Files being added to Computer Security policy automatically...

I did some serious windows updating the other day and when I checked the computer security policy for D+ I noticed at least a dozen windows files were added as a custom policy automatically.

My settings are:
Firewall: safe mode
D+: safe mode
IECS: nomal

I also removed MS from My Trusted Software Vendors, so shouldn’t I have been alerted to the addition of those files or have been asked to apply a setting to them manually?

I did however, give windows update “installation mode” privileges so perhaps that is the reason. Just want to be sure.

Additionally, can some one finally explain what the options under “manage my configuration” and “select” do? (Internet security, proactive security, antivirus, and firewall security). Are they predefined settings? or do they add/subtract settings?


Safe mode will add some files automatically as custom policy mode (white listed and those made by and signed by companies under “My Trusted Software Vendors”) If you don’t like this and want a pop up for everything then go with paranoid mode. this can be annoying however. And if you want the firewall to too popup more often set it to custom policy mode.

As for removing microsoft from My Trusted Software Vendors and getting popups still it may have to do with you setting the thing to “installation mode”, as this will allow files the updater opens to run.

also you might want to check under D+ > advanced > computer security policy as windows updater applications are set to “installer or updater” by default, I recommend you to keep that, but thats a reason why you might not get many popups for windows updates too.

These let you create different “profiles”, most predefined by comodo but you can make your own to. The select part helps you quickly switch settings, were “proactive security” is the “safest” standard setting but also most annoying.

OK thanks, Ill stick with safe mode.
I just wanted to be sure that there was a legit reason for the files being added to the security policy and not some flaw or anything like that.


Safe mode will allow and create rules for files in Comodo’s safe database, no matter if their signer is trusted or not. So if a file is in this database, CIS won’t bother to check its vendor. Only if the file is unknown will CIS look for the vendor’s signature.

Also most vendors (even MS) don’t sign most of their files nowadays, which means that CIS can’t know which vendor those files belong to.

And of course the installation mode can also create rules without user interaction.

That way is much easier and less tiresome and you won’t block essential processes with potentially fatal consequences. And it’s completely safe being a Windows Update.