OS: Windows XP SP3 32bit updated to the latest post-sp3 Service packs.
CIS Version: 3.13.121240.574
D+ configuration: Comodo Proactive Security Defaults
D+ mode: Safe mode
[ol]- Some protected paths in My protected files defaults include a leading ?:\ wildcard to specify all drives (C:, D:\ , etc.) though D+ was unable to trigger “Protected File/Folder” access rights alerts for paths that pertained USB removable devices (USB-key disk).
-
All applications policy blocked section of “Run an executable” access right include a ?:\Recycle?* rule though D+ is unable to silently block execution of application launched from paths that pertained USB removable devices (USB-key disk) but will display execution alerts.
-
Non removable HD are not affected. I’ve not tested if other access rights that apply to USB removable devices paths might be affected
[/ol]
If an USB removable device is assigned a drive letter (eg. I:):
- It is possible to use a notepad application to create a new I:\autorun.inf without alerts.
- Launching an application whose path is I:\Recycled\app.exe will trigger an alert regarless if a related “All applications” rule is meant to silently block execution from ?:\Recycle?*
A workaround tested only on XP involve the use of \Device\Harddisk?\DP(?)\ to create additional entries with a replaced ?:\ whereas this appear to match only USB Mass storage Devices (eg adding \Device\Harddisk?\DP(?)\autorun.inf to My protected files and \Device\Harddisk?\DP(?)*\Recycle?* to All applications blocked exceptions) and not non-removable HD