Press Add, type in whatever you want to add in the field Add new item, then Apply and Yes.
I guess this works only if you switch to “aggressive” control level.
huh ??? where i can find the “add new item”?
ahh, i’ve found it. you forgot to mention browse ;D
:■■■■ thx goodbrazer
gotta check this topic everyday to find the solution :THNK
goodbrazer,
Great observations, thanks. You’re right about DLL’s - you can make Comodo treat them like executables by adding them to the Files To Watch list and setting the Image Execution Control Level to aggressive.
Unfortunately, you’re also right about the amount of alerts this brings in: when I launched wscript.exe to run a simple script (more on that later) I had around 45 (!) of them, and I have no idea how some of them relate to the script. Surely, this level of protection can only be used with some sort of generalization in Computer Security Policy rules, like blocking all applications from executing any dll’s on drive d:, and allowing to execute dll’s on drive c:. Otherwise the number of alerts would drive anyone crazy. 
Speaking of VBS scripts, the same procedure failed to work. I have *.vbs in the Files To Check list, and the same aggressive Execution Control Level. When a vbs script is run, Comodo comes up with a number of alerts - wscript accessing Service Control Manager, running cmd.exe (part of the script), 45 cases of dll execution, but still no mention of the script filename. So it seems, unlike with rundll32.exe, you can’t control what scripts wscript.exe is allowed to execute.
To double-check that, I created a rule for all aplications, blocking the execution of *.vbs. Placed on top of the Computer Security Policy list, it doesn’t prevent wscript.exe from executing D:\test.vbs.
If anyone wants to experiment with the wscript.exe issue, I have a small VBS script (originally posted by pykko here on the forum) attached to this message. It launches your web browser and opens the Google webpage, nothing dangerous.
[attachment deleted by admin]
Yes it is very annoying, i agree.
Thanks, Marat, for testing that approach. At least we know now that it doesn’t work.
Thanks for the script! I was looking for appropriate one.
I would be great to hear from Melih or Egeman if there is a chance that these problems are addressed somehow in the coming versions of CFP.
This is the area where any on-access anti-virus/anti-malware scanner will do a better job.
I think another way is applying a Software Restriction Policy as described on How to make a disallowed-by-default Software Restriction Policy . This can’t be done in XP Home, though.
Hi Guys,
Yep. The behavior of CFP 3 for such “unsafe” applications have been modified sligtly to mitigate the risks with the upcoming update(Tomorrow hopefully) so that without requiring paranoid configurations, the users will be able to cope with these issues.
With the later releases, we will introduce command-line parameters in D+ rules for more flexible configuration options.
Egemen
Thanks Egemen :-TU
Really good news.
Hi.
I had that same question and browsed forums for the answer. And i found it. A good hips is very much capable of blocking any malware attempts of penetrating your system, but it DOES NOT remove malware. For that, you need an antivirus or antispyware. I know I did not fully answered your question, but now it is up to you, if you only want to have malware blocked, or blocked and removed as well. For the latter you need virus-removing tool, which is most common anti-virus program.
Seems complicated but it is not. I do recommend you a good hips (defense+, threatfire, defensewall (paid) ) and a good antivirus product. If you add sandboxing program, combined by a good browser such opera or firefox, you are pretty much defended almost bulletproof. I assume you also use comodo firewall, which is a predisposition of safaty (:HUG)
Tomy