My Own Safe Files

1. Yes. Note that MS for example has several entries in the CIS vendor list that are subtly different. Sometimes old names are retired and new ones substituted, and CIS will reject the old names so this is not trivial!
2. Thanks I appreciate it!

I am only using Comodo firewall.

From my experiments I believe:

1. A file that is safe because it is on the list of My Trusted Software Vendors is automatically given access to the internet but alerts if a there is an attemp to connect in from an external IP (even an IP on a home network);
2. A file added to My Own Safe Files is automatically given access to the internet (ie no firewall restriction).
   Not sure about inbound connections to such a file - do not have a file to test that behaviour;
3. A file that is made a Trusted Application under Defense+ requires a separate approval for internet access.

The files that should be safe as from an a trusted software vendor seem to behave inconsistently. quickset.exe is digitally signed by Dell Inc which is on the list of My Trusted Software Vendors. Yet if I try to run this program Comodo produces an alert which states that the executable quickset.exe could not be recognised and asks user to block or allow??

Perhaps others could add from their own experience.

Did you check the digital signature from quickset.exe by pushing the view button? See attached images for clarification.

[attachment deleted by admin]

For Dell you can check as Eric suggests. This does not work for catalogue-signed Windows files in XP however. If you post screenshots we can be sure.

Thanks for the info about trusted files. Sounds right. Suspect files trsuted for both reasons protect vs inbound access - same policy. Will update my post with tentative findings, and credit you, later today.

I did. It says that “The digital signature is OK” and there is a counter signature.

Any other thoughts??

PS: My O/S is Vista

If I recall correctly both get an allow outgoing TCP/UDP traffic rule. This will not let the program respond to incoming traffic.

3) A file that is made a Trusted Application under Defense+ requires a separate approval for internet access.

Do you mean you gave the program the Trusted Application policy under Network Security Policy --> Application Rules? Two questions. What configuration are you using (look under More --> Manage My Configurations)? How is your Firewall Behaviour Settings set (Firewall --> Advanced)?

The files that should be safe as from an a trusted software vendor seem to behave inconsistently. quickset.exe is digitally signed by Dell Inc which is on the list of My Trusted Software Vendors. Yet if I try to run this program Comodo produces an alert which states that the executable quickset.exe could not be recognised and asks user to block or allow??

Perhaps others could add from their own experience.
[/quote]

Some more examples of odd behaviour with My Own Safe Files.

I installed Comodo Firewall (not Anti virus) v4.1.150349.920 on a second PC. I have disabled the Sandbox but before I had done so Comodo added programs automatically to My Own Safe Files - for some examples see below:

C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MozyHome\mozystat.exe

1. sprtcmd.exe has a digital signature from Dell Inc which is on the list of My Trusted Software Vendors. So why does it need to be added to the list of My Own Trusted Files??

2. I thought that files could only be added to the list of My Own Trusted Files by the user explicitly adding them?? BUT Comodo has added these files automatically without asking the user?? How is this happening??

Many thank for any help.

Any thoughts??

Can you check to see the certificate is actually still valid?

2) I thought that files could only be added to the list of My Own Trusted Files by the user explicitly adding them?? BUT Comodo has added these files automatically without asking the user?? How is this happening??

Many thank for any help.

Both user and the program can add file to My Own Trusted Files.

Thanks.

1. How do I check that certificate is still valid?? I cannot see anything that implies that it is not valid.

2. Sorry I meant to say My Own Safe Files not Trusted files. To restate my query:

I thought that files could only be added to the list of My Own Safe Files by the user explicitly adding them?? BUT Comodo has added these files automatically without asking the user?? How is this happening??

Many thanks.

Look up the properties of the file and open the Digital signatures tab, select the publisher and push the details button. See attached images.

2) Sorry I meant to say My Own Safe Files not Trusted files. To restate my query:

I thought that files could only be added to the list of My Own Safe Files by the user explicitly adding them?? BUT Comodo has added these files automatically without asking the user?? How is this happening??

