Well, it has been discussed here perhaps but still I want to have a more precise answer. Sorry if I repet any thread.
Now, Comodo is great indeed but it disaplays LOTS and LOTS of alerts for different programs…
As far as I firstly understood Comodo had a whitelist or some ways to learn some activities for some known programs and indeed it learns some actions, but there are still many pop-up alerts requesting to allow or block a certain activity for a very well known program and this become annoying at a certain point.
Why don’t you make a safelist of actions that a certain app is doing and thus Comodo will alert only for strange and new programs.
Defense+ Training Mode very few alerts if any.
Clean PC Mode some alerts.
Safe Mode some alerts.
Paranoid Mode lots of alerts.
Your choice which Mode or possible bad install.
Dennis
Quote from help File
Dennis
Training Mode: The firewall will monitor and learn the activity of any and all executables and create automatic ‘Allow’ rules until the security level is adjusted. You will not receive any Defense+ alerts in ‘Training Mode’. If you choose the ‘Training Mode’ setting, we advise that you are 100% sure that all applications and executables installed on your computer are safe to run.
Well, this is not what I want. In this way everything is automatically learned: all files on my PC and everything I download or copy from CD and run. And that’s like having no HIPS.
Of course you will say I can keep it as such only for the first 2-3 days, but I want something to learn only the safe programs actions or to have them already in a list and not to prompt me dozens of times.
You can also do what I do. I have over 250 programs on my pc. I manually add my programs to the firewall and D+. Did you read any of the sticky’s under important topics? The whiletist covers mainly the firewall. D+ alerts are different.
If you are sure your PC is 100% clean, Put in Clean PC Mode, and all off your programs, etc already on your PC are automatically assumed Safe, and will NOT be alerted for, But new ones will be.
Well, I read everything… adding 250 programs manually on D+ is a killer. I’d better not use d+ at all if I should do this.
My point was to make a whitelist with common applications and their activities and for those to get no prompt.
Norton IS, for example has this feature and perhaps other firewalls also.
Comodo Firewall Pro includes a proprietary and continually updated white list of 1,000,000 safe executables. The integrity of every executable is checked against this database and Firewall Pro will alert users of potentially damaging applications before they are installed.
I hope this will clarify that it has a huge whitelist. If you don't want to enter the 250 programs I think it's the best you put D+ in 'Clean pc Mode'.
If a white list exists for D+, it is woefully inadequate. At least 95% of the alerts I got were from well known, safe programs, processes, and activities.
Each CFP/CIS can contribute to improve the safelist.
CleanPC mode fill pendimg list with new files paths. from there it is possible to click the lookup button that will update the safelist if thsose apps were already verified or it will be possible to submit those apps to Comodo and have them added to the safelist.
There is also the Trusted vendors feature that allow the user to safelist all application from a trusted developer.
A behavioural heuristic approach is currently used by Threatfire but I never tested it because I prefer the CFP way (L)
If ever Comodo will add somethng like that I hope they will not remove the current features an also provide a way to redefine the monitored settings and protected entities. :-TU
pykko, I agree with you. Every software in security sphere should host some AI in defining relevant or non-relevant behavior. Somebody has 1 month to tune firewall and somebody has 10 minutes or even less. Development team definitely should take into considerations such example.
Just imagine. Your enemy has knife, you have a tank, big tank, but… You don’t know how to use it. Battlefield, web battlefield will be captured by your web-enemy, not by you. So…big protection must be useful, powerful and with good AI. Dream?.. Nevertheless, I would like this dream come true.
