How come some some of the programs I launch “bypass” defence+, as in they aren’t added to trusted list and they aren’t added to unknown files list? no alerts, no log entries.
CIS 5.9 x64 standard defense+ settings, safe mode, enchanced protection is checked.
P.S. also, how come rainlendar2.exe is still in unkown files list (status check = unknown) if I added this program to Submit Applications Here To Be Whitelisted - 2012 thread, and they said they processed the request?
Can you give an example of such a file? It’s probably not signed.
Zoom player 8 free in my case Inmatrix.com - Zoom Player Download
I added the program to whitelist thread https://forums.comodo.com/news-announcements-feedback-cis/submit-applications-here-to-be-whitelisted-2012-t80090.60.html (reply # 63) and they said they added it (reply # 68).
Same with rainlendar.
… Now they actually go to unrecognized files (if “trat unrecognized files as” is checked) but shouldn’t they be in whitelist by now? Or do I have to wait for CIS 6 for them to be added?
Can you try the following, open Defense+, Unrecognized files and try to add it there.
If it accepts it to be added, press ‘Lookup’ and post the results of the lookup, let’s see if the cloud know the file.
Here you go, it adds files manually (“treat unrecognized files as” is currently unchecked). When I press Loockup it says “unknown”
p.s. I use Russian version, so screenshot isn’t english.
[attachment deleted by admin]
So their hashes are unknown to the cloud are both unsigned?
Yes, they both seem to be unsigned, but for Zplayer.exe CIS got the company name from somewhere, and it looks like cloud doesn’t know their hashes although they were added… if we are to belive “add to whitelist” thread.
It depends on what they think is ‘add to whitelist’ if that is “Put code sign vendor to TVL” then this won’t work for these files cause their not signed.
Only other solution would be to flag them ‘Safe’ when doing an online lookup but that didn’t seem to make it to the safe files hashes database…
They have seperate form for adding vendors to TVL Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year
In the first post of the “add to whitelist” thread they said “Please submit all applications you would like to see trusted here”, so as I understand when entries there are processed (mine was processed according to reply # 68) so I suppose files from those programs mentioned in the reply will be added to trusted list when encountered. I’m not sure how they compare files in the cloud, possibly by hash, and I recently updated Zoom player to 8.1 so Zplayer.exe may have changed but rainlendar2.exe is the same as when request was made, yet it’s still unknown.
I though I understood how this worked, but I guess I don’t.
I think ‘Safe’ is humanly analyzed by an AV tech, ‘Unknown’ is scanned by automatic checks and found nothing suspicious but not yet analyzed by human.
But there are probably a few million files in backlog also so it’s probably a matter of automatic verification, popularity of programs etc to determine what get’s analyzed and how deep.