I’m running in SAFE mode, and periodically I get entries in MY Pending Files. These may be new items and/or updated ones.
What is the difference between moving entries to My Own Safe Files, and simply removing them from Pending? If I see things correctly, either action will render the files SAFE (in that no further warnings are issued for such files), so why would I want to maintain My Own Safe Files, which just gives the Defense+ more work to do in having another list to check?
Also, if I LOOKUP a file and it comes back SAFE, why was it placed in My Pending Files in the first place? To possibly answer my own question, I can imagine that the time of the last update vs the time of my LOOKUP would be a factor here.
Another question pertains to My Quarantined Files. If I know something to be so bad that I want to deny all access to it, wouldn’t I be more likely to remove it from my system, rather than just putting it in Quarantine? Is this meant to be nothing more than a temporary holding place till I decide on a final course of action for the file?
Simply removing the entries from Pending will not render them safe.
The next time the files are run, alerts will be generated.
Moving the entries to My Own Safe Files will result in alerts not being generated because you have told the program they are safe.
Your explanation is the obvious one, except that “I’m sure” that after I’d removed items from Pending, I no longer received alerts for these items - at least in some cases.
Thinking more about this, I’ve probably been looking at Pending entries that were generated by INSTALLs, which evidently do not affect subsequent execution of the installed applications, even though the Pending entries referred to the files of such applications.
For example, if I install a new version of something, I may get some new Pending entries, including references to the application’s main EXE showing as MODIFIED. Subsequent execution of this EXE does NOT generate an alert, and I suppose this is because the file already has a Computer Security Policy definition. I suppose I was “misled” by the file’s presence in Pending after the INSTALL.
I trust the above is coherent.
I’m still not sure how I should be viewing the situation. In other words, what is the significance of generating a MODIFIED entry in Pending, if simply removing it results in the existing Security Policy definition taking effect?
If your using D+ in safe mode you do not get pending files. If you do that then all your problems will be solved. Clean pc mode can be a pain and is more or less for new new pc’s or fresh installs. I actually dont care for it cause I dont feel like purging eveyday so I have D+ in safe mode.
The firewall is telling you that the entry, although modified, is still in your pending files.
As you say, removing it results in the existing Security Policy definition taking effect.
The only significance that I attribute to this is that Pending Files is smart enough to detect if one of its entries has been modified.
Sorry, my mistake. You’re correct, I AM running in CLEAN mode - I was thrown off by the fact that my FW is in SAFE mode. I’ll change DEFENSE+ to SAFE - no reason not to. Thanks.
Again, thinking as we go along here, I can see that this is not illogical. Since the item is MODIFIED, then I can accept the logic that by removing it, I am in effect saying “fine, this is a new version, but the old one was SAFE, and this new version is too”.
I understand, Mike, thank you. It’s just that until this conversation, I hadn’t fully thought out the process. It all makes sense to me once I realized that the absence of alerts after removing (some) Pending items was due to the presence of a Computer Security Policy definition for the deleted item (or rather, a previous version of same).