Stop particular program isolation

I develop Windows Open Source programs on my PC with CIS installed. Obviously, every time I make a change and recompile a program, it looks different to CIS and it isolates it and I have to quickly click on “Do not isolate next time” - but as soon as I recompile it - it does it again!

Is there any way I can tell it to ignore all particular programs (e.g. ‘xyz.exe’) in a particular directory (e.g. “D:\Development\VC”) and its subdirectories (as I may have multiple versions under development at any time)?


Yes, CIS drops the ball in situations like this… :-\

Trusted status becomes moot if the application has changed, and creating a path based exclusion in the AV doesn’t do the trick either.

Currently, the roundabout solution to get CIS to leave files that are frequently updated alone is to change the applications security policy to Installer or Updater.

I have made a wishlist post for this very reason.

Sandbox should accommodate constantly changing applications/files

Many thanks - sorry I didn’t respond earlier when I was notified of your reply.

Is there any way to get your wish list implemented by Comodo - hopefully very much sooner than later - like now! :smiley:

It really is a pain!


This might not be the right place to ask this but when I scan with malwarebytes and superantispyware defense + says it has blocked 2 intrusions. What do I need to do to not get them blocked ? :slight_smile:

You should always disable your realtime AV scanner when running scans from another product. Otherwise the realtime scanner is trying to scan every file the other product is trying to scan, which can cause problems.

Thanks for the reply. Do I have to disable Defense + when scanning with malwarebytes and superantispyware?

No, just the AV.

Thanks very much for your help…I love Comodo and this forum. You guys are awesome. ;D

To continue my original post, I now find that my latest project won’t even build with Visual Studio because of Comodo! This project has assembler code as well as C code and the way VS2010 seems to cope with this is to create a temporary command file to run the assembler. This temporary command file has a different randomly generated name each time and always fails - until I turn off Defense+. Similarly, the VS project has pre and post build scripts that AV takes exception to.

So now - I have to turn off AV to run my programs that I am developing/supporting and I have to turn off AV and Defense+ in order to build them!!!

I am not happy >:(

Whilst I really like Comodo Internet Security for normal usage - it is a real pain for anyone developing applications!

I wish that they would provide some way to solve this without compromising the protection it provides - like allowing the user to designate secure directories to ignore checking each program being run from there (that would probably solve the pre & post-build scripts and often changing executables each time they are re-built to test). I am not sure how to solve the VS2010 approach to assembler code (I don’t think I can force the generated temporary command file to be in the same directory structure).

Please try the workarounds as described in App. is not working correctly, but does not seem to be s/boxed. What to do? [v5] and see if that brings a solution.

For working with compilers, if I recall correctly, it is best to give the VS2010 executable the Installer/Updater policy.

Thank you re: comment about compilers - except that it didn’t work. I have set the Installer/Updater policy for the VS2010 assemblers (ml.exe and ml64.exe) but I do not know which executable generates the randomly named command file by the IDE that then executes it and fails (sandboxed). So no luck there. The standard C compiler does work - just not if the project has assembler modules too.

Unfortunately, the number of possible executables, DLLs and scripts in the VS2010 directory and sub-directories make it too onerous to follow the workarounds described in your link and may not apply anyway as Comodo says that the command file has been sandboxed (the link refers to items that seem not to be sandboxed). I tried adding the whole VS2010 directory to Trusted files as per this link but, as it seemed to be adding every single file [even non-executables] I aborted it.

So it is still disable AV & Defense+ every time. :frowning:

Do these randomly named files occur in one or a limited set of folders? Then make these folders Trusted.

Thanks for continuing coming up with ideas but, unfortunately, VS2010 seems to create them in my temporary directory (C:\Users<username>\AppData\Local\Temp) and I really don’t think that this is a good candidate to be made Trusted!

Can you change the folder where VS2010 creates its files? Then you can make that folder Trusted.

May be this post is of help for you.

After much discussion with the MS Visual Studio Team (and raising two bug reports in related areas!), by changing the assembling of these source members from “MS Assembler” to “Custom Build”, I have managed to bypass the use of the temporary directory completely and so bypassed this issue.


Thanks for reporting back.