setting explorer replacement programs as trusted...

… means You trust EVERYTHING you ever run from within this explorer replacement program…

Now, that’s what we call one MAJOR BACKHOLE.

Problem : Comodo’s cloud will keep on setting your explorer replacement program as a trusted application, meaning that whatever you start from within it is being handled as FULLY TRUSTED … 88)

Result : You have to keep your explorer replacement program as a sandboxed program with limited rights, resulting in SERIOUS PROBLEMS guarenteed.

What explorer replacement program are we talking about here (it looks like your topic got split from another topic)? What is the exact scenario of actions? Starting a program from Total Commander?

In my example it’s “Directory Opus” on Windows7 64bit.

If this explorer replacement is set as “trusted” I can run ANYTHING from it, I get no single pop-up and no single rule is created.

For a test, I removed it from both “Trusted Files” and “Trusted software Vendors”, I completely closed it, and restarted it, resulting in this scenario :

The explorer replacement is added to the list of “Unrecognized files” and AGAIN, we are able to run ANYTHING from inside it, no single pop-up, no single rule created. :-\

I expected it would pop-up and create rules to both start up these other applications from within Directory Opus and add them to the “Run an Executable” list AND a popup and a rule created for the spawned process, but NOTHING, not a single pop-up, not a single rule.

BTW : “Safe Mode” AND “Paranoid mode”.
In “Paranoid Mode” I get some popups from background windows core elements like the Media Player Service trying to do some stuff, but nothing at all for everything that is started from within Directory Opus.

Sorry you are having this problem

Please check to ensure that it is not defined as an installer/updater in the computer security policy, or running as one in the Active Processes List.

Please also append a screenshot of your active processes list showing Directory Opus running a program, and the associated defense plus event logs. Make sure all information is visible.

Best wishes

Mouse

What do you mean with Trusted? Did you give is the Trusted Application policy in Computer Security Policy?

A program with Trusted Application policy is not allowed to start another application without alert unless both applications are safe applications. Only in Paranoid Mode it would not be allowed to start any other program without permission.

For a test, I removed it from both "Trusted Files" and "Trusted software Vendors", I completely closed it, and restarted it, resulting in this scenario :

The explorer replacement is added to the list of “Unrecognized files” and AGAIN, we are able to run ANYTHING from inside it, no single pop-up, no single rule created. :-</blockquote>Several observations here:

  • You did not remove the programs from the list of applications Directory Opus is allowed to start; the list is in the policy of Directory Opus in Computer Security Policy
  • You’d better disconnect from the web as the cloud look up white listing will interfere
I expected it would pop-up and create rules to both [b]start up these other applications from within Directory Opus[/b] and add them to the "Run an Executable" list [b]AND[/b] a popup and a rule created for the spawned process, but NOTHING, not a single pop-up, not a single rule.

BTW : “Safe Mode” AND “Paranoid mode”.
In “Paranoid Mode” I get some popups from background windows core elements like the Media Player Service trying to do some stuff, but nothing at all for everything that is started from within Directory Opus.

Do you have “Create rules for safe applications” enabled in Defense + Settings?

I had everything done correctly as I should, no auto-trusting, I do NOT have “create rules automatic for trusted…”.

Since switching back and forth between Safe & Paranoid mode and some reboots inbetween, it has picked up and now “asks” if I want to run a “new” application from within Directory Opus.

So I think I can conclude not to trust on Comodo IS, I’ve uninstalled it, and it’s not coming back.

Thanks for the help guys. :wink: