I apologize for having to disagree with basically all of you. The white-list (or safe-list if you prefer) does not grant special privileges to applications recognized as safe:
"Application Recognition Database (Extensive and proprietary application safe list)
The Firewall includes an extensive white-list of safe executables called the ‘Comodo Safe-List Database’. "
…
“The Firewall can recognize thousands of safe applications. (For example, Internet Explorer and Outlook are safe applications). If the application is known to be safe - it is written directly in the security considerations section along with advice that it is safe to proceed. Similarly, if the application is unknown and cannot be recognized you will be informed of this. Also click on the Threatcast Rating tab to see how others have reacted to the same alert.”
So, it is used to alert the user (that the application is safe, and it may be safe to allow it). It is not used to bypass the Computer Security Policy.
Also, when Clean PC mode is enabled when the product is installed the first time and either the malware scan passes (or any detected threats are removed) or the user selects that they are sure that the PC is clean, the Computer Security Policy is updated to grant certain rights, etc., to applications already on the drive, and these applications will appear in the Computer Security Policy. These additions are not hidden, so if they are removed from the Computer Security Policy, then the same application, when executed following its removal from the Computer Security Policy, will no longer have the rights that it previously had. By design, then, alerts should appear for that application being executed after it has been removed from the Computer Security Policy (depending, of course, on what mode Defense+ is set to – Training Mode would not result in any alerts).
There does seem to be a bug on this system, as I have the same version of Comodo Firewall protecting another computer, and it is also set to Clean PC mode and does alert me when I execute HijackThis from the UBCD4Win CD; also, it alerts me numerous times as HijckThis scans the computer and when it tries to modify the registry. What’s more, HijackThis is not allowed to modify this protected registry key (\Software\Microsoft\Windows\CurrentVersion\Run) without my permission.
However, even on this other computer, regedit.exe is allowed to modify the protected registry key listed above without my permission (a policy for this is added to the Computer Security Policy when the registry edit attempt is made). So, on the second computer, regedit.exe is allowed to do what appears to violate the Computer Security Policy, but HijackThis.exe is not (without my permission).
Does anyone know what the “System” application listing is that appears in My File Groups under Windows System Applications? It has no path, and there is no Windows “System” variable defined on this computer or on the other computer (as the “set” command would reveal).
Regarding the topic of this post, I suppose that I have to conclude that the installation of Comodo Firewall on this computer is buggy, and I need to remove the program, clean the registry, etc., and reinstall it. I conclude this since the product is protecting the other computer differently than this one even though the Defense+ configuration on each is the same.