V3.9.95478.509 Defense+ Gives Too Much Freedom to Applications In Training Mode

tcarrbrion although I understand your needs I cannot assume that the single alert you would like to get will be gladly welcomed by many other users.

Using parental control provide the option to suppress the very alerts such users do not want to see.

It would be reasonable to create policies in paranoid mode and not delegate the installation of new applications to such users. Application with a properly formed policy will work fine and those users will not have to see the alerts they are not encouraged to answer themselves.

Besides it is possible to configure D+ to address the above mentioned installation scenario using a custom made predefined policy and manually switching D+ to Installation Mode using Switch to Installation mode in CIS summary screen.

Anyway I’m not going to persuade you to use this possibility.

That is why I would like it as an option.

This is a lot more work. It should not have to be that hard.

Indeed it ought to be an option for paranoid mode.

That hard… I would guess so as it require more than one click and that’s where ease of use goes in the way of increased security.

I’ve already quoted this to you before…
Training Mode: Defense+ will monitor and learn the activity of any and all executables and create automatic ‘Allow’ rules until the security level is adjusted. You will not receive any Defense+ alerts in ‘Training Mode’. If you choose the ‘Training Mode’ setting, we advise that you are 100% sure that all applications and executables installed on your computer are safe to run.

I see what you mean.
As a trusted application, the app is allowed almost all actions.
The only viable solution i have found to get around that, is that you run in Paranoid Mode, and when the popup of a trusted app rises, click it as as installer & updater, that way the rules learned to the app are only the ones that it did on the first run.

If COMODO included this on the Safe Mode, then they would have to have a Database of the apps actions. So there is why PAranoid Exists, because with updates and else, apps need to change access to distinct files.

So there it is
USE PARANOID, but for safe apps use the Installer option given in the popup, and then change the installation mode, in the main window in CIS to revert to an ASK Mode of the PARANOID Mode

Installation Mode can be activated form any other mode the user is using. When the user is going to install an application he trust it he could use installation mode along installer and updater policy although installation mode can be used along other custom policies.

As above Installtion Mode and Installer Upsater policy can be used from D+ Safe mode too. So Paranoid mode exist for users who wish to outsmart/outperform the default design behavior for safelisted applications.

eg: it would be possible to create user specific security policies (predefined policies) according to the user’s individual level of trust and then applly them to executabes whenever they are safelisted or not.

I was slightly off topic and talking about clean PC mode. The same problem exists there. Safe applications are allowed to do dangerous things and you have no choice unless you take time setting up complicated rules.

It more like your willing to make it a problem there too. Applications wouldn’t be safelisted if dangerous. The default behavior for trusted applications provide a reasonable tredeoff for many users. Only those willing to outsmart/outperform the default behavior ought to use paranoid mode which will allow their own personal criteria and security guidelines to override safelisting behavior.

In paranoid mode Safelisting will not eventually concern them or get in their way other than mentioning that an executable is safelisted. Those users can thus decide what level of trust and the corresponding custom made policies to concede on a per app basis. They can thus enable this or that alert they wish to see but other users may not.

Apparently such dangerous things are not dangerous enough to use paranoid mode likewise using custom policies with Installation Mode was that hard.

There is no point to further go OT on this as the OP wished for a way to completely allow applications for the specific purpose of looking at the detailed list of permissions for each access rights.

There is not much point in continuing this conversation as you seem determined to rubbish everything I say. That is not the way for fruitful discussion.

There are plenty of items on the wish list from people who want similar things to me.

Everyone has their way of using a security application and has their own level of willingness to sacrifice security for ease-of-use.

CIS is very detailed in controlling application behaviours. Now what it needs is to have a very detailed way in allowing users to control CIS. I guess that’s the best solution, which does not yet exist.
Some people may say that too many options might confuse the average user. That can be solved by providing several predefined profiles offering different levels of security when the user first installs CIS.

As of now, I’m not too happy with how D+ of CIS V3.9 works, in accordance to my personal way of using it.

Oh, and Endymion, there are some situations that you can’t help it but to run Training Mode to allow everything a program does the first time, and then check the access rights it gets. An example of this is when a person first runs a full-screen program such as an online game, that will hang if pop-ups from CIS interfere.
Furthermore, for a user like me, I still have other security programs running to provide some level of security when D+ is in Training Mode, so it’s not like the end of the world.

This works just as well in clean PC mode so there is no need to use training mode. If the game is not in “my pending files” it should learn just as well as in clean pc mode as in training mode but you will be safer.

I don’t really use Clean PC Mode. I don’t see the point of it. It seems to me like everything already installed is assumed trusted, and everything from then on is treated as if CIS is in Safe Mode, right? So why not I just put Safe Mode in the first place?
I know doing so will cause applications that have already been installed to be alerted to me, but how would I know if existing applications are safe? (If my system is new, then existing applications are little in amount, and I don’t mind manually allowing their actions in Safe Mode because there are not many of them.)

