My IDE is a trusted executable. When I do make, it constructs .bat files in the temporary folder. Their file-names seem to be randomized, since they have never the same name twice.
Upon launching them, they get sandboxed as Partially Limited.
Is there any way to mark all .bat files launched by that executable as trusted?
Don’t know if it’ll work, but go to Defense+ → Computer Security Policy → Add → browse to the My IDE path and Use a Predefined Policy: Installer or Updater. Now Apply the changes.
The other thing you can do is to exclude temporary folder from being monitored: go to Defense+ → Defense+ Settings → Execution Control Settings → next to the Detect shellcode injections option select Exclusions → Add → File Groups → Temporary Files. Now click Apply to implement the settings.
The executable is already defined as Installer or Updater, so this is not enough.
In addition, excluding the temporary folder is too dangerous, as it is the first place a virus will use.
I have already looked at every option in the Comodo dialogs, and have found no acceptable solution.
If you create a file group for the .bat files and insert a wildcard were the path changes each time, you can then use this group in Computer Security Policy.
Or use the .bat path with wildcard to make a rule in Computer Security Policy.
Edit Added second option
Thanks, the file group worked perfectly.
I’ve looked and tried without success but can some please explain exactly how to do these 2 options:
- If you create a file group for the .bat files and insert a wildcard were the path changes each time, you can then use this group in Computer Security Policy.
- Use the .bat path with wildcard to make a rule in Computer Security Policy.
Defense+ /Computer Security Policy /Protected files and folders /Groups (Please be careful not to delete any groups here) /Add choose file and then add wildcard if needed.
C:\path \1234.bat add * instead of 1234 if this changes every time.
Or Computer Security policy / Add then select a file before clicking OK change the path manually to the required one.