Hi all! I have the installer of my program, written in Delphi. It adds some values in registry key HKLM\System\CurrentControlSet\Services\lanmanworkstation\parameters. It adds them by executing ‘regedit /s file.reg’ from the installer. As I see, this key must be protected by Comodo (HKLM\SYSTEM\ControlSet???\Services* is present in ‘My protected registry keys’). I was really suprised that Comodo does not see these changes, made by the installer (no popups).
Is this the correct behavior of Comodo or a bug?
Comodo 3.9.508, Defense+ Security Level - any (tried Clean PC, Safe Mode, Paranoid Mode)
Windows XP Professional SP3
An application considered safe (this depends on safe or clean PC mode) is allowed to run regedit.exe as regedit is considered safe. Regedit is allowed to change the key as it is considered safe. If an unsafe program tried to run regedit you would get a pop-up from the image execution control saying something is trying to run regedit.
The installer is an unsafe program. Image execution control is ON (Normal level). When I start the installer, COMODO adds the installer and regedit.exe to ‘Defense+\Advanced\Computer Security Policy’, but I get no pop-up.
recheck your Defense+ computer security policy
the regedit.exe, protected registry keys, Exception settings, in the Allowed registry keys includes the key
HKLM\SYSTEM\ControlSet???\Services*
recheck your Defense+ computer security policy
Your installer, Run an executable, Exception settings, in the Allowed Applications includes the Application path
%windir%\regedit.exe
Clean PC Mode will automatically Training the action. (includes Run an executable and registry keys. but files/folders mostly based on my pending files Function)
Clean PC Mode, Safe Mode, Paranoid Mode share the security policy.
if you run Clean PC mode first, this changes also preserve to Safe Mode, Paranoid Mode.