Why do you think CIS found a file still unrecognized if it’s already in group of “trusted files” ??? The files I don’t care if there are sandboxed I moved to group of being sandboxed all the time just to get rid of the messages but there are some files I need to keep un-sandboxed. However, even if I move them to “trusted files” CIS still find them unrecognized and wants to isolate them. Why? It’s like moving them to trusted files does not work … Even if I do so, I still find these files in Unrecognized Files
BTW if you don’t mind asking, what’s the difference between “Computer Security Policy → Defense+ Rules” where I can find applications usually automatically put when I use “Training Mode” and “Trusted Files”? Sometimes if I’m correct I find the same application in those two groups.
Are the groups (Trusted and Untrusted Files) are independent to Computer Security Policy → Defense + Rules, in the sense that if a process being in the Trusted Files group omits all rules from Computer Security Policy → Defense + ? Or rephrasing the question, whether those rules still affect a process running in a system regardless of the process being in one of the Trusted or Untrusted Files groups? Or whether having a process in Trusted or Untrusted Files only causes the process to be Sandboxed?
What happens when the process is Sandboxed.
I appreciate your effort of trying to explain these problems to me. I hope after this thread I’ll be more concoius about what I do with CIS
A Trusted File is an independant entity; its status does not depend on possible application rules in Defense + Rules. The rules for Trusted Files in Defense + Rules are omitted for reasons of performance (keeping the rules list small); Trusted Files get applied a default D+ rule.
Or rephrasing the question, whether those rules still affect a process running in a system regardless of the process being in one of the Trusted or Untrusted Files groups? Or whether having a process in Trusted or Untrusted Files only causes the process to be Sandboxed?
You hit the nail on the head here. Unrecognised files, and therefor untrusted, are the ones that get sandboxed where the Trusted Files will get run with default D+ rules.
What happens when the process is Sandboxed.
Read [url=http://help.comodo.com/topic-72-1-170-1708-Unknown-Files---The-Sand-boxing-and-Scanning-Processes.html] Unknown Files:The Sand-boxing and Scanning Processes[/url]. That describes in more detail the sandboxing process as well as the role of the process of cloud look up. It is a good read but needs some time to sink in.
