Learing rules at Paranoid Mode?

Hi i suppose you remember me with my problem

https://forums.comodo.com/empty-t20142.0.html

I have discovered some new interesting bug. While i was changing the HIPS entries at register for Defense+ module rules and rebooting computer I have noticed that the D+ module learned a rule (about Openoffice and its quicklaunch feature). It wouldn’t be anything strange if I haven’t been using Paranoid Mode.

CFP 3.0.22.349 on XP SP2

Always Paranoid - Voxer

mod edit - kail

i’m sorry, i don’t get the problem.
what did u do exactly? installed some software in installation mode and reboot?
can u be more precise about what u did, point by point?

I had also initiated a topic with subject “Learning in Paranoid mode?”.
This is it → https://forums.comodo.com/empty-t20978.0.html

Check last 2 posts

just to know about some settings in your comodo, i don’t say there’s a link, in fact i never saw defense+ learning something in paranoid mode so i can’t tell. i’m in agressive mode too.
see the pic, do u have those settings?

[attachment deleted by admin]

I have only .exe and .bat in there, but I don’t think it really matters, since it is normal for CFP to learn in boot-up even in Paranoid Mode.

Sorry ailef, I’m greek and unfortunately I miss some things when I read them in English
I’ve now put all the executable files in Image Execution Control too, just because it seems more correct than having only .exe and .bat.

Bottom line is, CFP DOES learn in Paranoid Mode, ONLY on boot-up AND it is normal!

no prob, i’m french and there are things i don’t get too in posts.
i’ll tell u if i see defense+ learning things at reboot in paranoid mode, as i don’t see that for now.
but if it’s normal that comodo runs this way so i will not tell u’re wrong.
it’s just i never faced this learning mode on reboot in certain condition, so i can’t tell something on that.
but is it a bug or not?
if not so this topic can be tagged as resolved.

I guess someone from the Comodo stuff can sort it out, but I am positive I have read about this learning behavior on a manual or sth.

The way I see it is this: Suppose u install CFP for the first time, u have over 10-15 programs starting on boot-up and u have set CFP in Paranoid Mode.
When you reboot, there will be total chaos

I have always run CPF3 in Paranoid mode XP and when I do a fresh install I always get startup process learned automatically.(I delete all preset rules in Defence+ except Comodo’s)
This did not happen in the first versions of CPF3 which caused some windows process to be blocked if you ticked the box Block all unknown requests if the application is closed.
Dennis

CFP will learn trusted files in any mode by default.
Try unchecking 'trust the applications digitally signed by…" item under defense+ settings

ah ok like when u restart your system after install of comodo,yes it learns system files or u would not be able to login to your OS.
but after install my firewall reboots in safe mode, it learn lot of things but now that i’m in max protectin, i saw nothing learned for the moment so i can’t tell which files are learned in paranoid mode.
anyway, that’s ok, i don’t say that’ u’re wrong or something, it’s just i never saw that, but that’s not a prob.
i have no more things to say about that.

OK lets say i have installed new OpenOffice and launched quicklaunch every time as a “tray program”. D+ module learned the rule at the first boot with new OO at system. Is it a bug? In my opinion yes. Why? Even if u have checked the “trust the applications digitally signed by…” option it should only trust to vendors whose certificates are added at “My trusted Software Vendors”. And at trusted vendors i had only two comodos and one MS entry. No entries for OO (or whoever makes OO). And being in Paranoid mode where at description of mode we can read that it always asks you for answer, makes user a little surprised when he sees D+ learning. If you want to leave this feature (bad idea in my opinion) than you should at least change description at D+ settings of Paranoid Mode.

When you have fresh Comodo install then it’s always at the beginning at Learning mode and it’s ok with me (maybe it could be Clean PC but it’s a controvertible issue). I’ve once started Comodo GUI before system reboot and set Mode to paranoid. I had a problem with logging in (had to w8 30 seconds from entering password to any reaction of system). Finally i logged in but many programs and services (like antivirus) were not working.

Anyway i think you should change something about this one cause it makes users confused.

EDIT: I also had only .exe and .bat and normal mode at Image execution section. Now i change to aggressive and added all applications.

Yeah its confusing. Maybe its just a gui ‘bug’.
Although it says tursed vendors, I think it also refers to the safelist as I can’t find any other option to turn off the use of the safelist.

yes i had this prob too when i set directly the firewall to paranoid mode, some things didnt work or just took very long to open, so i use paraniod mode when all my apps activities are logged by defense+
and i had this prob most with vista than xp with the last build 22.349
in this case u close your app and when u restart it, defense+ send alerts so u can get your app workin fine,
apps don’t always launch all their activities each time they run.
but if u set your AV or safe apps to windows system application in the defense+ alerts, in general u got no more probs.
defense+ is nice for unknown apps u start, u can follow what it does point by point and decide to kick it or not.
some unknown file that wants to modify protected keys or create new ones and create files or want to access high privileges, in fact all activities the file shouldnt ask for help the user to understand that he’s facing a malware even if it’s a new one that is not detected by the AV yet.