I hope now RejZoR understands what I wrote 
Thanks for the information egeman. Glad to see the Comodo staff looks at the forums and considers user’s point of view. 
As above comments said, thank you egemen always good to have new infos.
Yes thanks Egemen. I just recently saw that option but not realised it applied to trusted files as well. My apologies.
It would be good however to allow the user to turn detection as well as monitoring on for selected trusted files, or for non-OS trusted files. As this would help people to cope with trsuted malware. (As you point out checking process activities for virus-like behavior is not for the average user).
Presuming that is that the risk of inadvertent process reversal, including inadvertent file deletion, can be managed perhaps by a reversal undo facility. Some way of managing this risk is in any case important in any public release IMO, even if VC is restricted to unknown files initially, due the the possibility of false detections.
But this poses the question of why VC settings are in BB which deals exclusively with unknown files. Logs and quarantine, by contrast, are in AV.
It would be also good to know if BB will be extended to batch (and other interpreted) files in the near future, as the position of its setting in relation to ‘command line’ parsing settings implies that it should apply to such files.
Finally could you clarify whether some sort of one-time alert will be added to CCE (inc Killswitch) before 7 release? With many facilities that are ‘not for the average user’ in KS and CCE it would be good to see CIS display an alert to this effect to prevent people inadvertently damaging their systems. (It could have a ‘don’t show this again tick box).’ I note for example that, if I have understood correctly, choosing whimsically to reverse MS Word would lead to deletion of all Word files created in the process run session.
I will update my summary [done], and apologise for the omission.
Many thanks
Mike
I’m sorry but I haven’t seen this behavior yet? I’ve clicked “Block and terminate” on several unknown files during CIS 7 beta and I haven’t gotten any option to revert the activities of the unknown files? ??? Is it a future addition, a bug or am I misunderstanding?
In Killswitch (4080) there is a Terminate and reverse option. Right click on process.
Nor have I on HIPS or FW alerts in 4080, either for trusted or untrusted files.
I think it must be a future version.
Yes I’m aware of that now I just reacted on the HIPS part since I haven’t gotten any of these revert pop-ups after terminating a process through a HIPS alert.
From what egemen says it sounds like it’s a feature implemented now, but perhaps it’s not implemented in current public beta but implemented in their internal build? Either way the behavior is not present in the current public beta release but I hope it’ll be implemented in the next beta or perhaps RC, I’m interested in trying this feature. ;D
Quite likely - there will be a pipeline with multiple versions.
Let me check this. In a hips alert, if you choose terminate and block, if there is activity to be reversed, you need to see the alert. IF not, it is a bug.
Ok it’s just for recognised files? From the context I though maybe all files (like in KS), or all unknown files, so I did not understand that…
Out for a 1.5- 2hrs now, but SanyaIV may be able to help test on his machine. (See posts above). Best wishes. Mouse
As you see in this video https://www.youtube.com/watch?v=13ZjWzuNTAU it does not prompt me if I want to reverse the actions done by the unknown executable file even after I click “Block and terminate” in the HIPS alert.
the closest thing to VC is Webroot’s rollback feature (journaling the system after the installation > suspicious processes closely monitored > if flagged as malicious and files were changed , rollback executed)
No you can reverse from KS and from HIPS and FW alerts. This is in my view rather risky unless reversals can be undone in some way. You get a confirmation dialog, but its not explicit regarding the risks.
Well the KS reversal was at the time of writing not really known to us here at the forum, and the time of writing the HIPS/FW alert didn’t show reversals for me at least, is this fixed in the latest RC? In fact I’ll check…
Edit: And it’s not fixed… 88)
The KS reversal has been in my notes for a short while - about a week. Sorry should have posted an ‘it’s been updated’ post.
But not the FW/HIPS one. That was just fixed (there was a bug) so I added it yesterday as it worked in the last SG build.
Choose terminate and block. You should get it unless unfixed between 95 1nd 101. I used paranoid I think
Just checked. It was on in 4095, but is off in 4101. For trusted and unknown files with BB off, testing from HIPS and FW (trusted only).
I’m not sure what you mean? In latest RC when I click “Block and terminate” on HIPS alert for an unknown file it doesn’t present me with revert option, also have HIPS set to Paranoid.
The facility appears to have been turned off again in 4101