I have discovered some new interesting bug. While i was changing the HIPS entries at register for Defense+ module rules and rebooting computer I have noticed that the D+ module learned a rule (about Openoffice and its quicklaunch feature). It wouldnāt be anything strange if I havenāt been using Paranoid Mode.
iām sorry, i donāt get the problem.
what did u do exactly? installed some software in installation mode and reboot?
can u be more precise about what u did, point by point?
just to know about some settings in your comodo, i donāt say thereās a link, in fact i never saw defense+ learning something in paranoid mode so i canāt tell. iām in agressive mode too.
see the pic, do u have those settings?
Sorry ailef, Iām greek and unfortunately I miss some things when I read them in English
Iāve now put all the executable files in Image Execution Control too, just because it seems more correct than having only .exe and .bat.
Bottom line is, CFP DOES learn in Paranoid Mode, ONLY on boot-up AND it is normal!
no prob, iām french and there are things i donāt get too in posts.
iāll tell u if i see defense+ learning things at reboot in paranoid mode, as i donāt see that for now.
but if itās normal that comodo runs this way so i will not tell uāre wrong.
itās just i never faced this learning mode on reboot in certain condition, so i canāt tell something on that.
but is it a bug or not?
if not so this topic can be tagged as resolved.
I guess someone from the Comodo stuff can sort it out, but I am positive I have read about this learning behavior on a manual or sth.
The way I see it is this: Suppose u install CFP for the first time, u have over 10-15 programs starting on boot-up and u have set CFP in Paranoid Mode.
When you reboot, there will be total chaos
I have always run CPF3 in Paranoid mode XP and when I do a fresh install I always get startup process learned automatically.(I delete all preset rules in Defence+ except Comodoās)
This did not happen in the first versions of CPF3 which caused some windows process to be blocked if you ticked the box Block all unknown requests if the application is closed.
Dennis
ah ok like when u restart your system after install of comodo,yes it learns system files or u would not be able to login to your OS.
but after install my firewall reboots in safe mode, it learn lot of things but now that iām in max protectin, i saw nothing learned for the moment so i canāt tell which files are learned in paranoid mode.
anyway, thatās ok, i donāt say thatā uāre wrong or something, itās just i never saw that, but thatās not a prob.
i have no more things to say about that.
OK lets say i have installed new OpenOffice and launched quicklaunch every time as a ātray programā. D+ module learned the rule at the first boot with new OO at system. Is it a bug? In my opinion yes. Why? Even if u have checked the ātrust the applications digitally signed byā¦ā option it should only trust to vendors whose certificates are added at āMy trusted Software Vendorsā. And at trusted vendors i had only two comodos and one MS entry. No entries for OO (or whoever makes OO). And being in Paranoid mode where at description of mode we can read that it always asks you for answer, makes user a little surprised when he sees D+ learning. If you want to leave this feature (bad idea in my opinion) than you should at least change description at D+ settings of Paranoid Mode.
When you have fresh Comodo install then itās always at the beginning at Learning mode and itās ok with me (maybe it could be Clean PC but itās a controvertible issue). Iāve once started Comodo GUI before system reboot and set Mode to paranoid. I had a problem with logging in (had to w8 30 seconds from entering password to any reaction of system). Finally i logged in but many programs and services (like antivirus) were not working.
Anyway i think you should change something about this one cause it makes users confused.
EDIT: I also had only .exe and .bat and normal mode at Image execution section. Now i change to aggressive and added all applications.
Yeah its confusing. Maybe its just a gui ābugā.
Although it says tursed vendors, I think it also refers to the safelist as I canāt find any other option to turn off the use of the safelist.
yes i had this prob too when i set directly the firewall to paranoid mode, some things didnt work or just took very long to open, so i use paraniod mode when all my apps activities are logged by defense+
and i had this prob most with vista than xp with the last build 22.349
in this case u close your app and when u restart it, defense+ send alerts so u can get your app workin fine,
apps donāt always launch all their activities each time they run.
but if u set your AV or safe apps to windows system application in the defense+ alerts, in general u got no more probs.
defense+ is nice for unknown apps u start, u can follow what it does point by point and decide to kick it or not.
some unknown file that wants to modify protected keys or create new ones and create files or want to access high privileges, in fact all activities the file shouldnt ask for help the user to understand that heās facing a malware even if itās a new one that is not detected by the AV yet.