Is this a correct way to make the rule?

Comodo Internet Security - CIS Defense+ / Sandbox Help - CIS
1

So I noticed that everytime silverlight updates, comodo adds a new rule for microsoft silverlight. This is because the path for silverlight is

C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\agcp.exe

and the version number changes with each update. In order to add a rule for all possible future versions of silverlight, would

C:\Program Files (x86)\Microsoft Silverlight*\agcp.exe

be correct?

2

I think that should work, yes.

Please tell me if it does, I’ve not really dealt with embedded wildcards in my FAQ here.

Any comments you might have on the FAQ would be appreciated.

Mouse

3

I already applied it, but I have no way of checking. SL doesn’t trigger anything and I’ve never seen * used in the middle of a path, that’s why I’m asking. I want to know if it exempts ANY path which beyond that ends in agcp.exe, or ALL paths inside the silverlight folder.

4

The question you ask is exactly what I am asking, but I’m not sure exactly where you want to put the rule.

This won’t work directly in trusted files as the wildcard is expanded on addition to the list. (See FAQ)

I probably will in D+ rules, so eg for making it an installer updater. But make sure the executable will not be ever be used to run an unrecognised file or in any internet facing way if you go that route.

Re testing, I suppose
0) Create the rule in D+ rules

  1. create a new batch file in a sub-directory, and try running it
  2. try running this file agcp from the different version directories (after removal from trusted files).

I think there is some discussion of this in topics relating to make files, and a similar file used by avast, i you want to look them up. Not sure there are definitive conclusions.

Best wishes

Mouse

5

It appears this should work. See here and read down the trace for confirmation.

The earlier solution in the trace with the same wildcard did not work because the permission required was not understood.

My hesitation is because I know the first asterisk in a path like blah*.* does not quite work as expected. Basically CIS sees the terminal asterisk and includes all subdirectories. Following DOS conventions you would expect this to select the files in the current directory only.

Would still appreciate confirmation however.

Best wishes

Mouse

6

All paths in the silverlight folder that end in agcp.exe. So the asterisk means that there can be anything in between I think, not just one level of folder, maybe many but it must end as specified.