protected files? no, CFP3 fails!

Hi,

can someone please explain to me, what this is? When i add a newly created test folder, containing files, to the “protected folders”, why is deleting or changing those files or folders still possible then??

The name “protected files” implies to me, that CFP is exactly stopping that, & not doing just nothing except giving the user the false information that his files are “protected” in any way. So what´s wrong with that function? Also CFP won´t warn me when some known exe ist replaced by an update (it could be some malware claiming that name), it will install without any further notification.

Version: 3.0.19.318

Look at the Protected Files/Folders in Computer Security Policy for the program that you used to delete or change the files/folders in question.

Hi, i´ve read that help file so far, but the “program” deleting that file might be windows itself, or dozens of other programs like various file managers. The approach the other way round would be more handy, allowing certain programs (whitelist), but the best option would be to completely protect those files & folders.

So if a real change is desired, the state of the folder would have to be changed in “unprotected” state in the “protected files” folder again. It would be nice for this, if after typing a password for the protected folder in order to make it temporarily changeable, it would change back to “protected” after a certain amount of time (like in “install mode”), or after some copy actions are done.

As i would interprete the meaning of “file protection”, it should be an allround protection of the folder, the same way as if i would change the security preferences in windows to “read only/no folderchanges” etc, only more comfortable.

It is true that Comodo Firewall ships with defaults allowing some Windows components to modify protected files. However, you can change these defaults. For example, since I don’t use Windows Explorer (explorer.exe) as my main file manager, and also since some malware targets explorer.exe, I allow explorer.exe to modify only files in the recycle bin without alert. Another change I made is to not allow Windows installer (msiexec.exe) to change any files without alert.

If you want a program to change a given protected file only temporarily, uncheck the ‘allow’ checkbox in the file change alert.

Well, so far it works now. I had to adjust four file managers, though. A few thoughts on this:

  • In case some attacker could place some own program, he still could delete files.
  • it quickly happens, that one klicks the controlled program (the file manager) back into some non-custom mode, so the protection will be lost
  • altering the protected files is still possible, only deleting is impossible, which is not so optimal

Playing around with windows´ security settings of folders is more versatile, but in Comodo it´s more handy.
I think, this whole idea can be improved, it´s not bad.

Edit: after applying custom settings to my main file manager, in order to prevent the deletion of files in protected folders, i cannot move any .exes anymore, until i change it back to “trusted application”.

Comodo, this whole idea is half baked! Much better idea would be a blacklist instead of a whitelist (disallow selected programs certain actions). This settings was ONLY meant to protect files, not to to hinder such basic actions like moving exes around. Come on, what is this?

Edit: I removed exe from the protected files as a workaround, hoping this is not compromising the security. Seems like i have a choice either protecting files or being able to copy exe files around.

I’d recommend using an alternate file manager, giving it the ability in CFP to change all protected files without alert. Since it’s an alternate file manager, I’m not too concerned about malware targeting it. If the alternate file manager’s exe is changed, you should receive an alert as it happens. If you’re using an alternate file manager, then you don’t need to give explorer.exe (Windows Explorer) the ability to change protected files, except for perhaps items in the recycle bin. Explorer.exe is sometimes targeted by malware.

hmm, ok then i switch it back to the trusted app mode again. Didn´t look on it yet from that side. I´m using directory opus, which is a very powerful file manager. But running it like now gives notifications eacht time i use the hotykeys or call an application. Won´t be bad if one could set a different file protection type, just read only for all other apps.

thx a lot!

Use the ‘Windows System Application’ predefined policy instead of ‘Trusted Application’ for Directory Opus. Doing so will allow you to launch apps from Directory Opus without alerts.

If you want to enforce a protection for all application use the “all application” Policy and make sure that it come before all applications you want to override.

Doesn’t CFP recognize that file managers are often (usually?) shells for explorer?

I believe CFP does not.

Then just another type of proxy hole-or really inheritance hole. :wink:

Hi guys in a worst case scenario get System Protect (free program) from Crawler LLC makers of Spyware Terminator which is a beefed up WFP (Windows File Protection) system if Comodo File/Folder Protection is
tedious to implement though effective enough :wink: I think you’ll find it’s quite capable, give it try via this link…

Regards

Xman

System Protect is good Xman, but it can be easily terminated, so, we will need a HIPS like Defense+ to protect it.

I don’t understand why the folder/files protected by CPF can’t be protected against explorer.exe or any other file managers modifications… no alerts, nothing…

You can control this in the Protected Files/Folders part of Computer Security Policy for the given file manager.