Comodo warned me :-
“ConnectGo.exe could not be recognised and is about to modify the protected registry key
HKLM\SOFTWARE\Classes\CLSID{01011200-funny number etc}”.
I unchecked “remember” and selected BLOCK and then Apply.
Many seconds later it said the same sort of thing again.
Comodo had the intelligence to REMEMBER that I had previously unchecked “remember”,
and the courtesy to use that as my default - it remained unchecked.
That is the only good thing I can say about it.
IT REFUSED to recognise that I wanted nothing more from ConnectGo.exe,
IT AGAIN set the default action as ACCEPT,
and I had to drag the mouse away from Apply to select BLOCK before I could click Apply.
This repeated many times with long delays for a total of two minutes.
COMODO really should recognise that BLOCK is my preferred choice for something i want to STOP.
It would be even better if you added the option KILL.
Why the monstrous waste of time after each BLOCK ?
Was ConnectGo.exe lying dormant for a while ?
Or does Comodo need a drastic speed up ?
It would REALLY HELP USERS if the Comodo warning could be selected and copied and pasted into notepad.
Instead all I can remember is “…{01011200-funny number etc}”
Above are mere irritations I encountered as I explored what default ACTIONS would be presented when I left the “Remember” box at its new default.
Far worse follows.
I then checked the “Remember” box and selected BLOCK and clicked Apply.
After many seconds delay the same warning again, with the “Remember” box checked,
BUT the default action was once more ACCEPT ! !
I again had to drag the mouse away from Apply to select BLOCK before I could click Apply.
This sad sequence repeated several more times.
When I tell Comodo to BLOCK with “Remember” checked,
why does it not remember ?
Why does it think I might change my mind ?
Why can it not even assume my previous BLOCK is a better default than ACCEPT ?
The GUI is most UN-friendly to users.
Once the user has stipulated Remember and BLOCk before clicking Apply,
when the same warning is repeated whilst the mouse is still over Apply,
it is far too easy to see that “Remember” is retained as the default,
and to assume that block is also retained as default.
Comodo makes it easy for a virus to enter by default ACCEPT.
especially if the virus causes user overload with a barrage of attacks.
IT WOULD NOT GO AWAY.
After many seconds delay it repeated and repeated and repeated and repeated and repeated and …
I gave up telling Comodo.
I launched Windows Task Manger and selected the process ConnectGo.exe and selected “End Process Tree”.
Nothing has ever resisted that action before. ConnectGo.exe process did not flinch.
It stayed there - presumably because Comodo had frozen it pending my decision.
Then I told the pending Comodo warning to Block and Apply,
after which ConnectGo.exe remained until a further “End Process Tree” closed ConnectGo.exe.
It is unfortunate that Comodo prevents Task manager from killing an unwanted process.
If a multi-faceted virus makes several semi-simultaneous and different attacks,
Comodo may react to one attack and give due warning,
An independent Anti-Virus (I use ESET NOD32) could have a different reason for deciding to quarantine the virus,
BUT could it be thwarted if Comodo has frozen it pending my decision,
AND once Comodo is given a decision and unfreezes it, will the Anti-Virus make a further attempt at quarantine,
or might it assume the virus has been dealt with ?
If anyone wants to try the above ConnectGo.exe is available as an AutoPlay CD from my ISP, TalkTalk.
ConnectGo.exe simply installs drivers and diagnostics for various routers and modems for use on their broadband service.
If Comodo makes such a hash of dealing with an innocent installation,
how effective is it with a genuine malevolent virus ?
Above are my serious concerns about Comodo.
NOW FOR THE BIG G.U.I. PROBLEM - SOMETHING THAT COMODO CAN AND SHOULD CORRECT.
After closing down ConnectGo.exe, I opened Comodo to see what it had “remembered”.
I found that it had stipulated ASK as the default action for absolutely every Access name from “Run an executable” to “Keyboard”.
It especially stipulated ASK for “Protected Registry Keys”.
I clicked “Modify…” then “Blocked Registry Keys” and found
HKLM\SOFTWARE\Classes\CLSID\{01011200-5e80-11d8-9e86-0007e96c65ae}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\CLSID\{01011200-5e80-11d8-9e86-0007e96c65ae}\Programmable
HKLM\SOFTWARE\Classes\CLSID\{01011200-5e80-11d8-9e86-0007e96c65ae}\ProgID
HKLM\SOFTWARE\Classes\CLSID\{01011200-5e80-11d8-9e86-0007e96c65ae}\VersionIndependentProgID
Why did Comodo “Block” …\VersionIndependentProgID twice over ?
Can it not Block after just ONE decision that a particular key must be blocked ?
I did not take note of how many times I Blocked with Remember selected,
but it could well have been four times,
and I suspect that had I persisted a thousand times there would have been a sequence of 1000 instances, i.e. 333 occurrences of each of 3 keys.
Regards
Alan