safe vs trusted

Is it safe to make “safe files” trusted? What do I lose except autocreated rules? Will I need these rules in future?

ps: Defense+ purpose is to protect from malware, right? If some app is known to be non malware, does it need any restrictions from defense+?

If you know a file is safe, it is okay to mark it as a “Trusted App”. Every time you run it, it will have access rights to everything listed in the D+ Access Rights except being able to run another executable(it will prompt you to allow or block it).

If you are using D+ in Safe Mode, D+ will look the executable up on its white list to tell you if it is considered safe or not. If its not on the white list, it doesn’t mean it’s not safe, just not on the list. Then it is up to you to decide if you think it is safe or not to have restrictions. I leave most of my apps in Custom Policy and just let them access what they need to.

What I am trying to get – policy table that I can periodically check and edit (it is impossible with 100-200 custom policies) or some kind of “set and forget” configuration, without many annoying alerts on legitimate actions (and without big loss in security).
For example, a simple “open file” dialog generates at least 2 alerts: direct disk access and access explorer.exe in memory.
Maybe Clean pc mode is for me?
Also, looks like defense+ doesnt check file hash on execution, this is bad…

use d+ training mode while you use your normal apps. d+ will learn what the app is doing. and it does check the hash.

Training mode is no protection mode so it is not a choice. And why do i need to let d+ learn if instead i can just mark app as trusted.

D+ in training mode is a good choice for safe new apps that are executed and you won’t get any alerts. after you’re done with using the program the first time you just put D+ back into its previous mode. marking safe apps as trusted is fine too. it’s what you prefer.

that’s part of a HIPS program. it has to learn what is safe and build a white list for your PC. COMODO is aiming at reducing D+ pop-ups.

About hash checking, I dont see it or where it is implemented. When I change and run some executable, comodo dont say that it was changed and dont ask to use existing rules or not.

You should enable Image execution control for hash control work. Set it to normal under Defense+ → Advanced → Image Execution.
Also this feature works only for matching executables with Comodo safe list. All rules are created for paths, so if you want to be sure some application is not modified by malware - put them in protected files list.