I’musing Comodo version 3 and it seems that I am spending my whole time clicking on the firewall program control popups. When I install a new program I expect to have to say to allow or block but it seems that I have to click “trusted app” many times on the install and then after the program is installed I still get the popups on some programs.
Also sometime when I run a program that I already allowed the program I still get the installation mode request when running the program.
Is there a easy way to brouse my programs and set them to allow so that I don’t have to waste my time clicking these popups ???
First of all, When installing something, And you get the Alert to run the installer Make sure you “Treat this application as Installer/Updater” That way CFP 3 asks you to switch to installation mode (You allow it off course!), and you will get no pop ups during installation. Eventually it will ask you to switch back to previous mode after installing the app and you click Yes.
Go to the following to edit your policies for your programs:
can you please explain the difference between "Network Security Policy"under the firewall menu and “Computer Security Policy” in the Defence menu. My guess is the “Network Security Policy” controls internet access and “Computer Security Policy” covers programs on my computer…lol I actually figured this out while typing it but confirmation would help.
Also, In the “Network Security Policy” it lists all my apps but in the “Computer Security Policy” it lists all the apps and then at the towards the bottom of the list it has “All applications” again what is the difference between the applications listed under “Application Name” and “All Applications”
How do I tell if the item listed is the install files compared to the actual program files?
-Network Security Policy - Controls “Firewall” Alerts for programs (So yes Network).
-Computer Security Policy - Does everything else besides Network. So you’re on track.
lol… There is no difference. Go to the Computer Security Policy Window, click on an app and drag it down to all applications. There is no difference It’s just that’s how it’s sorted when you deal with Alerts, etc. Same with Network Security Policy too.
I think drkelp is saying is when he sets the app to trusted he gets a pop up again about the app that he just set to trusted. i have dealt with this to in that case i just let it revert back to custom as that is what it is doing anyhow. you can confirm this after you click apply and allow again. that is why now after i re did my firewall i left those apps as custom as for ones you are done clicking all its processes it will stay custom and not bug you again. but ones you change it back to trusted it will ask again and revert back anyhow.
This might be a slightly different question but I still think it relates to the original post:
I really like the HIPS/Defence+ concept. There’s a program monitoring everything going on and it alerts me when potentially bad things are about to happen. Theoretically, malware should never be able to gain access to my system with this approach.
However, I think that the technical nature of some of the alerts might discourage users to respond wisely because: a) the alerts are sometimes quite difficult to understand and b) there’s risk of “information overload”, making people reason like “yeah, yeah, whatever, go ahead with what you’re trying to do, as long as I get notepad running”.
For example: if I try to run a semi-trustworthy program, one which I just installed and am not very familiar with but think is safe, I might get an alert from Defence+ asking if I’d like to allow a “WinEvent hook” or “Interprocess Memory Access”, and so on. There’s a description of various kinds of activities in the helpfile, but it only goes so far. How do I really know for a fact that a program needs to access a “protected COM interface” in order for it to function properly? Well, I don’t anyway. My approach is usually allowing the different kinds of requests because I “think it’s kinda’ safe”.
I know you could object to this by saying that I could lower the safety level or amount of alerts. That’s true of course, but at the same time isn’t the whole idea with HIPS to be quite detailed? Personally I don’t have a problem with the second point I made, information overload; I have a good look at every alert and try to make educated guesses. I don’t want to get rid of the alerts or lower my level of safety: I want to learn!
So what I’m asking for is some kind of tutorial (didn’t find one in the FAQs) that explain in more detail the terms used in CFP3’s documentation (starting on page 126). Some are quite straight forward (e.g. process terminators), but others are more enigmatic (e.g. WinEvent hooks, physical memory and so on). I can certainly understand the explanations given in the documentation, but I can’t really decide “in real life” when it’s safe to allow certain activities. So I guess I would like to see examples of when “interprocess memory access” and all the other stuff is legitimate.
I think such a turotial would really help us less tech-savvy folks to make better decisions when alerted by CFP.
Sandboxing into CFP 3 (Due after CIS launch) - Will be useful for people like you!
It’s like visualization, What comes in to the sandbox wont be alerted for, So further reducing Alerts. We also have ThreatCast where people have there views, etc on Alerts (Eg 50 people say yes, 1 say No). Anyway Sandboxing looks very interesting! And hopefully in next 12 months in 2009, Melih (CEO) Believes he cant deliver a “set & forgot product” Without reducing Security!