OS: Windows XP SP3 32bit updated to the latest post-sp3 Service packs.
CIS Version: 3.13.121240.574
D+ configuration: Comodo Proactive Security Defaults
D+ mode: Safe mode
[ol]- Some protected paths in My protected files defaults include a leading ?:\ wildcard to specify all drives (C:, D:\ , etc.) though D+ was unable to trigger “Protected File/Folder” access rights alerts for paths that pertained USB removable devices (USB-key disk).
All applications policy blocked section of “Run an executable” access right include a ?:\Recycle?* rule though D+ is unable to silently block execution of application launched from paths that pertained USB removable devices (USB-key disk) but will display execution alerts.
Non removable HD are not affected. I’ve not tested if other access rights that apply to USB removable devices paths might be affected
If an USB removable device is assigned a drive letter (eg. I:):
- It is possible to use a notepad application to create a new I:\autorun.inf without alerts.
- Launching an application whose path is I:\Recycled\app.exe will trigger an alert regarless if a related “All applications” rule is meant to silently block execution from ?:\Recycle?*
A workaround tested only on XP involve the use of \Device\Harddisk?\DP(?)\ to create additional entries with a replaced ?:\ whereas this appear to match only USB Mass storage Devices (eg adding \Device\Harddisk?\DP(?)\autorun.inf to My protected files and \Device\Harddisk?\DP(?)*\Recycle?* to All applications blocked exceptions) and not non-removable HD