when i switch to training modus, starting normal programs, i thought comodo learns needed things.
but when i look in the rights settings (access rights for each program), then i see, that all programs, which was started under training modus, have exactly the same rights.
all is set to ALLOW,
only 2 points are not: protected registry entries, and protected folders are on asking.
why should a normal program, like a game or a dictionary, have automatically the same rights? and why should they have nearly ALL rights, even if they dont need it? (like install hardware driver, or stuff like that).
training mode doesnt LEARN, it copies only a blueprint of access rights.
settings: pro active, all set to high. actual cis. just for a few minutes switched to train mode after new install of cis.
I don’t see the problem. What’s the difference if something has rights for an action it will never perform? Training mode is just for installing or updating things so you are not bombarded with alerts for something you know is safe.
Anything that would replace a file that had been uninstalled would not be trusted by the old rule even if it had the same name, it’s size and hash would be different and CIS would know that. Even if a file somehow got corrupted (which would be unlikely to happen because of D+ stopping malicious activities), when it tried to do something bad, that would also be detected because the hash of the file would now be different and the CIS rule would not apply to it.
At least this is how I understand things, if I’m wrong I’m sure someone will point it out.
When I uninstall or do a clean up of files on my system I always go into the firewall and D+ rules and click on purge to remove rules for things that no longer exist. Doing that eliminates most of the scenarios you suggested.
Training Mode is the least safe mode of CIS. It is an “convenience” setting rather than utmost control. For utmost control the user will have to be fully in charge. You seem to want the best of these two worlds and that’s not working.
But you would have allowed that program to run in the first place and gave it permission. Remember the user is very much needed with security.
or a normal program, which you should not trust very much (instant messenger, irc, games), could have a bug or exploit. then this program/exploit has the right to install hardware driver, for example.
A bug would trigger the BO protection and an exploit would still trigger an
the question which is definetely left:
what sense makes a training mode, when the results of that training are always the same for each started program? it acts like a predefined policy, but it affects ALL running programs in that mode. even if i want just to start A single game without freezes.
and the manual tells about “defense+ learns” in training mode.
that doesnt fit. bringing the whole machine “in danger”, to get at the end simply a blueprint rule for a special program.
comodo says: training modus is the “gaming modus”, to start a game for the first time. so, why not giving a predefined “game rule”, instead of this blueprinting trainings modus for the WHOLE machine?
alert that the now exploited program starts another application.
not every program, which causes many alarm messages, or freezes when theres an unanswered question, is automatic trustable. as the safe mode isnt able to avoid game start freezes (first starting), you need train mode.
training is related to learning!
That's why the help file states "(unknown but trusted) application " (with unknown it means the game is not on the white list). Trustable is finally always a user decision. Training mode is for convenience and not for tight control.
"as predefined rules" they should be marked as predefined rules. not as rules produced by a "training mode".
there is sense in that
instead of that, i use a own rule "games" from now. so i never have to use train mode.
maybe its a good idea, to make a rule in cis for games. thats missing, and would be a comfortable feature for normal users.
I usually put all .exe and .bat file belonging to the game in My Safe Files
if its like you said, then why should i have to make a "allow temporary everything on the WHOLE machine, and remember that" procedure (trainingsmodus), when this is a process with always the same result (blueprint), and which rules are meant for a special application only in that moment?
to allow this for the whole machine would have only a reason, if this mode would learn specific rules for each single thing.
The latter is what Training Mode is not meant for. It is for convenience and not taylor made solutions.
when i already know, how the blueprint looks, i could use better a predefined policy, and would not have to risk "malicious things activation" while training modus for the whole machine is running.
The Help states specifically:"If you choose the 'Training Mode' setting, we advise that you are 100% sure that all applications and executables installed on your computer are safe to run.". Now you want even more convenience than Comodo can deliver; you will have to make sure your system is clean.
and in the manual it looks like "learn", not like "use always the same rule set".
That's simply not true. The manual states " Defense+ will monitor and learn the activity of any and all executables and create automatic 'Allow' rules until the security level is adjusted". It forgot to mention the two exceptions of course.
"default deny" means in this case: avoid too much "allows". thats what i would think.
Default Deny is less here but keep in mind you willfully lowered the security level to below the default level. You can't get tight security and convenience with this type of product.
The manual fails to tell that in Training Mode with D+ Computer security policy still is applied (move down the slider of D+ settings to check). The manual also doesn’t tell that Network Security is being applied for the Firewall either. Even when you move down the slider to of the Firewall settings to Training it won’t tell it will apply Network Security Policy. However I tested this by blocking FF and starting it. The network security policy was not neglected. It could not surf the web
comodo says: training modus is the "gaming modus", to start a game for the first time. so, why not giving a predefined "game rule", instead of this blueprinting trainings modus for the WHOLE machine?
A game mode has been asked for many times in the wish list boards.
Phew, that was a long reply. Hope I didn’t forget something… 88) ;D
Yes. By the way, in some cases every access right was set to allow, except "Run executable". For example, for Sylpheed mail program, which is on my local whitelist. Despite it shouldn't be allowed to install drivers, protected files, registry keys etc because it is a portable app. It merely goes out over SSL ports 993 and 587 - that's it.
I can’t agree with you Clockwork, I do want my security software to do things for me. I would like CIS to do more without any required interaction, not less. The rules the program makes for me, and I run in Clean PC mode because even safe is too aggressive, do not allow everything. They always are set to ask for run an executable, protected registry keys, and protected files and folders unless the file is a trusted windows application or given that designation.