1. What actually happened or you saw:
- I noticed there is no way to import/export the TVL inside Comodo.
- If a user has Cloud Lookup enabled, the Cloud Lookup also seems looks up the TVL in the cloud.
- Sometimes vendors are removed from the TVL. If a vendor is already in the local trusted vendors list, no additional cloud lookup or scanning is done as confirmed by this thread: https://forums.comodo.com/wishlist-cis/fully-cloud-support-for-cis-or-lightly-av-scans-also-for-trusted-files-t119886.0.html.
2. What you wanted to happen or see:
Suggestion 1: There should be an option to import/export the TVL.
Suggestion 2: In Cloud Lookup, there should be a option to enable/disable the lookup of vendors in the cloud.
Suggestion 3: There should be an updating mechanism for the TVL (once a day, once every 6 hours, etc.) which compares the local TVL to the one in the cloud, so the local TVL is fully updated accordingly.
3. Why you think it is desirable:
Suggestion 1: Some users use a customized TVL list. Sometimes, a clean uninstall and reinstall of Comodo is needed to fix things. For those using a customized TVL, it can be a hassle to redo their customized list after a clean install of Comodo, so a import/export option is desirable.
Suggestion 2: If a user is using a customized TVL but has cloud lookup enabled, there is no point because Comodo will just lookup the vendor in the cloud.
Suggestion 3: If a vendor is removed from the TVL, if the vendor already exists in the local TVL no additional checks are performed. So even if a malicious vendor is removed from the TVL, it will remain if it is already on the local TVL.
4. Any other information:
The issue with suggestion 3 is theoretical but it should be correct based on this thread: https://forums.comodo.com/wishlist-cis/fully-cloud-support-for-cis-or-lightly-av-scans-also-for-trusted-files-t119886.0.html
In conclusion, the cloud can update the local TVL with new vendors. But since no additional checks are performed if a vendor is already trusted, if a bad vendor is already in the local TVL, it will stay there indefinitely until another install of Comodo because no additional checks are performed for already trusted vendors → this gap can be filled by a TVL updating mechanism which compares the local TVL to the cloud TVL on a regular basis.