Need safe mode but let me control what explorer.exe tries to run.

Hello. I am liking this safe mode but I want to feel more secure like when I used to use tiny personal firewall back in the day. I would like to have Defense+ set up to where any “unknown” exe that is run is intercepted first and lets me know “unknown.exe wants to run”. How can I do this? So far the only way is by using paranoid mode, but I do not want to use that because in a vmware I managed to get locked out of windows trying to use paranoid mode once.

I think it is fine that “safe” exe’s can run and that “safe” exe’s can run other programs. But I just don’t want a safe exe to be able to run an unsafe exe. Do you know what I mean? If Explorer.exe wants to run notepad.exe thats fine but if it runs something unknown to comodo and its safe list then I want to know if a program like that is trying to run.

Edit. If a known and trusted “safe” microsoft or other signed exe tries to run a previously unknown (not deemed safe by comodo) exe then it will warn me. If an unknown (not deemed as safe by comodo) tries to run a safe exe it will warn me. That is what I am looking for.

Hi Morthawt , I think I can help with this one

In D+ settings ----> go to “Execution control settings” tab -----> set “Execution control level” to Enabled

then check “Treat unrecognized files as … and choose the level you want (limited, partially limited, restricted, untrusted, and blocked”

I guess that way unknown files will not be executed automatically and you will be asked “or at least notified” when they run

Seems by default it does what I want, just that they have a very very large whitelist… I don’t like that. I want my operating system (microsoft) to be white listed for stability reasons but anything else I want control over. :frowning: The random program I tried (small utility that is not signed) ran without challenge.

Was that unsigned utility safe or not ? I guess it was safe , and “very very large whitelist”, maybe there is a way to disable using that white list , I hope someone here can help you with that .

anyway, try this : “and this is my last trick :P”
In D+ go to “Computer security policy”, then under “Defense+ rules” scroll down until you find “All applications” you will find that it’s predefined as “Custom policy” , why don’t you try to edit it ?
select it “all applications” → Click “Edit” → check “use a predefined policy” and from the drop down menu select the level you desire (maybe you wish to try limited or isolated)

But if that didn’t work the way you want then please try the following.
1- Make sure to check all check boxes under “Monitoring settings” in D+ settings “they are all checked by default”

then in D+ settings ----> go to “Sandbox settings” tab, then
1- uncheck “Automatically detect the installers/updaters and run them outside the Sandbox”
2- uncheck “Automatically trust the files from the trusted installers”

Disabling the sandbox does what you want in most cases. I said “in most cases” because I can use What’s Running ( via its file dialog box to start an unrecognized program without a prompt; I’m not sure why this is allowed.

  1. You may have been locked out of Windows using Paranoid Mode during a UAC prompt. There are probably a few executables that should be added to your Defense+ policy list to avoid this situation.

  2. Here are two topics that discuss using CIS as an anti-executable: and

  3. I’ve started a separate topic ( to discuss the issue with What’s Running.