I was going to install a new version of a program so I clicked on Defense+ [Switch to Installation Mode] but I still get Defense+ pop ups. Why is that?
Wait until you get the first popup, select “updater or installer”, then OK “switch to installation mode” to minimize the popups.
Why do you have to wait for the first pop up? Seems that telling it before hand would make more sense.
Most people will not think to open the GUI and click on “Switch To Install Mode” . They will just start installing something the the D+ pop comes up and they click installer mode. So its not nessary to open up the GUI and click install mode. Its kinda like a fail safe. If you click on install mode in the GUI then you are second warned by the D+ pop up. Its kinda asking you " Are You Sure You Want To Install This?".
I have had pop ups both ways. I don’t mind the pop ups but some times they cause to install to lock up.
If you click the install button you should not have any pop ups while installing. If you just click allow you will. When D+ gives a pop up while your installing something the simply put a check mark next to installer/updater. Then Comodo will bring up anoterh box that says " Do you want to switch to install mode? " (R)
Please read what I have posted. I have tried clicking on[ Switch to Installation Mode] before starting installation. I have also tried after first pop up asking. It still causes problems.
Ok I agree. Happened to me last night when installing new video card drivers. I switched back to ZAAS and all is well.
You will get another popup if the original installer spawns yet another installer-can you check it the popup shows a different application than the original you designated an updater or installer?
I am aware of how everything works. I could not even install Windows updates without being hit with pop ups even after going into install mode.
I love Comodo dont get me wrong. But you literally have to watch it when ever your installing something. I am on XP and there were 7 Windows updates when I got home. I literally had to sit there and click allow,allow. I want to install something and walk away. I should not have to baby sit a firewall. After the Windows updates then I uninstalled my Nvidia drivers and once again hit with a D+ pop up. Then when installing the new drivers more D+ pop ups. I did the same thing on my laptop using ZAAS and it was a breeze.
I also got popups with windows update, every time a new installer came up. I just declared each new one an updater or installer and got no more popups until the next one. Install mode doesn’t seem to suppress everything.
Well then I guess we have a bug. (:NRD)
The way Installation Mode appears to work from the description given in the help pages, is that child processes spawned from a parent process inherit the same D+ security policy as the parent while in Installation Mode.
Whilst reducing the number of alerts it will not eliminate them. In any situation where the parent process would have triggered an alert, so will the child process.
I too have experienced a number of problems during installation. Especially problematic has been Windows XP automatic updates, which are set to take place overnight when I’m not around.
Looking at the D+ Events Log, most of the failures were caused by Protected Files/Folders alerts where attempts to modify the contents of system folders was denied. The failures occurred using the Optimum Security profile, which provides comprehensive protection but IMHO is too restrictive for trouble-free software installation.
With the release of v22.214.171.1245, I have now switched to using the new Leak Protection mode, which although not as comprehensive is much less restrictive. Only time will tell whether the new Network Security profile eliminates software installation failures.
All I require from a firewall is for it to be an excellent firewall and not a complete security solution. I already use another HIPS in the form of PC Tools ThreatFire, which is much quieter than D+ and doesn’t cause problems during software installation.
Good response. I am now using ZAAS. Do you like Threat Fire?
I love Comodo also but hate these problems when I want to install something so I now download the updates then disable Defence+ after disconnect from the internet and leave them install without having to watch for alerts.
Yes, I do like ThreatFire. It seems to run alongside CFP without any problems, plus it’s free. Some users have reported a slowdown in browsing after installing ThreatFire but I haven’t experienced that myself.
The main reason I installed ThreatFire was so that I could disable D+ and still have HIPS protection when manually installing software. Couldn’t prevent those automatic updates from failing though.
I’m pleased to say that since reinstalling CFP in Leak Protection mode, D+ has been much quieter and (so far) hasn’t caused any further problems with installations or updates. Now that the level of D+ protection has been reduced, I think I’m going to keep ThreatFire running alongside CFP, just to provide a little extra protection.
BTW I’ve just installed the new version 126.96.36.1994 and it seems better than the previous version with some new bugs fixed. Looks like COMODO are starting to get it together.
peterg. Are you saying that you are running Comodo with D+ enabled along with ThreatFire now?
The problem with a HIPS like D+ is that by default it will likely interfere with any installation. This is why, when they first brought it up, many of us requested some sort of installation mode/setting, wherein it would only watch, log, but not interfere. However, we wanted (as a security feature) for it NOT to disable the entire HIPS, so that if some malware tried to run (or get installed) during the install process, we’d be alerted.
Comodo was apparently not able to provide what I envisioned in my mind, but I think they did a pretty good job anyway. Install mode is not intended to disable the HIPS, but only cut the alerts for each install execution to several layers deep (including after reboot). If a separate install execution is spawned by the process, this is not covered, and would generate a new popup.
Remember, D+ is not a signature or heuristic-based HIPS; it’s entirely built around monitoring all activity that occurs and defining a response based on the existing criteria as defined by the User. Many HIPS, including Threatfire (formerly CyberHawk) are signature and heuristic-based, rather than all activity. They will by default be much quieter during installations, as they don’t really “care” what you install unless it appears to be doing something hokey.
Anyway, all that said simply to say that I don’t think this can be defined as a “bug” because it’s doing what it was designed to do. I’ve yet to see it give an alert on anything it shouldn’t during an installation, including for Windows Updates. But, that’s just me…
Yes, I am running ThreatFire alongside D+ and have not experienced any problems as a result.
I’m aware that there is always a potential for security applications to conflict with one another, especially when they are performing a similar function, but this hasn’t happened in my case. There have been no conflicts between the two and no adverse impact on performance.
Because ThreatFire is what is sometimes called “smart” HIPS and D+ is “classical” HIPS they are complementary. I certainly wouldn’t advocate running a second classical HIPS application alongside D+ though, as this would be unnecessary and pointless duplication. The classical HIPS implementation in D+ is very comprehensive, so IMHO nothing useful would be gained by adding another program of the same type.
As I’ve already said, the main reason that I’m running the two together is so that I can switch off D+ during software installation and still have HIPS protection. Also, because ThreatFire works in a different way to D+, it’s useful for a second opinion and additional confirmation of the possible existence of a potential threat.
Just to be clear, I’m not recommending this approach to other people. Everybody has to try things for themselves, according to their own requirements, and come to their own conclusions about what works best for them.