Multiple Policies for One Application - Is Something Wrong?

Hi,

Forewarning: I’m still new to Comodo. :slight_smile:

I added a few of my own file groups and assigned some executables to each. I then removed the existing policy entries for the executables I added to these groups and added new policies for the groups. But whenever something happens to one of these files to warrant customization (e.g. so far always when adding an allowed Run Executable entry), Comodo adds a duplicate policy entry for that file with the newly learned access right(s) applied. So in other words I now have two entries for some of these files: one entry as a group, the other as an individual file.

What is Comodo doing? Does it apply the securest combination of the two policies, as I suspect/hope? Or is it confused and causing problems down the road?

More info: I made three file groups: one for ESET NOD32 Antivirus files, one for PC Tools Spyware Doctor files and a third for TuneUp Utilities files. The first two groups are given a custom policy I call Trusted & Protected Application (essentially Trusted + the same protection settings as Comodo files are given by default) and the TuneUp policy is set to Trusted Application. Comodo added several duplicate entries for some of these files (PTSD and TUU files, not NOD yet) and gave them Custom policy settings that include some files they are allowed to execute without asking.

Thanks.

Yep, I can confirm that. I won’t consider it a bug, maybe it’s just not enough documented.

It’s only normal that policies for individual applications within a group cannot be changed by an “Allow an remember” action – therefore a second “custom” rule appears.
Workaround is to keep only one – depending on how often you’re using or what are your priorities – removing the temporary, and/or to define “custom group” policy rules
It is however tricky to remember all your rules.

Hi gaby,

Thanks for the info. This behavior seems to defeat the purpose of using predefined policies, other than to initially assign policies. I agree, in time, as I foresee it will become very difficult to manage access rights and protection settings, with everything switching to Custom.

Anyway, if I were to leave Comodo with both my group policies and its custom policies for each doubly listed file, do you think Comodo will use one and ignore the other (e.g. use Custom settings and ignore the group settings)? Or will it somehow apply both settings, perhaps using the more secure ones where they differ and combining rule exceptions? I hope it’s the latter, as I’d like to see, for example, Spyware Doctor’s four executables communicate with each other freely as the new Custom settings allow, and also maintain its other access rights and protection settings as defined in the group policy.

To preserve initial policy settings while also allowing files within groups access to other files within the same group would be ideal. They should add the ability to let groups dynamically allow access rights and protection settings exceptions between files within the same group. In other words, when specifying the group to allow access rights or protection settings exceptions, add a choice to the group list I’ll call “Current Group”, which corresponds to the group that files in that group belong to. As it is, you can only statically do so, in that you must specify a specific group to do so with, which means you’d need a different policy for each group, which defeats the purpose of predefined policies.

I’m going to post this to the thread asking for feedback. :slight_smile: