More quiet and stronger setp for C-AV than default settings

I do not understand why Comodo has set the defualt AV configuration. The config described here is more quiet and stronger.

  1. Install CIS without the FW, in proactive mode, after installation

  2. Go to my protected files

  • Create a new group called (Old important files and maps (or something simular, I use the Dutch version)

  • Move these these files to the OLD group
    a) %windir%\servicing*
    b) %windir%\SoftwareDistribution*
    c) %windir%\system*
    d) %windir%\system32*

  • Add the C:\WINDOWS\system32\drivers\etc* to the Important files/folders group

  • Apply

  • Next add predefined groups to my protected files and foders until it lists
    a) Startup flolders
    b) Important Files and Folders
    c) Windows Management
    d) third party protocol drivers
    e) Windows update applications
    f) Windows system applications

  • Apply

Next go to D+, go to Advanced tasks and go to Current computer security rules (first upper left option on
the advanced tab).
Scroll to ALL applications and dubbelclick the rule, select use adapted security rules, click access rights and click “Run/start executables”( = first option). Add the Group "All executables"to the allowed applications to start and Apply changed settings.

Next go the d+,Advanced settings and Defense+ settings,

  • select clean PC modus of the general tab and apply
  • click the advanced tab and make sure only these items are selected
    a) close/shut down processes of the first group
    b) protect registry keys and files of the second group
    c) select all protections for direct access.

Should look like this


[attachment deleted by admin]

I would like to ask both the useability and security test team to have a look at this settings and see for themselves it is stronger and more quiet.

Regards Kees


Any suggestion about safe (best?) rules for common Windows system files?

Well most of these are tackled in the file protection:

application level protection


  • since D+ lacks the ‘protect kernel/system objects’ in its rule set and by default has a predefined windows systems rules set, I would not mess with it, swith to another HIPS when you want that (Malware Defender)


  • only check for my protected registry and files

OGA verify/WGA tray,

  • they need direct memory access as far as I recall, you can set asl for all other direct access, My protected files and registry and shutdown of processes


  • limit all direct access, system shutdown, file and registry protection

How about Network rules for those? Most of them wants to connects out.



Any feedback from Comodo team to confirm if your AV config is better and more quiet?


Off course not, no reply

are you using the full suite Kees?

any input comodo team?

Nice bump haha. Good try anyway Kees. Hope you’re well.

I don’t have the technical background or the resources to adequately test your settings. I have passed a personal message to one of the AV developers to check out this thread. I hope to see a formal comment from the developers soon.