image execution control level.

:THNK (:NRD) Hello, I am a wee bit puzzled as to what exactly Image execution control does, and whether i will get more pop ups if its set to agressive mode as opposed to Normal?. Is this linked somehow to the buffer overflow protection, or is it a separate extra layer of protection?. Oh, by the way i just ran a scan on High Heuristics on data base 1005, (wow!, its all happening at Comodo) and got no false positives i have been getting plagued with until last nights update.


Image Execution Control is an integral part of the Defense+ engine. If your Defense+ Security Level is set to 'Train with Safe Mode' or 'Clean PC Mode', then it is responsible for authenticating every executable image that is loaded into the memory.

Comodo Internet Security calculates the hash of an executable at the point it attempts to load into memory. It then compares this hash with the list of known/recognized applications that are on the Comodo safe list. If the hash matches the one on record for the executable, then the application is safe. If no matching hash is found on the safelist, then the executable is ‘unrecognized’ and you will receive an alert.

Many people have been confused by “Image Execution Control” - the help file is worthless unless you are very knowledgable about how computers and programs work.

Experts and programmers probably undertand that “Image” isn’t referring to a graphic image (e.g. JPEG picture), it is referring to an application’s memory image (as initialized in RAM); however, the term “image” WILL confuse people who are not experts.
To eliminate confusion, it seems best to change “image execution” to something that is still accurate but not subject to double meaning and ambiguity. An example alternative name is “Settings for Executables” and the control level would be called “Control level for Executables.”


Since the idea is to be easy to use by all people, this suggestion is a very good one. :-TU

there’s a text near each level to explain what the setting is controlling.
i always used agressive mode cause of prefetch control,
and i added all the folders i can get by used the add button.
i think it slows the FW but Defense+ is the security tool that i use always when others detect nothing after scanning and Defense+ showed me that i was often right not to trust scanner. D+ helped me with undetected files with alerts showing i was facing for sure a malware.
i cant imagine using my machines without the help of D+, it doesnt tell u hey it’s a virus like scanners but the alerts i got are always clear to know what i got to do with files.


I have to add to that experience-wise that with .477 I have had to reboot twice after swithing Execution Control to Aggressive. Nothing worked anymore, Explorer seemed frozen (including CIS)…