You’re welcome.
But I think we have something that can be vulnerability:
1- Every program that we installed goes the two groups: 1-Trusted 2-Not Trusted
Some of programs that even we don’t trust them we need to get out of sandbox ,
because in sandbox they can’t work they job (like Unlocker or patches)
Still you can run a custom policy for the program and when needed notch up D+ to Paranoid.
CIS will also protect various executables from being tampered with (.exe, .dll, .sys, ocx, .bat, .pif, .scr, .cpl, .com and .cmd). That means that unsafe applications cannot mess with drivers or executables from f.e.Unlocker. It is basically impossible to make an installed application go rogue.
When you are saying patches are you referring to things from the Dark Side? There is only one way to treat that kind of things and that is listen to your AV, switch D+ in paranoid, study what it wants to do and then start searching Google on the whereabouts of that patch/■■■■■. Or if you are a real techie reverse engineer the patcher, or try it in a virtual environment and see what it does, or use a restore tool like Time Machine or similar products.
Sandboxing and whitelisting are tools only meant for convenience while maintaining a high level of security. It sounds like you want the best of both worlds: convenience and even higher levels of security. At one point, like messing with goodies from the Dark Side, you gotta take control. CIS will give you the tools to take control but the user needs to man up and make decisions to questions CIS will fire at you.
Those programs we trusted them or we need to run it (even we don't have trust) ,
Indeed we don't want to do every thing specially we don't want change in our security
There is always Paranoid mode when dealing with files you don't trust. CIS gives you the control but you will get decisions to make.
For example when I install nero I trusted it to do his normal work ,
But I don't want it do unusual thing that can harm my security vendors
Hash checks confirm you are using the real Nero assuming it is whitelisted. CIS protection as described in the above makes sure Nero's files cannot be tempered with by both Untrusted files and Trusted files (assuming here we can trust Comodo's white list or user decisions about installing drivers). I am assuming that Nero has no bad intentions like tearing down security programs. Unless you are using a patched version of Nero that you didn't check and monitor; then again it would be user error.
You can see two group of programs have full access to CIS without we want it
It can be dangerous for CIS because of apps mistakes and even malware
Regular apps don’t behave like that. That is done by either the user who tells Unlocker to delete the CIS installation folders (user error; no nanny here to tell the user not to do it) or by malware (which could be the result of a user mistake or just bad luck).
For example I download one file that I have trust it but in fact that file changed to be malicious and I don't know that and I make it trusted file
It is my wrong but I don’t want to loose my security vendor
You would have received a warning because the file is not known to be safe and you had the choice. It is hard, but you are s* out of luck here. It can happen to the best of us.
I think we don't need to allow full access to other programs (Those programs can read files but can't right or delete)
That is better option would make CIS stronger
The better option is you taking more control by using custom policies and/or putting D+ in Paranoid Mode and the firewall in Custom Policy Mode.
You may also consider giving up the idea a security program can prevent each and every user mistake like willingly trusting a file you should not be trusting; in that case only signature based solutions can help you. But signature based solutions have a hard time keeping up with the big amounts of malware being produced these days.
That being said. No matter how smart things get, there is no such thing as 100% security guarantee.
Each alert gets logged.
You can allow something but make a report that thing happened
Make Ask+Log type of rules where needed. It is already facilitated in CIS.
I mean when something important happen to CIS (Like his files or quarantine changed with other programs)
Remember that this is blocked unless a program has a driver doing this. Once a driver is running, with a technical term the program has kernel access, it is basically end of exercise for any security and non security program; anything can be done. Driver installation is always the result of a user consenting somewhere in the chain of decisions.
Comodo know that and allow it but It can make report what happened
I think it is save and good option
=====================================================
I don’t know we need wishlist or not
Anyway I came here to be useful for Comodo
Thanks friends
I am under the impression you want to be corrected for decisions like willingly trusting a program you should not be trusting (patches, cracks…). CIS gives you the tools to assess programs behaviours when you take away whitelisting and sandbox; but you need to make decisions there and may make mistakes.
Even anti malware detection is not going to always help you as detection is falling behind with the big amount of malwares produced these days.