Applications whose Vendor is trusted cannot be added to Pending Or Trusted lists even if Trust the applications digitally signed by Trusted Software Vendors is Disabled in D +\Advanced\Defense+ Setting
Test Case:
Digitally signed application with no D+ rules is needed for this test. Trust the applications digitally signed by Trusted Software VendorsDisabled in D +\Advanced\Defense+ Setting
Application Vendor Certificate added to D+\Common Tasks\My Trusted Software Vendors
Add the application to D+\Common Tasks\My Pending Files or D+\Common Tasks\My Own Safe Files
Observed behaviour:
The application will not be added to these lists
Expected behaviour:
Since Trust the applications digitally signed by Trusted Software Vendors is Disabled in D +\Advanced\Defense+ Setting
it should be possible to add the application to these lists.
Hi,
I may be wrong but in my point of view I dont think this is a bug. Because Trusted software vendors is doing whatever the job it’s intended to do. CFP help file says “By default, Defense+ will detect software that is signed by a software vendor and counter-signed by a Trusted Certificate Authority. It will then automatically add that software to the Comodo safe list”. If the Digitaly signed file is in the safe list.obviously, it cannot be added to the Pending/My own safe files.
But the Option “Trust the application digitally signed by Trusted s/w vendors” is given just to suppress the alert that are signed by the corresponding vendor.
So My test case is:
Digitally signed application with no D+ rules is needed for this test.
Trust the applications digitally signed by Trusted Software Vendors Disabled in D +\Advanced\Defense+ Setting
Application Vendor Certificate added to D+\Common Tasks\My Trusted Software Vendors
Expected Result:
CFP should alert for the application.
Actual Result:
CFP alerted for the application.
Similarly, If the option Trust the applications digitally signed by Trusted Software Vendors is enabled,then firewall should allow the request without showing any alerts. But in either case, CFP should say that corresponding digitally signed applications are safe.(As per the CFP help file)
In this case it should be possible to add a digitally signed app whose vendor is trusted to pending list.
Each vendor can release many apps I guess it won’t hurt the user to disable automatic learning for some of these.
Trusted Vendor list cannot be exported. Even if it was possible to export that list if digitally signed apps setting is disabled it shoud be possible to add an app to trusted list.
It is not possible to do so even in D+ paranoid mode.