hello, here is my question: I have added the host file (C:\Windows\System32\drivers\etc\hosts) to My Protected Files, however, Denfece+ gave no notification when I tried to modify the file. Any problem with my settings? Thanks.
Safe programs are allowed to modify protected files. If you use notepad to edit the hosts file notepad is considered safe and will be allowed. If malware tried to modify the hosts file it would not be considered safe and you would get a pop-up.
In safe mode all files in Comodo’s database are considered safe + any signed programs + any in my safe files.
In clean PC mode everything not in “my pending files” is considered safe. Any new or modified programs go to “my pending files”
Thanks! I modifed it with notepad++. And that’s the problem.
Isn’t the system32 folder protected by default?
%windir%\system32\*
No, system32 folder is not included in my protected file list by default.
By default the system32 folder (%windir%\system32*) is protected. It is listed under Important Files/Folders. However, I am doubtful about the wild-card character (asterisk * ) at the end. Does it include only files in the system32 folder, or does it also include subdirectories, e.g., system32\drivers\etc\hosts?
The sub-directories are included as well.
Thanks. I feel safer now with CIS in their default settings.
Isn’t Important Files/Folders just a file group and will it be protected though it is not listed in protected files?
No, files under “My File Groups” will not be protected. You can file groups to “My Protected Files” for protection.
A safe application can edit a protected file, but it cannot create a new file to a protected folder. An unsafe application (an application that is not in the COMODO safe list and/or has not been tagged as safe by you) can do neither.
You can add “hosts file” under Blocked Files/Folders for your safe files (word processors), to block even edit access to it.
This will also block read access to the file and stop it being used.
It will not. You will be able to read the file. Only “modification” will be blocked. The only way to block complete access to a file is, adding it to “My Blocked Files”.
I have added a text file and I cannot even read it.
It should block/deny all access to the file if it is in “My Blocked”
Try it, make a new folder/file and place it somewhere(desktop), now try accessing it.
Should get an “access is denied” message :P0l
Matt
Try this pardonpan,
Go to Defence+/Advanced/Computer Security Policy->Find the entry for notepad++ and remove it.
Slide the Defence+ Settings up to Paranoid, try to modify the hosts with Notepad++
Matt
Here is what I did -
Added “F:\Notes, Documents, Worksheets,” (this is where I store all my text files) to “My Protected Files”.
1]Notepad.exe is set to “ask” action for My Protected Files/Folders.
- I modify a file in F:\Notes, Documents, Worksheets, with Notepad - D+ learns the event.
2] Notepad .exe is set to “ask” action for My Protected Files/Folders; F:\Notes, Documents, Worksheets, is added as a blocked folder.
- This time I can only read it. After modifying the file, when I try to save it, I get an “access denied” error.
3] My Protected Files/Folders is set as “allow” for notepad.exe; F:\Notes, Documents, Worksheets, is added to “My Blocked Files”.
- Cannot even open the folder F:\Notes, Documents, Worksheets, with Notepad.
I am not sure why the behaviour is different on your system.
Sorry, I thought you meant my blocked files.
You don’t see it listed as in this screenshot?
[attachment deleted by admin]
Thanks to all !!