Mark file as trusted from within alert

rk1 · November 2, 2013, 1:22am

The documentation mentions at several places that it’s possible to add a file to the trusted list using a popup alert. For example, HIPS Behaviour Settings, Comodo Internet Security | Comodo Internet Security v6.3 in section Configuring Security Level of HIPS - Safe Mode says: “Should you choose, you can add that new application to the safe list by choosing ‘Treat this application as a Trusted Application’ at the alert.” The problem is, I don’t see such an option anywhere in the alert. Am I overlooking something or the docs are wrong?

L.A.R_Grizzly · November 2, 2013, 1:53am

When the alert box comes up, choose the drop-down you want, and in the drop-down, there are other choices. There is a small checkbox in the lower left corner that says Remember…

rk1 · November 2, 2013, 2:03am

“Remember” checkbox applies to creating HIPS rules, I’m asking about adding an entry to the Trusted Files list (this is how I understand ‘Treat this application as a Trusted Application’). The point is I see no control in the alert box titled ‘Treat this application as a Trusted Application’, contrary to what the docs say.

L.A.R_Grizzly · November 2, 2013, 2:13am

Open the Trusted Files List and use the drop-down at the bottom of the screen. Choose Add->Files and point it to the file you want to add. In the alert box you want to choose Don’t isolate it again.

Screenshots attached.

HIPS and Sandbox have their own Trusted Files lists. HIPS uses HIPS Rules and Sandbox uses Trusted Files List (which HIPS also uses). Use HIPS Rules if HIPS flags a file after it passes the Sandbox.

[attachment deleted by admin]

rk1 · November 2, 2013, 2:27am

Thanks, but that’s not what I mean. I know how to add a file to the trusted list from within the settings window. This is about doing this from within the popup alert, as mentioned in the docs.

L.A.R_Grizzly · November 2, 2013, 2:29am

I edited my former post. In the alert box, use Don’t isolate it again and it will be added to the Trusted Files List.

[attachment deleted by admin]

rk1 · November 2, 2013, 2:32am

But this is related to the Behaviour Blocker and sandboxing, not HIPS and Trusted Files list, isn’t it? I’m talking about the HIPS alert.

L.A.R_Grizzly · November 2, 2013, 2:33am

HIPS and Sandbox have their own Trusted Files lists. HIPS uses HIPS Rules and Sandbox uses Trusted Files List (which HIPS also uses). Use HIPS Rules if HIPS flags a file after it passes the Sandbox (don’t forget to check the “Remember” box).

[attachment deleted by admin]

rk1 · November 2, 2013, 2:39am

I’m not using Behaviour Blocker at all.

Let me clarify what this is about:

The docs say that there is ‘Treat this application as a Trusted Application’ option in the HIPS alert, yet I can’t find it there. Am I overlooking it or is it a mistake in the docs?
If it is there indeed, then am I understanding correctly that ‘Treat this application as a Trusted Application’ means adding the app to the Trusted Files list?

Edit: and by Trusted Files list I mean: Trusted Files, Personal Safe List, Defense+ Trusted Status | Internet Security v6.2

L.A.R_Grizzly · November 2, 2013, 2:46am

The docs are messed up.

See my screenshot above (this is a HIPS alert). You want to choose Allowed Application and check the Remember my answer box. This will add the file to HIPS Rules, not the Trusted Files List.
To add a file to the Trusted Files List, that is a Behavior Blocker alert and you choose Don’t isolate it again.

Use HIPS Rules if HIPS flags a file after it passes the Sandbox.

If you aren’t using the Sandbox, you just use HIPS Rules and not Trusted Files List.

[attachment deleted by admin]

rk1 · November 2, 2013, 2:56am

So it seems the final answer is that it’s not possible to do what I want. The docs are messed up indeed - ambiguous and unclear all the time. It’s very frustrating trying to figure out how CIS works in details. Thanks for help.

L.A.R_Grizzly · November 2, 2013, 3:02am

You are confused. You can do what you want.

HIPS uses a different ruleset than the Sandbox.
HIPS uses HIPS Rules.
Sandbox uses Trusted Files List.
Since you aren’t using the Sandbox/Behavior Blocker, you will just use HIPS Rules.
When the HIPS alert comes up, choose Allowed Application and “Remember my answer” and the file will be added to the HIPS Rules.

rk1 · November 2, 2013, 3:13am

Well, according to the docs again, HIPS also uses the Trusted Files list:

Note: HIPS trusts the applications if:

The application/file is included in the Trusted Files list

The application is from a vendor included in the Trusted Software Vendors list

The application is included in the extensive and constantly updated Comodo safelist

L.A.R_Grizzly · November 2, 2013, 3:17am

Only if you are using the Sandbox/Behavior Blocker. If you use both, you will get less HIPS alerts since the Sandbox takes care of most of the file behavior.

Think of it this way. It works in a series.

Sandbox->Trusted Files List->HIPS->HIPS Rules

The Sandbox checks the file and if it’s not recognised, it checks the Trusted Files List. If the file passes, then HIPS looks at it. If it looks suspicious, HIPS checks the HIPS Rules.

If you disable the Sandbox, then the flow is just HIPS then HIPS Rules.