Running ver. 4.1.150349.920.
I recently switched to Defense+ Clean mode on a new PC after running Safe mode for a long time on my old PC.
I have noticed that when files are added to my pending files, I am getting no alerts. I thought when something was added to pending files, you received an alert?
Today I just installed a new ver. of SpywareBlaster after uninstalling the old program using RevnoUninstaller. I received no alerts at all which I assume was OK since Javcool is a trusted vendor? However I noticed one .dll from that installation in My Pending Files of Defense+. I checked it and Comodo said it was “safe” and it auto. moved it to My Safe files. Now the question is why was it placed in My Pending files when it was “safe” in the first place? I also noticed that the same dll. was present in the SpywareBlaster program folder. This concerns me since it could lead to “busted” installations where some files are listed in My Pending files when they should not be.
First of all Clean PC mode will by definition show no pop ups; it will learn everything without notifying the user. That’s why we advice to use it only for short periods of time. Typical program we would advice to use it for is a game going full screen. Run that several minutes, stop the game put D+ back to its previous setting.
It was judged safe after an online look up. CIS v4.1 has a cloud look up facility.
In the default settings D+ will detect an installer and run it outside the sandbox. So there won’t be busted installations.
Guess I am confused. A couple of the “Guides” posted in this section recommended switching to “Clean” mode on a clean PC for the express purpose of receiving suspicious files in the My Pending File section.
From what you have stated, I gather you only recommend “Safe” mode for Defense+?
By the way the SpywareBlaster file Comodo placed in the My Pending files folder was SQLite3SB.dll which does have a questionable status from what I gleaned from Google searches. Both Prevx and Emmis’s AntiMalware treat it as a virus. I did scan it with my Symantec Endpoint AV and AntiMalwareBytes and the file came up clean. The file from what I can determine however is not a “true” .dll.
My mistake here. I mixed Clean PC mode with Training mode. Training Mode will behave as I described. You are right that Clean PC mode will put unknown files in My Pending Files
From what you have stated, I gather you only recommend "Safe" mode for Defense+?
Clean PC mode is fine when you know for sure your system is clean of malware. It will learn all rules of the files on your system and when new programs get installed it will move unknown files to My Pending Files
By the way the SpywareBlaster file Comodo placed in the My Pending files folder was SQLite3SB.dll which does have a questionable status from what I gleaned from Google searches. Both Prevx and Emmis's AntiMalware treat it as a virus. I did scan it with my Symantec Endpoint AV and AntiMalwareBytes and the file came up clean. The file from what I can determine however is not a "true" .dll.
I just had [url=http://www.virustotal.com/file-scan/report.html?id=0dd352083114d6d2d3df474f50268ba1dee1731ea8f8169610a546412f8ba7bb-1283531993]Virus Total[/url] take a look at the SQLite3SB.dll file and it came up squeaky clean.
Even the scanners from Emsisoft (a-squared) and PrevX at Virus Total say it is clean. Both scanners must have flagged it erroneously in the past; in short they are false positives that they fixed.
In short: the Spywareblaster file can be totally trusted.
Thanks, Eric. Glad we got the concept of “Clean PC” straightened out. However, there a a couple of issues.
On page 249 of the Comodo ver. 4.0 user manual, it descibes “Clean PC” mode. Quote “From this point on, Comodo alerts the user whenever a new unrecognized application is being installed.” I think the keyword in that previous sentence is “application.” In my case, SpywareBlaster is a “safe” application as far as Comodo goes. However, Comodo found something suspicious in one of it’s files and correctly placed that file in the My Pending Files folder. However it appears in instances like this, Comodo is not issuing an alert and in my opinion, that is a bug. If for no other reason than that the user has no idea something was placed in the My Pending Files folder for his review.
I had another more complicated instance that also occured that I will elborate on. I had another file, a driver, that was always appearing in the My Pending files folder. It was gdrv.sys. Well, this ■■■■■■ is the Gigabyte Tools driver used for it’s ipod power conservation baloney. To make matters even more complicated, it is deleted at system shutdown and re-created at system boot time. Yikes! Anyway, this file was always, and of course, ending up in the My Pending Files folder and I kept moving it to the Safe Files folder again and again… Now first, I don’t know why Gigabyte is not a Trusted Vendor, it should be. Anyway, I added to the Trusted Vendors list using the digital cert. from the gdrv.sys file and then moved it one more time to the My Safe folders file and wallah that worked. Again I never once received an alert that this gdrv.sys file was being placed in the My Pending files folder.
My recommendation in the above instance is that Comodo give a warning then offer to create a Trusted Vendor if a valid digitial cert. exists for the file. I think the above procedure is way to complicated for the average Comodo user.