Protect files from being deleted

Hello COMODO Community:

Hope you all have a great weekend!

Does anybody know how to protect folders/files from being deleted, even from a Administrator?
Lets say I have a software installed and the installation path is: C:\Program Files\MySoftwareFiles*

So, USING CIS, how can I protect all “MySoftwareFiles” folders and files from being deleted using Windows Explorer or any other way?

Here at Comodo we have a regular saying, I think you already know it…

“COMODO is a nanny of of programs but not users”… >:-D

So, I do not think that it is possible.

A stupid user can even delete Comodo files and folders while CIS running and watching him do that, if he somehow gets admin rights. :-TD

Well CIS can block an Admin (explorer.exe) from changing or deleting its own files and keys if set correctly.

Go to Defense+ > Computer Security Policy > hit “Yes” > Find “All Applications” and click it > Customize > Select the “Access Rights” Tab > Select “Modify” for “Protected Files/Folders” > Select the Blocked Files/Folders > Add > Browse… > Where it says Add new item, enter the folder you wish “C:\Program Files\MySoftwareFiles*” > Yes on the popup > And now just make sure to OK all the windows to apply the changes.

Now to prevent explorer from deleting it make sure to drag the rule for %windir%\explorer.exe, bellow the All Applications Rule. As CIS reads the rules from top to bottom, that’s why explorer rule needs to be bellow the All Applications rule, I do not suggest that you set the Comodo Internet Security, Windows Updater Applications , and Windows System Applications bellow the All Applications rule. This will for sure lower the security that CIS offers and the rights of other programs.

This alone will only protect the following file formats: .exe .dll .sys .ocx .bat .pif .scr .cpl .com .cmd, if you wish to add protection to all formats in the folder you just protected please follow the following steps:

Go to Defense+ > Computer Security Policy > hit “Yes” > Select the “Protected Files and Folders” tab > Add > Select Browse… > Add the folder you just selected previously > Apply > and OK.

CIS should now watch over all formats in that folder.

If you have any questions feel free to ask :slight_smile:

I did the exact same, and blocked a folder on desktop. But still I am able to create/delete files and folders in that directory.

What could have gone wrong ?

Shall I export my config so that you verify ?

Can some one else verify the procedure ?

[at]WEV did you try this? can you confirm this?

Feel free to export it and attache it on this thread, will take a look at it.

I have attached the copy of the exported configuration file.

I added a folder on Desktop to the Blocked files/folders list. I am still being able to delete its contents as well as the whole folder.

[attachment deleted by admin]

Need to move %windir%\explorer.exe rule bellow All applications rule

like in picture 2

Edit I just checked you havent setup the rules for “All Applications” Protected Files/Folders. In this export.

[attachment deleted by admin]

Well to show that It can prevent deletion of files I attached a zip file with your configuration Siva, that will prevent any User from deleting the CIS directory, or Registry Keys.

[attachment deleted by admin]

I did it, you can see in the attached screenshot.

I have attached a screenshot of what I have done. Please see and tell me if I did anything wrongly.

I just saw your new post. I will unzip, load that config and tell you the result.

[i]OK, I loaded your config. I now understand that I have exported the default “internet security” configuration wrongly :P. I am using “Proactive Security” configuration. Sorry for my mistake. 8)

I did some this and that and

what I could observe is that only .exe files are being protected, while .jpg files can still be deleted from the protected folders. Please let me know how to overcome this limitation.

Thanks very much again.

Note: I just wanted to know why explorer.exe has a separate policy ?

Beats me why Explorer.exe has a separate policy, What you could do to block all files from being deleted would be to put the directory in like “C:\Program Files\COMODO\COMODO Internet Security” then put *.* after it, like so: “C:\Program Files\COMODO\COMODO Internet Security*.*” That will protect all file and formats, not sure if just * will do. Feel free to try it. :slight_smile:

I tried to delete a .rtf file in “Comodo Internet Security” folder and failed. So files with all extensions are protected there. But, If I follow the above procedure (even add .) and protect any other folder say a folder on desktop, then only “executables” are being protected.

I could not still figure out how to overcome this.

Will look into that this weekend when I have time. :slight_smile:

THANK YOU!!! :-TU :-TU :-TU :-TU :-TU

It worked out for me perfectly! I appreciate your great help.
Be blessed!

Even more security???
And now I cannot stop any process (exe files) within my desired path, C:\Program Files\MySoftwareFiles* :smiley: :wink:

COOL! Thank you again!

I did all the procedure, and as you can read in my previous post, it effectively protected the files and folders I wanted to be deleted.

So my next step was to protect my CIS config with a password.

Now I found everything is USELESS, because even with a password, CIS can be uninstalled (thus my files/folders being protected are again vulnerable to be deleted manually).

What a deception. :frowning:

Great to hear that the procedure worked for you.

Have you tried any folder outside “Program files” and tried to delete or rename “non executable files” from that folder ?

I just failed in doing that, that is why I am asking your opinion.

Sorry to hear that you are disappointed with the “Password Protection Mechanism” built in to CIS.

I myself and a lot others are also a lot disappointed with a lot other places where the “Password Protection” just does the opposite of what it is actually supposed to do. There is a whole thread to this discussion. But, it’s just that way, at least for now. We hope to see the behaviour changed in the coming releases.

You can block that, but it will prevent other programs from being uninstalled/installed and also block windows updates, so its a 2 edge sword. Will look to try and find a better way with rules. Anyway to it this way add C:\Windows\System32\msiexec.exe to Blocked Files

Ok found a way to prevent any program from calling upon the CIS uninstaller, While still letting Windows update do its things. Its almost like the rules to block deletion of files, how ever there differences here are the steps:

Go to Defense+ > Computer Security Policy > hit “Yes” > Find “All Applications” and click it > Customize > Select the “Access Rights” Tab > Select “Modify” for “Run an executable” > Select the Blocked Applications > Add > Browse… > Where it says Add new item, enter the .exe you wish to prevent other programs from running “C:\Windows\System32\msiexec.exe” > Yes on the popup > And now just make sure to OK all the windows to apply the changes. I dont know if this method will prevent you from installing windows updates, how ever automatic windows updates should still run.

And just like preventing files from being deleted, make sure to put %windir%\explorer.exe bellow All applications Rule.

Im testing this on Windows 7 Ultimate Edition so I cant say for Vista or XP.

[at] Siva, I could do a team viewer session on Saturday or Sunday.

If you do it well you should get the following error when trying to uninstall CIS (See picture):

[attachment deleted by admin]

Thanks and I would very much appreciate your help.
May I know which time is comfortable for you ?

Sent you a PM :slight_smile:

Thank you OmeletGuy for your time.
Unfortunately, on XP is not working.