is it somehow possible to tell COMODO to completly ignore a given filetype?
I am a Java Programmer and it really!!! annoys me that COMODO always detects my own .java, .class and .jar files as “unknown and potentially dangerous” files.
This leads to conflicts when running/testing my own code because COMODO partially blocks the programms and/or runs the new generated jar files in the sandbox.
And no, i do NOT want to open COMODO all the time and move the fresh compiled .class and .jar files to the “secure files” list.
Because i have to do this every time i change a single line of code and recompile it.
This really really REALLY sucks!
So how can i disable this behaviour? (my security settings for Defense+ are very restrictive)
Even if this means that i would be “open to attacks” by other java programms (seriously, i don’t care at all about “java malware”).
PS: the described problem relating to .class and .jar files carrys over to other software like Eclipse written in java because parts of those programms (single jars) are often run in the sandbox or even blocked, too…
Please check the box “Use filenames instead of file hashes” when adding files to the ‘trusted files list’.
Doing this will prevent CIS to check it’s hash and alert again and again for your own fresh compiled files.
but that wont help when files have random names, especially temporary files…
isnt there a way to tell COMODO to ignore *.jar and *.class files?
but none the less: where do i find that option?
all i can choose from is “move to secure files” or “move to blocked files”.
this would at least help for my regular classes…
The option is on Defense+, Trusted Files, Browse Files. In the Options group.
eh random files, I’d try the following.
Create a file group on Defense+, Computer Security Policy, Protected Files and Folders, Groups, Add ‘A new Group’.
Give it a name and add the path to the *.jar and an other line for *.class files next Apply the group.
We have now created a group we can use on the Computer Security Policy, switch to the Tab “Defense+ rules”.
Add it there by using Add, File groups and select the group you just created, position it at the top of the rules and give it the predefined policy ‘Installer/Updater’.
Apply these rules and just to be sure give it a reboot.
If that works try to set the group to ‘Trusted application’ permissions and see if that works, if that works it’s more ‘secure’ then setting the ‘Installer/Updater’ as that bypasses all CIS security.
that is exactly what i try to do at the moment but it looks like it doesnt work…
as soon as i recompile my stuff i get arround 592 unknown files again -.-.
What i did:
created a new group as you described it pointing to “E:\Work\Coding*”. Thats where all my code is placed.
After that i added that group to the “TrustedApplications” rule.
sadly i have to add, that it does NOT solve my problems :(.
looks like COMODO still recognizes my files after some time.
i also tried to create a “global” rule like this (i know this is a bad idea but it is just for testing purpose!):
Created new Group:
Coding
*.jar
*.class
*.java
With the Installer/Updater policy. But COMODO still keeps on listing all jar/java/class files in my “unknown filles” list every time i change them or create new ones -.-.
Man it can’t be that hard to tell CIS to simply ignore one folder and all its subfolders/files in it…
Can you try to add the group to the following location, Defense+, Image Execution, Detect shell code injections ‘Exclusions’.
See if that helps, the issue seems bound to image execution so this might help, I’m not 100% sure but we can give it a try.
You have some quite long paths. Try setting up the allow rules for a shorter path and creating the executables on it.
I have noticed CIS does not like long paths in some places.
Also could you check that AV logs do not show anything. If CIS AV was detecting files as suspicious, maybe this would over-ride. Then you could add to AV exclusions.
