To Melih, two suggestions about CLEAN PC MODE

  1. In default rules of a safe file, we can be allowed to set our own operating mode. for example, let us set all d+ entries into “ask”. Now the CIS’s default rules are “allow” except “execute other files, modify registries and files”, however, I think it’s not safe. At least, I think “windows and winevent hook” should be set “ask”

  2. Maybe CIS’s training mode should can get a change. In details, I hope CIS can generate a specific rule, not a rule with “*”, When it is learning to modify registries and files.

I agree with both of these.

Nobody regard what i suggested is necessary?

I have been campaigning for these sorts of changes but my words seem to fall on deaf ears.

I think it works this way so that if a user that has no idea how defence+ works updates an existing application and the new version is not in the safe database then there is less chance of the user getting a pop-up if the new version does something monitored by defence+ that the old version did not already do.

It is a shame it has to work this way for everyone.

As I’ve said and asked before on other forums, please provide me proof that CIS can be bypassed in “Clean PC Mode” (therefore, when the PC starts with no malware whatsoever).

Thanks very much!

for example:

Firstly, my web browser learned a rule of “allow to modify files: *.dll”

Secondly, when I enter into some website with malware of dll.

At last, because we know that “windows and winevent hook” is allowed in “Clean PC Mode”, so my web browser will be hooked by that malware dll-file, and then my confidential info would be leaked by my web browser.

[b]I believe that COMODO really want to let safe programme learn the rules of modifying files and generate a pop-up when the safe programme attempt to create a new exe-file. However, in fact, because automatically learn the rules with wildcard character *, COMODO can’t give popups when an unknow executable files is created.

Is it not a defect of COMODO?[/b]

And if COMODO is able to learn a specific rule, not a rule with wildcard character *, I think this problem could be easily solved.

Proof would only come when you have a virus active on your PC and then it is too late.

What is annoying is that you can see what looks like security holes and the only thing stopping you fix them is you cannot choose yourself which boxes you want ticked, the developers decide for you.

This is good for people who do not know what they are doing but it would be nice to be able to override things.

Paranoid mode is not an option. The only use I can think of for paranoid mode is for installing new software to make sure you get pop-ups.

You can test it virtualised. Thanks for doing it if you do!

What you said is sophisticated. Yes, now I can’t find it, but it doesn’t mean that there isn’t. As a fact, if my web browser Secretly download a malware of dll-file without COMODO’s popup, and then install this global hook, it’s dangerous for my confidential information.

Then use Sandboxie and configure it appropriately. Sandboxie and Comodo Firewall with Defense+ is 100% mate. If you don’t know about Sandboxie, it’s time to learn to use it.

If you want default rules be “ask” in d+, why not use paranoid mode instead?

I think the change will void the usefulness of Clean PC mode for novices and users who don’t like so many pop-ups.
It also void the userfulness of safe file as safe file will has no difference from an unsafe file in d+.

May be I just don’t get your points.

I think you don’t understand Clean PC Mode’s fuction. Clean PC Mode’s ASK means a safe programme can automatically learn to modify, and it will produce a popup when the safe programme wants to create something new. It applies not only to files, but also applies to the registry, hook and etc.

Because of learning rules, Clean PC Mode reduces many popups. What I suggest, in fact, is that I hope COMODO change its way of learning rules. Moreover, it may be not safe to directly allow “windows and winevent hook” .

Are your really referring to Clean PC mode? There should be no d+ pop-up in Clean PC mode for sale files.

I just don’t understand your points. That’s what you said in your first post “…let us set all d+ entries into “ask”. Now the CIS’s default rules are “allow” except “execute other files, modify registries and files”,…” What you mention now seems difference from your first post.

I hope I get your points now.

May be an overriding of the default safe files for an individual file may do the work. (currently not be supported by CIS)

Though I’m using Clean PC mode, I still put some executable files that I want them to be monitored by D+ in pending file list. However, Comodo do not allow me to put a safe file in the “pendding file list”. That would be nice if I was allowed to do so.

You are wrong. There are some popups in Clean PC Mode when a safe file want to create new protected files, registry, and excute new exetable files.

You can delete the corresponding trusted software vendors, then you will be allowed to put it in the “pending file list”.

Hm. That’s what I don’t like instead.

But it’s necessary, because a safe file also can download a unsafe file. Generally speaking, the number of Clean PC mode’s popups is very very small.

As I said. I what it to be “individual file” based. Not “vendor” based that casues a lot more pop-up of other safe files of the vendor.