Edit: if a moderator sees this post, please move it to the defense+ wishlist section. sorry for posting incorrectly, but i can’t delete my own post!
this suggestion is actually for both the firewall and the defense+ components of CIS, but i don’t think i should post in both sections of the forum without moderator approval. basically, this feature, if implemented, would do a hash check on all programs for which rules have already been created. let’s say you have the program XYZ installed, for example, and assume that its main executable file is xyz.exe. when you update the program, xyz.exe changes. my suggestion is that whenever any change occurs to the program, the user will be informed that the program has changed, and should be asked whether the existing rule should be kept. this feature is already implemented in zonealarm pro, which is another firewall with a hips.
i realize comodo already alerts the user if a malicious application tries to modify a legitimate application that has already been added to the rule list. however, i believe adding a hash check would be beneficial in at least 2 ways nonetheless:
-
in case, the filter that prevents the modification of a legitimate application is bypassed by a new exploit, the hash check would still detect that the legitimate application has been modified and alert the user to this fact, allowing him/her to take appropriate actions to contain the threat.
-
a user that wants to answer less popups but still receive the same protection against the modification of allowed applications would only be alerted if the modification has actually been modified.
for these reasons, i believe comodo should implement this hash check. thanks for taking this into consideration 