List.
FLS will add the file and the verdict to the File List. It is different from an AV signature because AV signatures contain more information than just a hash. You can edit the verdict of the files in Files List.
Thanks for your responce. My questions, however, lie in a bit different plane.
Which files on local machine constitute FLS database, where they located?
How to update FLS database to feed all signatures known at the moment and then work offline for some time (months)?
I don’t know from the top of my head.
How to update FLS database to feed all signatures known at the moment and then work offline for some time (months)?You can't download the full FLS database. It is a cloud look up service only. CIS will do lookups when it meets a file it hasn't yet seen.
What is your plan with working offline for longer period of time? If the system stays the same; you are not updating programs or installing new programs that are not from a Trusted Software Vendor you can run Rating Scan and have your system vetted.
On a machine with no network/internet access I installed CIS with offline installer provided here. After quick scan CIS has known a lot of trusted files (e.g. system files in C:\Windows). So, CIS’s FLS database is available locally. Where does the database locate (which files)?
For some reasons I don’t grant internet access to CIS, so CIS cannot access its cloud data. But I want to inject into CIS a more bigger FLS database, populated somewhere else (on another machine).
That’s my task. Does it feasable easily?
If on the other machine you have CIS installed you can export the file list then use import. You can add trusted vendors to the list but you can only add them for applications already on the machine.
File list Export/Import: Comodo Help
Vendor list: Comodo Help
Good! Thanks a lot!