question about SAFEMODE and its whitelists...

hi guys

Just making sure things are ok on my side… i recently just CFW 2013 setup and I set it to safe mode…
in my understanding, this mode lets all the CERTIFIED safe applications thru the FW but asks me for other apps that are not certified yet…

This is perfect for me (as w/ many other users) as I would need to block only a few apps…

However when i was on this setting, i noticed that several of my apps where getting thru (in and out) , those of w/c i wanted to block… the FW never asked me for the rules…

Now I could assume that the apps are whitelisted/certified already by Comodo, however there are apps that i’m almost certain COmodo doesnt know about yet… but still go thru…

I will list a few of these apps in a bit, but for now i’d like to know:

  1. how does comodo know if the app running is certified? is it a hash like record for each and every application it certified out there? or is it some sort of algorithm ?

  2. if it’s a whitelist/appname/hash string/etc, where is this located? on the comodo servers or locally on every install, and updated from the servers/cloud from time to time?

  3. is there a way to edit this list for myself?

Regards to all

Comodo trusts files which are digitally signed by vendors which they have verified. These can be found in the Trusted Vendors List (TVL).

Comodo also trusts files by hash. That means that many individual files, even if they have no digital signature, will also be trusted. Some of these hashes are kept locally, but the vast majority are located in the cloud.

In terms of editing it yourself, you can change which vendors are in the TVL. However, you can’t affect the whitelist itself in anyway. What you can do however, if you wish, is select the option to create rules for safe applications. This will allow you to make rules for even those files which Comodo automatically trusts.

Is this helpful? Please let me know if you have any other questions.

Thanks.

hi Chiron

that was very helpful. thanks.