I could be wrong here, but I believe that if a file is known to be safe by Comodo the rules for it will automatically be created. This explains why the programs appeared in the ‘Network Security Policy’ under custom. I checked my own rules and there are entries for many programs that are safe and I have never seen a pop-up for. Among these are Malwarebytes, Comodo, Microsoft Office, …
This behavior will not be repeated if a file is malicious. It will only do this if the file has been tested and confirmed to be safe by Comodo or the publisher of the file has been tested and confirmed to be safe by Comodo. Any unknown application will cause pop-ups.
I don’t trust anyone, not even Comodo itself: i emptied the trust list (excepting Comodo, it is impossible), because it is my decision to allow or deny something, and because no security software is smart enough to know what i do with some application, and what my neighbour does with that same application, which might be very different.
In these conditions, defense+ should maybe not be set to paranoid, very difficult to cope with, but at least to security, while the firewall should be set to custom since comodo “learns” bad.
But still, when a rule is first created, the first thing to do is to make of it a global rule adapted to your needs:
i see no reason to allow dns requests for my mail client outside of the dns of my isp, and i should write it.
I don’t want to hear about Netbios, and when the first request asks me what to do for port 137 with scvhost or system, i also deny 138,139 (and 135+445, even if not strictly Netbios).
The same goes for java: you can deny or ask internet protocols for whatever protocol, port, or range of ports you wish, and you can edict a defense+ rule asking or forbidding the use of java for whatever application or system call you wish.
CIS will only make rules when malware could successfully produce a signed executable at the name of a publisher that is in the Trusted Vendors List (I haven’t heard of any such thing) and if Comodo added a malware file to its white list by mistake.