submit file out of antivirus warning UI = default allow as trusted application

when you get a virus warning, and you press IGNORE, SEND TO COMODO AS FALSE POSITIVE,

this file is not put in the list for exceptions.

this file is put in the list for TRUSTED APPLICATIONS! and if the user was wrong with thinking, it might be a false positive, comodo prepared everything for a silent infection.

that a user decides to send something to comodo for verification has nothing to do with trust in the sent application.

The key word here is ignore. You’ve just told CIS that you want to ignore this file. There are only two ways CIS can accomplish this task. Either by excluding, or trusting the file.

With the AV, you can add a file to the exclusions list if you don’t want it scanned for whatever reason. This isn’t possible with Defense+. To exclude something from Defense+, you add the file to the trusted applications list.

When you think about it, there really isn’t much difference between the two. If you’ve told CAV to exclude a file from scanning, that is because you trust the file. Correct? :wink:

there is a BIG difference.
to have something keept from beeing scanned and “found” by the antivirus is something totally different than to have it totally allowed by defense+! just to name the happening false positives as example. i just dont want to be annoyed, but i still want to have the control what this files can do.

if i choose IGNORE, a virus should not be able to infect my computer until defense+ is told to allow it to execute (thats what default deny means. defense+ is default deny. SUDDENLY in this case, you produce a default allow by clicking something else).
if i choose IGNORE AND SEND TO COMODO, my computer can be infected without any question from defense+!
but i didnt answered a question from defense+, i only answered a question from antivirus.

this is totally misleading and dangerous. an answer for antivirus is not meant for defense+!
IGNORE should put things in ignore list. it should not give this things more rights than what i would give usual programs myself. the keyword might be IGNORE, but TRUSTED is something totally different.

when you choose to ignore the opinion of your friend (antivirus) about a random person on the street, do you want to trust blind in anything this random person does from that moment on, whenever this person wants?

Even if the file is on the Trusted Files list when it is ruled a virus it will be caught;

When an executable is first run it passes through the following CIS security inspections:

Antivirus scan

Defense+ Heuristic check

Buffer Overflow check

If the processes above determine that the file is malware then the user is alerted and the file is quarantined or deleted

An application can become recognized as ‘safe’ by CIS (and therefore not sandboxed or scanned in the cloud) in the following ways:

Because it is on the local Comodo White List of known safe applications

Because the user has added the application to the local ‘Trusted Files’

By the user granting the installer elevated privileges (CIS detects if an executable requires administrative privileges. If it does, it asks the user. If they choose to trust, CIS regards the installer and all files generated by the installer as safe)

Additionally, a file is not sandboxed or sent for analysis in the cloud if it is defined as an Installer or Updater in HIPS policy (See Computer Security Policy for more details)

Src: Unknown Files: The Sand-boxing and Scanning Processes in the online help.

at EricJH

if that would be right, then everything could be trusted by default, and we would be safe though. this is not the case, obviously.

i dont understand why you try to explain, why it should be normal to have something put as trusted, when it is sent as a false positive to comodo. i dont trust a program just because comodo flags it false as a virus.
i just want to keep the antivirus quiet, aka exception list and informing comodo.

if ignore would mean trust for you, why do you have among the choosings:

  1. ignore one time;
  2. put in trusted list;
  3. send to comodo;
  4. put in exception list

if you choose “send to comodo”, you dont choose any “put into a list”. and because there are choosings for that, the user dont expect this choosings are made without his consent!

EXAMPLE: autorun exe, flagged as virus, sent as false positive, executed as trusted. any questions?

This is something to be added to the wish list in Wishlist - CIS.