I configured Defense+ in clean PC mode for its easy to use. Every day when Avira Antivirus updated the database, there are ~10 new pending files (dll files in AntiVir Desktop\FAILSAFE) appear. I can move them to my safe file list, but need to repeat the action every day.
1 Is there any method to prevent such repeated work?
2 When safe file list increments to very large list, will it affects significantly to Comodo’s performance?
Sorry you are having this problem.
The best approach would probably be to look at the names of these files and see if you can use a wildcard to define them as safe. You could also define the entire directory as safe - not sure that directory contents are updated in real time though - also less desirable from a security point of view.
There is a long trace on sfi.dat here or in bug reports that describes what you can and cannot achieve with wild cards.
It is also possible that defining the Avira updater as an installer/updater in the Computer Security Policy might help. But even if they update correctly you’d probably still be left with an alert next reboot.
Thank you so much for the suggestions!
Now I added Avira updater as installer/updater in the Computer Security Policy and will check it again tomorrow when it updates. It’s understandable since many of Avira’s DLLs and EXEs don’t have a valid signature in Defence+ view.
BTW, is “Safe Mode” better to reduce the size of pending file list? Though it’s recommended as default, I saw many other users suggest “Clean PC mode”, also because last time when I’m using it, many functionality don’t work and I can’t tame it.
No wildcard or folder definition is needed, but avira changes regularly its server parameters, needing for one to “rewrite” the various rules, but you need for that to have comodo in “alert mode” so as to write appropriate rules.
In the firewall network strategy (cis3, proactive and custom as far as i am speaking), avnotify.exe is blocked and not logged, tcp out to 220.127.116.11 port 80 at the day speaking (you don’t want those nasty advertisement screens, do you?).
update.exe is allowed tcp out 18.104.22.168 port 80.
defense+ (my settings are cis3, proactive, paranoid) needs rules to be written for:
(windows xp): X:\Documents and Settings\All Users\Application Data\Avira\Antivir Desktop\Temp
and for the following avira executables: update.exe, avwsc.exe, avgnt.exe, avconfig.exe, sched.exe, avscan.exe, avcenter.exe.
Under these conditions, avira doesn’t ask anything when updating and/or rebooting… excepting when avira servers changes.
In such a situation, one either has to delete the d+ rules and let the learning take place again, either to temporarily disable d+ and firewall for the update, and save the avira update logfile, looking for “what is new” and changing it in the firewall or d+ settings.