I have an application that runs on system start-up, it’s the real time shield of Spyware Terminator (sp_rsser.exe).
I removed the rule for sp_rsser.exe and rebooted and a box/pop-up appeared saying “Learning …/sp_rsser.exe, modifies folder …” and it created an allow rule for *.sys folders/files from it’s own!
How come? Is it because it’s a start-up file? A child process of services.exe?
Which rule? From the firewall or D+? It learned it cause when you installed Comodo you installed it under clean pc mode. So Comodo knows that anything on your pc should be clean. Also Spyware Terminator is a whilelisted product. Completely normal. BTW Spyware Terminator isn’t all that good. Its very bloated now a days. I recommend SuperAntiSpyware.
The rule from D+! I installed Comodo under clean PC mode, but installed ST a week later
Then I turned to Paranoid mode and removed the rule as I said, which when rebooted was created by its own due to “learning”.
Didn’t know about the whitelist thing, can I see somewhere the whole listing, or is it in the database or sth like that?
Thanx for the reply very much!
No there is no data base where you can see the whitelist that I know of but if its a well known program its probably on the white list so users arent overwhelmed with alerts from trusted vendors.
It seems that Comodo Firewall learns all actions on booting between the time its drivers are active until its user interface is ready to respond, even if you’re using Paranoid mode. This seems to be by design.
Yep just read it somewhere, unfortunately after I created the topic