how to exclude file from been checked

I have a application which is detected by Comodo as malware. This is true and OK, but I have modified this application and so I would like to use it
So , now when I start Comodo it popups that it found this apllication and there is a option to ignore it once, add it to Trusted files and to exclude it, which is not active. I dont want to add it to trusted files, only to exclude it or to ignore it always.

How to do this?

You want to exclude or ignore always, but not trust? ???

I don’t really see the logic, but OK…

Which module is giving you the alert? If it’s the AV, adding it to Antivirus → Scanner Settings → Exclusions should do it.

If it’s the cloud (from D+), you’ll need to disable the cloud functions in Defense+ → Defense+ Settings → Execution Control Settings.

If the automatic sandbox keeps grabbing it because it’s unknown, you’re going to need to add it to your Trusted Files list.

If it's the cloud (from D+), you'll need to disable the cloud functions in Defense+ -> Defense+ Settings -> Execution Control Settings.
Do I have to disable Execution Control Level or add an Exclusion or both? What for is the Exclusion-Button? What will be excluded there?
If the automatic sandbox keeps grabbing it because it's unknown, you're going to need to add it to your Trusted Files list.
but if a add it to the trusted files it means that this application gains full rights in the system, right? Or is it possible to modify the rights of a [b]trusted file[/b] ?

As I said, which module is giving you the alert?

If it’s the AV, you’ll want to make an AV exclusion. If D+ if giving you a cloud alert, you’ll want to disable the cloud in the Execution Control Settings. (of course, this means the cloud is off for every application, but I’m not aware of a method to exclude a single application from the cloud…)

The exclusions button in the Execution Control Settings is to exclude an application from the buffer overflow protection. Not anything that would help in your situation.

You don’t really have a choice. If it’s untrusted, it’s going to be sandboxed. Of course, it may run just fine in the sandbox.

If I not mistaken, if you set Def+ in paranoid mode, you’ll be able to make your own rules for an application even if it is listed in the trusted files.

You can do this in safe mode as well. But again, if it is not trusted, it will be sandboxed. (Unless of course you give it the Installer or Updater policy, but then you may as well just put it on the trusted list)

As I said, which module is giving you the alert?
it is D+.
If I not mistaken, if you set Def+ in paranoid mode, you'll be able to make your own rules for an application even if it is listed in the trusted files. You can do this in safe mode as well. But again, if it is not trusted, it will be sandboxed. (Unless of course you give it the Installer or Updater policy, but then you may as well just put it on the trusted list)

Sandbox is disabled.
How can I make rules for single application. Is it only one single exe file, which can be copied and pasted without installation. It is called Datemanager and it is a calender with notification funtion. malware alert is becuase of GATOR, I know this. Maybe this hilps you to help me.
I could send it to you if you would like to test how to adjust Comodo.

You can make a custom rule for your application in Computer Security Policy → Defense + Rules. When you made the rule make sure it is somewhere above the All Applications rule; use drag and drop when CIS put it somewhere under the All Applications rule.

if I understand you right in the D+ rules I should create a custom rule for the questioned application (for ex. ABC.exe). While doing this I have 2 opportunities:

  1. to choose “use the custom policy”—>customize and then define what should be allowed/blocked/asked. Because this not trusted application ABC.exe is a tray calendar, which doesnt need Internet or special rights I could actually set everything to be blocked
  2. to choose “use predefined policy”. I think at this point I should at first create a new predefined policy rule (called for ex. Blocked Application) where everything is set to be blocked. Then I choose that ABC.exe use this predefined policy as vlocked application.

Which option do I have to choose to create new D+ rule?

After that I should move this rule over the All Application rule.

To prevent it from accessing the web you can give it the Firewall policy blocked application.

2. to choose "use predefined policy". I think at this point I should at first create a new predefined policy rule (called for ex. Blocked Application) where everything is set to be blocked. Then I choose that ABC.exe use this predefined policy as vlocked application.

Which option do I have to choose to create new D+ rule?

After that I should move this rule over the All Application rule.

The equivalent of Blocked Application in D+ would be Isolated Application.