So I only use Safe Mode and Training Mode. Anything else is not suitable.

And, about games, if I install them with CIS in Clean PC Mode, wouldn’t they be considered “new” to the system and thus be monitored and not learnt the way Training Mode learns them? If so I still need Training Mode at the end of the day.

Now I don’t know what I should do with my D+ in V3.9. Maybe I’ll uninstall V3.9 and install V3.8 to let it make rules as it used to and then upgrade to V3.9. Lol.

tcarrbrion if by fruitful you meant that I had to agree with your arguments, indeed I did not and addressed you points. You even got to state that you would have liked to have CIS show a popup when installing a driver but CIS wasn’t able to. I suggested a way but you stated it was too hard. IMHO your overall approach was along these lines and indeed it was not fruitful at all.

Paranoid mode allow Full Control.

Indeed there are currently four profiles/configurations.

So you couldn’t help but anyway this doesn’t mean I had not to believe you when you claimed you used training mode to completely allow application you trusted partially to see what access rights they were going to get.

Although you don’t see the point in existing features this doesn’t mean you ought to misrepresent them, especially if according to the information you provided there would be no apparent solution other than backing you point.

PS: Using Safe mode + user defined safe files is not needed to use training mode for full-screen programs.

You didn’t get me. I’ve explained how Paranoid Mode is not going to work for me. I do not want full control, at least not as full as having every single action under my control. As mentioned, I don’t want to waste time examining programs already trusted by COMODO, so I don’t want Paranoid Mode for usual use.

About the configuration profiles stuff, yea I forgot about that. Good that they’re there. But CIS should still become more customizable in terms of how D+ creates rules, if it’s technically possible, so that it suits you and me. Currently, the ways different modes in D+ make rules are still somewhat stiff (not flexible enough) in my opinion.

I misrepresent them? How? Which ones? Mind telling me?
I support the way that can fit everybody’s needs. I’m not someone who thinks everyone else’s ideas are wrong. If you want me to accept certain ideas of yours and I disagree with them, I will always offer my explanation, not just disagreeing without reasons.

Nevermind I already did and there would be no point to do again. Glad to see you acknowledges at least the existence of profiles.

Sorry I don’t think I have to persuade you and I provided plenty of reasons (actually pointing out existing features according to the information you provide) already but indeed feel free to present you needs as fitting everybody needs.

PS: in Paranoid mode nobody is forced to answer all alerts. There are predefined policies and users can add their own custom-made ones (How Much Freedom ) to select them in Treat As combo-box as soon they got one alert. This apply to safelisted files too, so nobody is forced to examine application s/he trusts.

http://wiki.comodo.com/images/Cf_alerts_opts_def.gif

[attachment deleted by admin]

Pleaese support restore the 3.0/3.5 learn mode proposal.

[Defense]Please restore 3.0/3.5 learn mode or provide new mode of Defense+ security level
https://forums.comodo.com/feedbackcomm…_of_security_level-t39289.0.html

I did see some reasons that you’ve provided previously. But I was not able to understand your language at some point, and I did mention that I didn’t get you and implied a request for clarification along the way, but you didn’t provide any.

If you’re talking about existing features, I’ve explored CIS many times so I know what they are. It’s just not all of them fit me, so I don’t use them. If I like them I would’ve been using them long ago. Really, I’m not a new user.

Okay. I want trusted programs to NOT raise even one alert, at all. Paranoid Mode ignores pre-trusted-by-COMODO programs, if I’m not mistaken, thus I don’t like Paranoid Mode. Since I don’t want even one alert from trusted programs, selecting a predefined custom profile is irrelevant.
In addition, I prefer a more case-by-case basis instead of applying a predefined profile. So… I don’t use that feature.

What bothers me now is just the D+ rules. I don’t know what everyone else thinks about Training Mode, but if Training Mode is there it has to have some uses in some situations. More than 99% of the time I’m on Safe Mode, so it’s not like I’m often on Training Mode.
I remembered reading somewhere that they say in V3.9 the rules will be more “compact”. If this is how it is more compact, I’d rather use V3.8 to create rules the old way and upgrade to V3.9.

Personally, I don’t see the benefits of making the rules more “compact” in this way. Perhaps someone who is willing can enlighten me on this.

No offense but I have a hard time understanding your sentences in that thread.

Fruitful could mean alternative suggestions for improvement and not just arguing it is all right as it is. I suggest this, you say it is not necessary. I suggest that, you say it is not necessary.

I am not here for help. The example about installation and drivers was something I wrote in a hurry and had not even thought about. It was probably a mistake. I am trying to communicate ideas and look for ways of improving CIS.

This blanket allowing of rules, which might save someone who did not have a clue of how to use CIS from a pop-up once in a blue moon, is not what everyone wants and I think there are good reasons for having an option for tighter security. And I am not the only one.