Well CIS can block an Admin (explorer.exe) from changing or deleting its own files and keys if set correctly.
Go to Defense+ > Computer Security Policy > hit “Yes” > Find “All Applications” and click it > Customize > Select the “Access Rights” Tab > Select “Modify” for “Protected Files/Folders” > Select the Blocked Files/Folders > Add > Browse… > Where it says Add new item, enter the folder you wish “C:\Program Files\MySoftwareFiles*” > Yes on the popup > And now just make sure to OK all the windows to apply the changes.
Now to prevent explorer from deleting it make sure to drag the rule for %windir%\explorer.exe, bellow the All Applications Rule. As CIS reads the rules from top to bottom, that’s why explorer rule needs to be bellow the All Applications rule, I do not suggest that you set the Comodo Internet Security, Windows Updater Applications , and Windows System Applications bellow the All Applications rule. This will for sure lower the security that CIS offers and the rights of other programs.
This alone will only protect the following file formats: .exe .dll .sys .ocx .bat .pif .scr .cpl .com .cmd, if you wish to add protection to all formats in the folder you just protected please follow the following steps:
Go to Defense+ > Computer Security Policy > hit “Yes” > Select the “Protected Files and Folders” tab > Add > Select Browse… > Add the folder you just selected previously > Apply > and OK.
CIS should now watch over all formats in that folder.
[i]OK, I loaded your config. I now understand that I have exported the default “internet security” configuration wrongly :P. I am using “Proactive Security” configuration. Sorry for my mistake. 8)
I did some this and that and
what I could observe is that only .exe files are being protected, while .jpg files can still be deleted from the protected folders. Please let me know how to overcome this limitation.
Thanks very much again.
Note: I just wanted to know why explorer.exe has a separate policy ?
Beats me why Explorer.exe has a separate policy, What you could do to block all files from being deleted would be to put the directory in like “C:\Program Files\COMODO\COMODO Internet Security” then put *.* after it, like so: “C:\Program Files\COMODO\COMODO Internet Security*.*” That will protect all file and formats, not sure if just * will do. Feel free to try it.
I tried to delete a .rtf file in “Comodo Internet Security” folder and failed. So files with all extensions are protected there. But, If I follow the above procedure (even add .) and protect any other folder say a folder on desktop, then only “executables” are being protected.
I could not still figure out how to overcome this.
Have you tried any folder outside “Program files” and tried to delete or rename “non executable files” from that folder ?
I just failed in doing that, that is why I am asking your opinion.
Sorry to hear that you are disappointed with the “Password Protection Mechanism” built in to CIS.
I myself and a lot others are also a lot disappointed with a lot other places where the “Password Protection” just does the opposite of what it is actually supposed to do. There is a whole thread to this discussion. But, it’s just that way, at least for now. We hope to see the behaviour changed in the coming releases.
You can block that, but it will prevent other programs from being uninstalled/installed and also block windows updates, so its a 2 edge sword. Will look to try and find a better way with rules. Anyway to it this way add C:\Windows\System32\msiexec.exe to Blocked Files
Ok found a way to prevent any program from calling upon the CIS uninstaller, While still letting Windows update do its things. Its almost like the rules to block deletion of files, how ever there differences here are the steps:
Go to Defense+ > Computer Security Policy > hit “Yes” > Find “All Applications” and click it > Customize > Select the “Access Rights” Tab > Select “Modify” for “Run an executable” > Select the Blocked Applications > Add > Browse… > Where it says Add new item, enter the .exe you wish to prevent other programs from running “C:\Windows\System32\msiexec.exe” > Yes on the popup > And now just make sure to OK all the windows to apply the changes. I dont know if this method will prevent you from installing windows updates, how ever automatic windows updates should still run.
And just like preventing files from being deleted, make sure to put %windir%\explorer.exe bellow All applications Rule.
Im testing this on Windows 7 Ultimate Edition so I cant say for Vista or XP.
[at] Siva, I could do a team viewer session on Saturday or Sunday.
If you do it well you should get the following error when trying to uninstall CIS (See picture):