Many thanks.

Both user and Comodo can add files to My Own Safe Files. CIS also has cloud look up and when cloud look up determines a file to safe CIS will add it to My Own Safe Files.

[attachment deleted by admin]

I had checked on those 2 tabs and digital signatures were still valid.

Both user and Comodo can add files to My Own Safe Files. CIS also has cloud look up and when cloud look up determines a file to safe CIS will add it to My Own Safe Files.

What determines whether Comodo adds file to My Own Safe Files. Clearly not all safe files are added - for example Internet Explorer is not on the list of My Own Safe Files. If the file is from a Trusted Software Vendor why does it also need to be added to My Own Safe Files??

I thought that My Own Safe Files was just for files that user wanted to deem safe because they were not on a Comodo “White List”. Clearly I am not understanding correctly??

Is “cloud look up” in addition to Trusted Software Vendors?? Never seen “cloud look up” mentioned in Help File or User Manual.

Thanks again.

The white list in CIS comes with the installation and is therefor static of nature. The cloud look up extends the list.

With the upcoming v5 the Trusted Software Vendor list gets extended with the cloud look up as well.

As with regard to digitally signed files getting added the following. Some publishers have multiple signatures. Microsoft uses three different ones to sign its program if I recall correctly. Suppose Dell has two signatures of which one is on the Trusted Software Vendors list. Suppose a program is signed with the second signature. The file may be on the white list though and the cloud look up will clear its status and it will be added to My Own Safe Files.

If I have understood correctly, there are 3 things that underpin Comodo making an automatic classification of a file:
a) Trusted Software Vendors
b) White List
c) Cloud Look Up

Then queries:

1. Is this correct??
   2)I presume that both the Trusted Software Vendors and the White List are stored on my PC - correct??
2. From your last post - Comodo (v4.1) does does not update either the Trusted Software Vendors and the White List that are on my PC - they are fixed at the point of installation??
3. How do I access the White List to find its contents??
4. I did not understand your comment “The file may be on the white list though and the cloud look up will clear its status and it will be added to My Own Safe Files”. If a file is on the White List why should there be a Cloud Look Up?? - surely the White List has already established that it is a safe file and hence no Cloud Look Up is required??
5. If a file is from Trusted Software Vendor or is on the White List then nothing is added to My Own Safe Files as there is no need - correct?? However, if file is not classified as safe by either Trusted Vendors or by White List and is only found to be safe by the Cloud Look up then Comodo adds the file to My Own Safe Files to provide a safe classification that is on the PC for future use - correct??

Many thanks.

Any responses??

Many thanks.

1)Exactly
2) TSV list and white list are stored on your PC.
3) Indeed
4) The white list cannot be accessed
5) I should have formulated more precise here. The lowdown is the cloud look up extends the local white list; it does not extend the TSV list (it will in v5). So, a signed signature that is not on TSV list can still get added to My Own Safe Files because of the cloud look up of the white list.
6) Exactly

Just to make sure I understand this point.

1. The Cloud Look Up is only used when a file is not on the local White list and is not from a vendor on the local Trusted Software Vendor list (and is not already permitted to undertake the intended action by an existing permission).

2. The Cloud Look Up extends the White List in the sense that it accesses the latest White List on the Comodo servers and hence accesses changes from the White List that was embedded in the Comodo installation files. The Cloud Look Up does not change the local White List nor change the local Trusted Software Vendor list.

3. If the Cloud Look Up finds a file to be “white” then Comodo adds this file to the list of My Own Safe Files so that Comodo locally knows that this file is safe for future actions in relation to this file.

Is this all correct??

Many thanks.

PS: Given that the White List is on my PC, why is it not accessible?? Where is it stored??

Grateful if we could finish this thread with answers to my last post.

Many thanks.

that sounds correct, DogDog, yes.