What is the difference between Treat as Installer vs Allowing everything?

On Windows 7 Home Premium, 64-bit, I have some games that run fine when I choose Treat as Installer, but lock up (black screen, no keyboard/mouse input) when I choose, instead, to simply allow all requests.

So what is the difference? What ‘hidden’ requests does Treat as Installer allow?

Try using TRUSTED APPLICATION if it is available during DEF+ alert or edit it at DEF+ “COMPUTER SECURITY POLICY” as Trusted Application.

:THNK :THNK :THNK
:THNK :THNK :THNK
:THNK :THNK :THNK

I would also do any in game updating or connecting to remote game servers that you would normally do, before exiting the game and changing CIS back from Training Mode to whatever mode you normally have CIS set to.

Cheers,
Ewen :slight_smile:

Agreed - that has always been the fatal flaw in Training Mode. Similarly, an inexperienced user attempting to manually create rules could conceivably create just as much havoc on their own system.

An alternative would be to create rules that allowed outbound access over all ports for whatever protocols the game requires, but I’m not a big fan of loose rules like these.

Caught between a rock and several hard places.

The best place to start is knowledge and getting the user to understand, even at a rudimentary level, about ports and protocols.

On my Case I used TRAINING MODE on Both FIREWALL and DEF+ for a couple of days. Then, before switching to CUSTOM for Firewall and PARANOID for DEF+, I run my MBAM and SAS. Even Trojan sweeps inside, Once you switch your DEF+ to PARANOID mode, trojan hiding inside will be detected…

(:KWL) (:KWL) (:KWL)
(:KWL) (:KWL) (:KWL)
(:KWL) (:KWL) (:KWL)

Yikes! :o

This is not a good idea… Training mode should only be used for as short of a duration as possible because of the inherent security risk. When in training mode, you are telling CIS to create “allow” policies for anything and everything that runs, regardless of whether it is a safe application or malware…

Y’know, the information about using the different modes that you, and others, have provided is wonderful-I’ve picked up several ‘tips’ that I didn’t know before. But you’re really the only one who’s come close to answering my question, which was what the difference is between ‘Treat as Installer’ vs Answering every question with Allow?

To re-interpret your statement about there being a ‘hidden’ question, this sounds like there’s something CIS is blocking automatically, without asking me whether or not I want it to be blocked? Or something else? Thanks.

That’s why I said “FOR A COUPLE OF DAYS” If Malwares seeks inside, during PARANOID MODE at DEF+ it is detected BASED on OUR own experienced in everyday PC-Repair. If TRAINING mode on firewall is not a good idea, so why comodo designed it in CIS? and for the record, DSL or other Broadband provider is being FIREWALLED before it enters to our LAN Card… Paranoid Mode on both DEF+ & FIREWALL is designed to detect irregular behavior on our PC thats why I firmly believed that Paranoid mode detects any bad behavior after training mode…

(:TNG) (:TNG) (:TNG)
(:TNG) (:TNG) (:TNG)
(:TNG) (:TNG) (:TNG)

A couple of days is too long…

The training mode is there to help define rules for applications making complex connections. If you attempt to run an application and you can’t get it to do what it is supposed to do, then you put the firewall or D+ in training mode and start the application. This should learn all the applications processes. As soon as you have done this, you put the firewall and D+ back into its previous mode.

Training mode is definitely NOT a “put it in training mode for a couple of days” type thing unless you don’t mind creating policies for anything and everything that runs on your system in that time. It’s also not a blanket function, as most applications won’t have any issues when not in training mode. It’s only intended for those stubborn applications.

LOL!!
1 to 2 days is a couple of days… If you are using a 3G Broadband connection [USB Modem HSPA for Laptops] training mode is good to let the firewall understand the SECTORS of ANTENNAS of the Cell Site if a HAND OVER is made in your area because it has a different IP. Well sorry Men I’ve been a long time Firewall user of Comodo [like you maybe] and I’ve been practicing TRAINING MODE for a hundreds of PC that we experimented during repair at our local shop… IRREGULAR BEHAVIOR is detected by DEF+ in Paranoid Mode.

(:KWL) (:KWL) (:KWL)
(:KWL) (:KWL) (:KWL)
(:KWL) (:KWL) (:KWL)

Errrmmm… Yes, I’m aware of that… 88) That is too long…

That’s too long if you are a Desktop user with a SINGLE IP and stays on your house… But if you are using a Laptop with a 3G Broadband and if it has 2 to 3 3G Networks that your Laptops access a Internet, LOL!!! 2-days is not enough…

(:WAV) (:WAV) (:WAV)
(:WAV) (:WAV) (:WAV)
(:WAV) (:WAV) (:WAV)