I have folders that I want to protect against reading by any app except one app that is used to edit these files. I add these my folders to Protected Data (picture 1).
I want it to be protected from all apps located in the certain folders and from “Unrecognized” apps.
The questions:
What is the difference between grey and orange color of Unrecognized files? (picture 2)
How do I contain all apps in the certain folder except one app? (picture 3)
What does the Restricted access mean exactly? Which option should I select to restrict access to the protected data but allow these apps to go online and download updates etc? (picture 4)
1) What is the difference between grey and orange color of Unrecognized files?
grey means either rating lookup failed or it is a new file that has not been seen before and thus the file hash doesn't currently exist in the cloud file hash database.
2) How do I contain all apps in the certain folder except one app?
After you create that rule for the folder, create another rule for the one app to exclude and use ignore action, then place the ignore rule above the folder rule.
3) What does the Restricted access mean exactly? Which option should I select to restrict access to the protected data but allow these apps to go online and download updates etc?
Using the run restricted setting allows you to run an application under a certain restriction level by selection [url=https://help.comodo.com/topic-72-1-766-9170-Auto-Containment-Rules.html#as_step3_options]set restriction level.[/url] Only when an application is set to run fully virtualized will they not be able to have read access to files/folders set in protected data folders. Applications can connect to the network when run fully virtualized but anything those apps download and save will be saved inside the virtual file system, and not be applied to the real file system.
1 and 2: I didn’t find such info on official help pages.
3) Does it mean that COMODO can not solve this task - to prohibit reading a file by an app and at the same time allow this app to update itself? Can it be a suggestion for improvement?
Are you wanting to secure a specified folder so that only an explicitly defined application can access it? Also by access, do you mean complete access or allow limited access such as read only?
In short, I want to protect a folder of files from being read by a folder of apps except one app in that apps folder. So only one app should be able to read files, other apps should not have any access to the files but should be able to do their other activity like online update etc.
To do that you would have to force the Apps that you do not want to have access to the protected folder to be contained, and then add your protected files folder in the ‘Protected Data’ list.
To do this:
Open the ‘Auto-Containment’ settings, click add and then add your apps folder in the file locations field. Make sure that the action is Run Virtually and leave all other options as Any then click ok.
Now add a new rule for each individual app that you do not want to be contained. Do the same as above but instead select ‘Ignore’ as the action.
Make sure your new Ignore rules are above your new Run Virtually rule.
Note: In order to continue to protect your system against potentially dangerous unknown files you should add these new rules to the bottom of the Auto-Containment list. If however you absolutely do not want these exceptions to be contained, even if they are unknown to Comodo, you can place them under the block rules instead.
Open the Protected Objects settings and go to the ‘Protected Data’ tab. From there add the files folder that you want to be protected.
Click okay in the settings popup to save your changes.
All applications in your apps folder apart from those specified will now not be able to read the files in your protected files folder. All other contained applications will not be able to access the protected files folder either.
I know how to add files to protected data list and how to add apps to contained list, I even made screenshots, didn’t you see it? I have particular questions about that. I need the contained apps to be able to download and install updates, they should update main application and do other online activity without limitation. Does “run virtually” or “run restricted” mode allow that? It was my 3rd question.
If you do as I say and use Run Virtually, not run Restricted, these apps can be allowed access to the internet when they request it as well as having the restrictions requested.
Contained applications can only modify instances of files that are in containment and download updates from the internet if allowed. Contained applications cannot modify it’s original files.
Updates you install when the application is contained, will be to the contained instance of the application, not the original.
Then it’s not what I want… I don’t need apps to “think they do it” or to do something “virtually”, I need all apps to do their things as normal except they should not have read access to particular folders… Looks like Comodo can’t do that, run virtually and run restricted - only two options to define restriction levels…
