Use Hashes For AV Real-Time Exclusions [M516]

1. What version of CIS, or Comodo Firewall, are you currently using:

2. What actually happened or you saw:
A file can be added to the EXCLUSIONS, but when moved, is flagged again, and needs to be re-added to EXCLUSIONS

3. What you wanted to happen or see:
Adding a file to EXCLUSIONS means it is EXCLUDED - anywhere on the system, not just in that particular place/path currently, Comodo uses ONLY the filename/Path

4. Why you think it is desirable:
People move files around, having to CONSTANTLY re-add a file to EXCLUSIONS is extremely irritating and basically defeats the purpose of EXCLUSIONS

5. Any other information:
this should automatically apply to MULTIPLE versions of the file (provided they have the same HASH, not just the same name. This is EASILY accomplished and has been in practice in other programs (INCLUDING older versions of Comodo), there is no excuse for not doing it properly now.

Thank you.

Thank you for submitting this Wish Request. I have now added a poll and moved this to the WAITING AREA.

Please be sure to vote for your own wish, and for any other wishes you also support. It is also worthwhile to vote against wishes you think would be a waste of resources, as implementing those may slow down the wishes you would really like to see added.

Thanks again.

CAV uses both hash AND path. maybe reword the wish to say use only hash for exclusions

@wasgij6 - then it wasn’t thought out very well, the inclusion of the path makes the exclusion specific to that path and therefore, not as effective as just the hash itself.

i agree

Maybe the file changes its hash (i.e. it gets updated) but you still want to exclude it.

There could be a per-file option to use path and/or hash.

Also, I can suggest BLAKE2 as hashing algorithm

If the file changed its Hash, then it would simply re-alert you upon being re-detected. STILL much simpler than using the Path in ANY fashion. The Hash is the Hash, no matter where it is.

The possibility is allowed as a choice between the path and hash or only hash

The option to exclude for the path and hash must remain

@fsdc - you make a statement with no explanation, facts, or scenarios to back it up. I think I have quite thoroughly explained why using the path in any manner is more detrimental than it is helpful - the hash is the hash, regardless of the path.

I have yet to see anyone put forth a scenario where the path is of any use whatsoever.

I expressed my opinion.

I would like to note that the rule restrictions on the path and the hash more stringent than the rule restrictions on the only hash.

If there is no special need, no sense in making the rules more loyal to the intruder.
There is no need to show any scenarious for the substantiation more strong rules. Even more so, they has been implemented. I don’t need scripts for only hashes. At least it slower solution.

And when I specify a file, I assume that you have specified the file path and hash, but not the only program hash. An intuitive and computational complexity effective solution.

So your wish solution must not to replace the existing one. But can exist as an option.

Also, there isn’t any hash for directories.

Well, you can exclude specific directories from scanning. Not sure what additional benefit hashing directories would add, but I certainly wouldn’t oppose it. :slight_smile:

I would like to thank everyone who has voted on this particular enhancement. As there have been 20 or more votes, and more than 75% of those votes were positive, I have added this to the tracker for consideration by the devs. However, do note that even though this wish will be considered by the devs, it does not necessarily mean that it will be implemented. I will update this topic when I have any additional information.

Thank you.