Suggestions to improve flexibility/consistency of Trusted Vendors List

Comodo Internet Security - CIS Waiting Area (Please Cast Your Votes) - CIS
1

1. What actually happened or you saw:

  1. I noticed there is no way to import/export the TVL inside Comodo.
  2. If a user has Cloud Lookup enabled, the Cloud Lookup also seems looks up the TVL in the cloud.
  3. Sometimes vendors are removed from the TVL. If a vendor is already in the local trusted vendors list, no additional cloud lookup or scanning is done as confirmed by this thread: https://forums.comodo.com/wishlist-cis/fully-cloud-support-for-cis-or-lightly-av-scans-also-for-trusted-files-t119886.0.html.

2. What you wanted to happen or see:
Suggestion 1: There should be an option to import/export the TVL.
Suggestion 2: In Cloud Lookup, there should be a option to enable/disable the lookup of vendors in the cloud.
Suggestion 3: There should be an updating mechanism for the TVL (once a day, once every 6 hours, etc.) which compares the local TVL to the one in the cloud, so the local TVL is fully updated accordingly.

3. Why you think it is desirable:
Suggestion 1: Some users use a customized TVL list. Sometimes, a clean uninstall and reinstall of Comodo is needed to fix things. For those using a customized TVL, it can be a hassle to redo their customized list after a clean install of Comodo, so a import/export option is desirable.
Suggestion 2: If a user is using a customized TVL but has cloud lookup enabled, there is no point because Comodo will just lookup the vendor in the cloud.
Suggestion 3: If a vendor is removed from the TVL, if the vendor already exists in the local TVL no additional checks are performed. So even if a malicious vendor is removed from the TVL, it will remain if it is already on the local TVL.
4. Any other information:
The issue with suggestion 3 is theoretical but it should be correct based on this thread: https://forums.comodo.com/wishlist-cis/fully-cloud-support-for-cis-or-lightly-av-scans-also-for-trusted-files-t119886.0.html

In conclusion, the cloud can update the local TVL with new vendors. But since no additional checks are performed if a vendor is already trusted, if a bad vendor is already in the local TVL, it will stay there indefinitely until another install of Comodo because no additional checks are performed for already trusted vendors → this gap can be filled by a TVL updating mechanism which compares the local TVL to the cloud TVL on a regular basis.

2

:-TU :-TU

3

:-TU :-TU :-TU :wink:

4

Thank you for submitting this Wish Request. I have now moved this to the WAITING AREA.

Please be sure to vote for your own wish, and for any other wishes you also support. It is also worthwhile to vote against wishes you think would be a waste of resources, as implementing those may slow down the wishes you would really like to see added.

Thanks again.

5

Some people don’t use the trusted vendors list at all but only grant permissions to individual applications. This list of trusted vendors is by far too long for my taste.

If exporting, manually editing, and re-importing the trusted vendors list is the way to achieve this, why not have this feature…

In my view, there is only one important use case for trusted vendors: the operating system and its updates. If one would not trust some critical components signed by the operating system vendor, some updates may lead to unbootable systems as there is no way to permit the newly-installed programs/libraries before the user desktop comes up.

Cheers,
–j.

6

■■■■, this has a part of content that I wanted to report in my own wishlist.

In particular I’m interested in option #2 because I’m using a custom TVL myself that I don’t wish to change. The reason is I’m running HIPS in safe mode, and I do not wish to see popup alerts for common programs like the system-related things of Microsoft Windows (so I added Microsoft to the list after purging it). Unfortunately CIS10 will sometimes (anti-virus scans) silently add new entries to this list, which will in turn add new files to the trusted files list, thus disabling the HIPS protection on them. I’m voting yes because I believe this would improve the usability. If anyone is interested in this issue, here is my existing thread about it:

https://forums.comodo.com/defense-sandbox-help-cis/i-need-a-divorce-lawyer-for-trusted-files-list-and-comodo-rating-t120375.0.html

Cheers!