I flagged many “cygwin” (and other ) programs as safe, but now want to change that and get the firewall to force me to decide again about all these programs (updated version not trusted).
I don’t see where I can remove them. I’d like to just remove them from the list, and let Comodo prompt me for each one all over again. I assume they are in a separate database somewhere. I know you don’t want competitors stealing the “trusted” list you supply in the encrypted file, that’s fine. But, user’s decisions of what is allowed or blocked, etc, need to all be in their own database so that the user can change them at will to keep up with whats happening on the computer.
For extensive systems like “cygwin” there are hundreds of system level programs, and you sure don’t want to have to deal with each one as it fires the Comodo popup asking what to do with it. Can I just select the overall directory all this runs from, which is unique, so everything inside it will be trusted?
So far, I’m really liking how Comodo Firewall works. I may even install the anti-virus eventually.
How does it work using cygwin? I know it is used to run Linux code in Windows envirorenment. I guess that those programs get started by cygwin.
If there is a cygwin rule in D+ check what programs you allowed cygwin to start. Double click on the entry to edit it → Access rights → push the button behind Run an executable and remove the allowed applications.
Aha! I see it. Yes, that IS what I was wanting to find, the Computer Security Policy for these files.
Yes, cygwin runs many batch files and programs, hundreds of them. I would like to just consider everything executable in the cygwin directory as safe. Its not going to be practical to make decisions on each one of the little pieces, I don’t have time for that.
Anything cygwin starts is ok. When I get a new cygwin, I’d like to be able to run it in the sandbox if that would work.
So far, the best solution to the cygwin problem is to “automatically add unknown programs to the sandbox”. This seems to work somewhat.
There is however a problem with the sandbox where, even though I have already answered to allow elevated privileges, the Defense+ orange notice comes up expecting me to Allow it, each time I want to run the program. It seems like this should go away for good once I click to allow.
I guess what I need for cygwin is to be able to add cygwin.bat and then the entire process chain, some 50 executables to get to the command line, will be automatically marked with the same privileges as I gave to the cygwin.bat file.
Otherwise, it has to be done manually. 100-150 selections of “allow”. What a waste of time! ;D
Surely there is some way to do this. The first .bat file starts cmd.exe, which then starts bash.bat, bash.exe, etc and then it gets complex.
Any ideas?
Supposing these cygwin files are in one folder you can try adding the folder to the Allowed list of Run an executable. This would something like x:\cygwin files*.
Yes, the files are all located in one folder or in 12 subfolders under that folder. Those may have subfolders too. I assume I can just identify the root directory and have it work for everything under that?
Where would I enter this in…under Defense+ somewhere I suppose?
Boy, I’m still trying to figure out the layout of CIS. I think I’m gaining on it! ;D
You need to add the mentioned wildcard path to the D+ rule of cygwin.
Here is the drill. Go to Defense + → Advanced -->Computer Security Policy → look up and select the cygwin rule → Edit → Access Rights → push the button behind Run an executable → now add the path in the Allowed Applications tab. Then Ok and Apply your way back to the main screen.