Over time I have a number of files under My Own Safe Files. These are listed in the order they were added. For ease of use I would like connected applications to be grouped together. Is there an easy way to do this?? - ie change the order in which the files are listed under My Own Safe Files??
Even an alphabetic listing would be better.
I do not want to use folders as this seems to me to be inherently secure. If a rogue program added an application in a “Safe” folder then the rogue application would become “Safe” - am I missing something??
I have another query relating to My Safe Own Files, viz:
I have noticed that Comodo has added 3 entries to the safe files list without any action by me. They all seem to relate to Java and therefore are no doubt OK. The entries are:
I thought that the automatic processes of Comodo would allow Java programs because the software publisher (Sun Microsystems) was on the list of My Trusted Software Vendors. Comodo might also amend the Defense+ Computer Security Policy if necessary.
BUT I thought that only the user’s intervention could add files to the list of My Own Safe Files??
Also given that Java is a trusted software vendor, why do these files need to be added to the My Own Safe Files list??
Would be very grateful if you could help.
Many thanks.
PS: I found another system generated addition to My Safe files List: C:\Program Files\Dell\QuickSet\quickset.exe
Again program is probably safe but do not like the idea of the system adding to this list!!
I can’t answer the reasoning/logic behind it, but even my WinAmp plugins all were added automatically to the Trusted Files. If you notice, though, these are all .DLL files. I am thinking this has something to do with it.
It still seems very odd that a file from a Trusted Software Vendor needs to be added to the list of My Own Safe Files?? It seems to contradict the described function of the Tusted Software Vendor list!!!
PS: When you said added to your list of “Trusted Files” did you mean your My Own Safe Files list as opposed to defining a trusted file under Defense+ → Computer Security Policy??
It still seems very odd that a file from a Trusted Software Vendor needs to be added to the list of My Own Safe Files?? It seems to contradict the described function of the Tusted Software Vendor list!!!
Can you explain this to me??
I can only give a guess on this one. To me, the files are required to make the already trusted .exe work, but the file may not be a signed file (I tested this theory against my .DLL files that were added - none were signed). Since they are part of the executable program, they are hence added so that they will not flag an alert for every file loaded (winamp uses many .dll plugins just with default install).
Cannot check the .dll files I quoted as they have been deleted by the system (they must have been temporary Java files). However, I have checked on quickset.exe - this file is digitally signed by Dell and Dell is on the list of My Trusted Software Vendors. Further explanation is needed.
To get rid of any files deleted by the system you can use purge. The files you are talking about probably arrived as part of an in-line update.
Your dell file is another problem. Occasionally in CIS 4.x files signed by trusted vendors are sandboxed. My first question would be how you have checked the file is digitally signed. Then you need to check that the precise digital signing authority, character by character appears in my trusted vendors. To save time you can do this by trying to add the vendor using the file a the authority. If it adds the vendor then it means same vendor, different sub-authority. If it does not check the computer security policy fror conflicting entries, delete it and see if it re-emerge or you get an alert, then post a screenshot of your defense plus logs (Defence plus ~ view events).
A Safe File is automatically given firewall permissions to access the internet and receive connections from the internet. A “Trusted File” under Defense+ has no firewall permissions.
Trusted Files under the Firewall and under Defense+ are completely separate and independent.
[quote]
To save time you can do this by trying to add the vendor [to my trusted vendors] using the file as the authority. If it adds the vendor then it means same vendor, different sub-authority.
A Safe File is automatically given firewall permissions to access the internet and receive connections from the internet. A “Trusted File” under Defense+ has no firewall permissions.
Trusted Files under the Firewall and under Defense+ are completely separate and independent.
Well if its interest not practical concerns and you are not frightened by the command line your best source is sysinternals sigcheck.exe. Otherwise the file property sheet will give you the signing authority under digital certificates ~ name of signer in XP unless it is an OS file. If it’s an OS file best to use sigcheck, though you can probably turn on digital certificate display for OS files somewhere
A Safe File is automatically given firewall permissions to access the internet and receive connections from the internet. A "Trusted File" under Defense+ has no firewall permissions.
Trusted Files under the Firewall and under Defense+ are completely separate and independent.
I think you are right in version 4.x. I think I have observed this but have never checked by experiment, as I deal mainly with the sandbox. If you do check please do tell me. It's certainly true that they are exempted from AV scans, as you can exclude from future scans by adding to safe files from the scan results dialog.
Thanks for brining this to my attention. I’ll update the FAQ if you do do an experiment!
File property sheet: If I right click on file → Properties → Digital Signatories I can see the “Name of signer”. I presume that this is what you mean?? Do I need any other information??
I will do a bit more experimenting and then report back my results.
