Dear All,
after having CFP running for a while in training and clean pc mode, I would like to switch to safe mode for daily use. When reviewing the computer security policy list I noticed that it is fairly long. Most of the applications are set on custom policy. My question is:
Is it advisable to keep the computer security pol list as short as possible? Would it be better for CFP performance?
If yes, how or which is the best way to do it?
If i know, that an application is safe, what is the risk to put it into trusted application group? Could it be “injected” by malware later and perform harmful action without being stopped by CFP because it belongs to trusted apps? Is it better to leave everything on custom policy instead of adding them to trusted apps?
Thanks in advance for answering questions of a newbie.
There is nothing wrong with making something trusted. As far as shorting the list, don’t bother cause anything in there has been learned. I have the firewall and D+ set to safe mode. There is no performance change between any mode. Read this from the help file.
Paranoid Mode: This is the highest security level setting and means that Defense+ will monitor and control all executable files apart from those that you have deemed safe. The firewall will not attempt to learn the behavior of any applications - even those applications on the Comodo safe list. and will only use your configuration settings to filter critical system activity. Similarly, the firewall will not automatically create ‘Allow’ rules for any executables - although you still have the option to treat an application as ‘Trusted’ at the Defense+ alert. Choosing this option will generate the most amount of Defense+ alerts and is recommended for advanced users that require complete awareness of activity on their system.
Safe Mode: While monitoring critical system activity, the firewall will automatically learn the activity of executables and applications certified as ‘Safe’ by Comodo. It will also automatically create ‘Allow’ rules these activities. For non-certified, unknown, applications, you will receive an alert whenever that application attempts to run. Should you choose, you can add that new application to the safe list by choosing ‘Treat this application as a Trusted Application’ at the alert. This will instruct the firewall not to generate an alert the next time it runs. If your machine is not new or known to be free of malware and other threats as in ‘Clean PC Mode’ then Safe Mode’ is recommended setting for most users - combining the highest levels of security with an easy-to-manage number of Defense+ alerts.
Clean PC Mode: From the time you set the slider to ‘Clean PC Mode’, Defense+ will learn the activities of the applications currently installed on the computer while all new executables introduced to the system are monitored and controlled. This patent-pending mode of operation is the recommended option on a new computer or one that the user knows to be clean of malware and other threats. From this point onwards Defense+ will alert the user whenever a new, unrecognized application is being installed. In this mode, the files in ‘My Pending Files’ are excluded from being considered as clean and are monitored and controlled.
‘Installation Mode: Installer applications and updaters may need to execute other processes in order to run effectively. These are called ‘Child Processes’. In ‘Paranoid’, Safe’ and ‘Clean PC modes’, Defense+ would raise an alert every time these child processes attempted to execute because they have no access rights. Whilst in one of these 3 modes, Comodo Firewall Pro will make it easy to install new applications that you trust by offering you the opportunity to temporarily engage ‘Installation Mode’ - which will temporarily bestow these child processes with the same access rights as the parent process - so allowing the installation to proceed without the usual alerts.
I guess nobody measured how much overhead a huge D+ policy list could pose but I think it will be much less than a realtime AV overhead.
Using purge button CFP will remove unneeded policies for uninstalled programs.
Using cleanpc mode it is possible tha CFP learned few installers. If you didn’t delete them (eg if you keep a folder to archive downloaded freeware) you should manually delete those policies.
Purging D+ exception lists (eg run an executable) can only be done manually.
Assigning a predefined policy or grouping many executables under the same policy could also shorthen the number of CFP configuration entries.
Comodo Safesurf will protect your apps from BO expoits and reduce another chance of unwanted actions.
If you run a malware program whith a policy that allow interprocess memory access or win/event hooking (and other privileges) I guess that it would still be possible to compromise your system security or take over a trusted app.
For both Network Security Policy & Defense+ Computer Security Policy, Yes, you can go through the list, and remove ones you uninstalled/don’t need. You can also edit you’re applications like daily used ones (Web Browser, Email,) For example to Trusted, etc etc…