I have a 2 questions regarding the use of wildcards in path names. I see that COMODO uses per default this entry in it’s own File group ‘Comodo Files/Folders’:
C:\Program Files\Comodo*
While in some posts here in the forum I see another format used:
C:\Program Files\Comodo\COMODO Internet Security*
Do these entries operate in the same way? Any help would be appreciated.
There seems to be an important difference. I experience it when defining Defense+ policies to a Group I created. I want to give full privilege to the apps I have installed in C:\Program Files\Sysinternals
But all these apps are in subfolders, like:
With the previous post I am on the wrong track. Some of these small programs were digitally signed others not, that I did not take in concideration. :-\
My problem is that even though I define apps in a group, then add this group to the Computer Security Policy and make sure it is treated as the predefined ‘Trusted Application’, it still is landed automatically in the Sandbox? That is just what I want to prevent… ???
Your right ofcourse. But I have different intentions. I defined two additional groups:
My Applications Without Internet
My Applications With Port 80 OUT Access
So I can differentiate between my Trusted Apps in the Firewall and allow only some Apps access.
Now that seemed clever, but it comes with a price as I cannot make CIS regard the members of these groups to be Safe.
But wait, I’ll try your suggestion anyway. I still might be able to define the Firewall rules for these groupos, even though the Apps are listed as Safe and as Member of one of these groups. To be continued…
P
In the file group window, when selecting a folder in the dialog box that appears when pressing Add → Select From → Browse, * is appended to the folder name instead of * . Using alvard’s example, CIS would give us C:\Program Files\Comodo* instead of C:\Program Files\Comodo* . Unfortunately, the former filespec also would match everything in the folder C:\Program Files\ComodoTest. If there isn’t a good reason to be appending just *, I request that the developers please change CIS to instead add * . This isn’t a mostly theoretical problem, because on x64 systems there are folders \program files and also \program files (x86). CIS version used: v5.8.213334.2131.
Do I need to fill out a bug report to get this passed on to the developers?
I do see this as an ‘issue’ personally, and thus worthy of a report.
All depdedent on the def of bug really, which we have been refining since Dennis’s post. You don’t expect when selecting a directory to have this effect - so its an issue for users. And its within design scope. So scores on both counts of the new def.
In general, does a bug report need to be filed to get the attention of developers? Or do mods sometimes forward issues to the developers (or perhaps developers also scan the forums)?
By the way, I actually encountered this issue by accident. Then I remembered the FAQ that Mouse wrote about file specs.
I suppose some applications may have multiple paths, easy way to catch them all.
Dennis
Edit I am sure it was not like this in previous version of CIS any wildcards had to be added manually, not sure when it was change will check later when I have time.
It it most likely to be fixed if filed in standard format. Mods occasionally alert devs - normally to urgent vulnerabilities. But it’s hard work if there is not a decent bug report - the mod has to create a well structured convincing explanation from scratch and say why alternative explanations are not possible. Or collate links into a structured story with linking text … devs wont usually read through a long trace.