I have put a single file for testing in “My Protected Files”.
I have a version WinHex that Comodo Defense+ will not detect as safe.
Sandbox on, default settings or “Automatically trust files from trusted installers” off.
1 Defense+ Alert pops up: Winhex global hook on itself.
No matter what I do, block, allow cancel, whatever.
SandBox pops up informing about status.
Now I open my protected file for editing and I can freely save and modify it.
It is not Virtualized or Protected in ANY way…
I tried. I made an innocuous txt file a protected file. I tried in Internet Security and Proactive configs with sandbox enabled and D+ in Safe Mode. Allowing of denying global hook was of no consequence. I could change the file.
With Sandbox disabled and the same settings as described before I would get an alert when trying to save.
Before testing the above I tested the following and with hindsight it interestingly differs.
I put an innocuous text file in the system 32 folder. I loaded the text file from system 32, edited and tried to save and failed.
I tried in both Internet Security and Proactive Security with both allowing and denying the Global Hook. D+ was always in Safe Mode. I let is sandbox in all scenarios and I couldn’t save the changes.
I am on Win 7 x32.
It looks like protecting a single file fails where protecting a complete folder will work.
Didn’t egemen post sometime previously that the user physically making a change to a file will always be allowed, but another file trying to alter that file would be flagged? I can’t find it, but I thought he did.