“noob type Q”
Just installed CIS
when I reboot, it asks me to isolate some of the stuff that’s already in trusted.
Thoughts?
Follow the tips in App. is not working correctly, but does not seem to be s/boxed. What to do? [v5] and see if that does the trick for you or not.
What applications do you get asked for?
Thanks for looking in and moving post.
Been asked a few times for services.exe (or system.exe), 40tude Dialog, UPSmon, and I forget what others. I will keep watching it and post back. I don’t re-boot very often but will now.
okay, this time the only repeat message was a
Malicious item simeter.exe
which I , again (at least 5 times now), said ignore / add to trusted files. (I checked again and it is in there.)
Si Meter is an old computer system monitoring system. The only thing I monitor is my CPU cores, and the activity on C:/ . It is started via the registry via HKLM / run.
COMODO is not starting early enough.
I booted to the logon screen, counted to 10 and logged in and looked at the Comodo event list and saw 7 things sandboxed that were already in trusted.
I booted again and this time waited about 15 secs before typing in my password, and events had 10 things sandboxed - all in trusted list.
I did look at the trusted list and found a bunch of duplicates which of course I am putting in there every time I choose don’t isolate again. I eliminated the dups.
So how can I get Comodo to start earlier? I am admin on my machine - I am the only user.
What type of alert was this? Was this about sandboxing or a D+ alert. A D+ alert for services.exe usually only happen when you install a service or a driver. An alert for System would typically be a Firewall alert.
40tude Dialog, UPSmon, and I forget what others. I will keep watching it and post back. I don't re-boot very often but will now.[quote="Kris227 post:4, topic:262024"] okay, this time the only repeat message was a Malicious item simeter.exe which I , again (at least 5 times now), said ignore / add to trusted files. (I checked again and it is in there.)
Si Meter is an old computer system monitoring system. The only thing I monitor is my CPU cores, and the activity on C:/ . It is started via the registry via HKLM / run.
[/quote]
Do the workarounds mentioned in my previous post help here?
As far as I know it is not possible. Try the workarounds I mentioned in my previous post and see if that works. Let us know what program(s) still get sandboxed.
I don’t think it is possible to change the order effectively in Win7.
EDIT: your list was an excellent one and I think #3 - starting too early - answers it all for me. - the only "unknown"s are already in the trusted file!
—>>> I also don’t really think it matters, as Comodo is handling this by putting it in the sandbox, so if it were an illegal program doing bad things, I’d know it rather quickly.
I think these are all D+ alerts, possibly caused by installing services, so not concerned. I have a Linksys router between me and Comcast, and GRC reports all stealth, so firewall strays don’t exist. I haven’t had a virus in many years.
I felt it was giving me repeat requests after boot, but I now do NOT think it is doing that as I don’t seem to be getting “repeats” - I re-installed a couple things and this resulted in the messages.
Comodo install did a fine job of assessing the system and tests fine with Eicar. Also works well with Firefox download statusbar and virus check using cavscan.exe and %1 .
SO: going from Win7 Firewall and Avira to Comodo CIS, I am pleased, and Win7 seemed to be pleased.
Thanks for looking in, but I suggest we call this “closed”.
:comodorocks:
Did you try adding the program, or the entire installation folder, to the shell code injection exclusions? Or try to give it the Installer/Updater policy?
Thank you for your time…
Okay, I’ll play straight man:
what and where is the 'shell code injection exclusions"
what and where is the “installer updater policy”
I looked here
http://help.comodo.com/topic-72-1-155-1074-Introduction-to-Comodo-Internet-Security.html
but did not find where it is text search-able…
Look under Execution Control Settings. At the bottom you will find the exclusion button.
How to give a program the Installer/Updater policy? Run the executable at hand. Go to Defense + → Computer Security Policy → Application Rules → Add → Select → Browse running processes → select the program → Ok → now choose “Use a predefined policy” → choose Ïnstaller/Updater → Ok and Apply your way back and you are done.
EricJH, many thanks for pointing me at the Comodo-appropriate way to do this. Easy! [I corrected my other post.}
Thanks!
my simeter note:
install simeter, allow it to execute, and leave "start application at startup" checked. set up settings and apply and close.Do not re-boot yet.
In Comodo / Defense+ / Defense + Settings / Execution Control Settings tab : click “Exclusions” button : Add/browse to simeter.exe and add apply apply.
This will allow simeter executable to survive. Else after 2 reboots, Comodo will mark the simeter and folder as read only and you can’t use it.In STARTUP, normal start is in HKLM run. if there is another stray with null argument just delete it - simeter likes to create one up in //apddata/roaming.MS/WIN/Start/programs
.
:comodorocks: