I struggle with comodo’s Defence+ polices.
I want to block launching only web browsers (iexplore and firefox) by processes (belonging to my “Safe Appllication” predefined policy, which by default allows launching external processes), but still allows launching other processes.
I try to implement this, because many applications launches web browsers and pass some private data in address bar (host id, PIDs, software keys, etc.), so I want to only block launching web browser applications.
The application in question is After Effects CS3, but I want do find more general approach applicable to all applications.
I try to define custom policy for this application, but when I change “Run as executable” in Access Right to “Ask” then neverthless this application is still capable to launch external processes like iexplore.exe. Even if under “Modify…” button I remove All Applications in “Allowed Applications” tab.
After this fail, finaly I remove afterfx.exe at all from Computer Security Policy. And I discover that launching IExplorer is done by “modifying the user interface of CSRSS.EXE”. If I block this then next Comodo warning appears and it seems that this time - after denied modifying UI of CSRSS.EXE - After Effects try to “execute IEXPLORE.EXE” in a most common way.
So, as described above there are at least 2 ways to execute internet browser application by other applications and question is:
how to define global policy to ask for launching internet browsers by any other applications not only afterfx.exe, but still allows to execute by selected applications (like bar lanunchers, desktop icon, quick launch bar, menu start, etc.) keeping in mind mentioned both executing methods?
edit: some mistakes in english words