I’ve searched the forum and didn’t find this question. If Defense+ is set to training mode, does the sandbox feature still work? Also, do the files in my pending files automatically get uploaded or do I have to manually submit them everytime?
Unfortunately, the sandbox does still function when you use training mode and pretty much renders training mode useless. The best thing to do in my opinion, is to disable the sandbox and forget about it.
I actually find that to be good news! I put CIS on nearly all my clients pc’s, but the vast majority are either unwilling or unable to handle the defense+ alerts. Even though Comodo is doing a good job of reducing the number of alerts, there is still a few, and I get a phone call for almost every single one. So I tend to put both defense+ & the firewall on training mode and rely solely on the power of the anti-malware engine. If the sandbox does in fact still function even with defense+ on training mode, they will still get that added layer of security without having to answer any alerts.
That would be a very bad thing to do. You should NEVER leave any part of CIS in training mode for longer than it takes to learn the actions of a new application. The problem that the sandbox is causing now is that it sometimes will not allow the actions to be learned because it sandboxes elements of the application and prevents them from making the changes it needs to do.
In theory the sandbox is supposed to isolate all unknown things and prevent them from installing or modifying anything but it has already been shown in many cases to not be doing that. Rogue apps are bypassing the sandboxing easily even when CIS says they are isolated and can do no damage . I would seriously rethink what you are planning to do for your clients in light of these problems. The sandbox is currently extremely flawed and is not working as it should.
I’ll take your suggestions into consideration. It sounds like I need to disable the sandbox for now on newer clients systems. But as far as setting defense+ & firewall to training, I’ll certainly stick to that. I’ve been doing it that way since the earliest incarnations of CIS and will have to until CIS is able to be completely user friendly for the not so knowledgeable or willing. I completely understand that the real power of CIS is in having all of it’s components running together in harmony. But I have far to many clients that are, as stated before, simply unwilling or unable to deal with the alerts. I absolutely love Comodo’s products and recommend them to everybody! But I have literally hundreds of clients I deal with and learned the hard way that people just want set it & forget it security. No alerts, no questions, no answers, no responsibilities…
Thank you for the response
With CIS in Training Mode you have basically disabled CIS.
Clean PC mode with D+ is a much better solution here when starting from a clean system. From the Help file:
Clean PC Mode: From the time you set the slider to ‘Clean PC Mode’, Defense+ will learn the activities of the applications currently installed on the computer while all new executables introduced to the system are monitored and controlled. This patent-pending mode of operation is the recommended option on a new computer or one that the user knows to be clean of malware and other threats. From this point onwards Defense+ will alert the user whenever a new, unrecognized application is being installed. In this mode, the files in ‘My Pending Files’ are excluded from being considered as clean and are monitored and controlled.
That way your customers be safe and will hardly get any alerts. Your type of customer probably doesn’t install new programs themselves I guess.
I agree, by leaving CIS in training mode, the only protection you have left is from the AV. You might as well just install an AV and use the Windows Firewall. In fact , doing that would be safer than CIS in training mode.