Whitelist and dozens of alerts...

Well, it has been discussed here perhaps but still I want to have a more precise answer. Sorry if I repet any thread.

Now, Comodo is great indeed but it disaplays LOTS and LOTS of alerts for different programs…
As far as I firstly understood Comodo had a whitelist or some ways to learn some activities for some known programs and indeed it learns some actions, but there are still many pop-up alerts requesting to allow or block a certain activity for a very well known program and this become annoying at a certain point. :frowning:

Why don’t you make a safelist of actions that a certain app is doing and thus Comodo will alert only for strange and new programs.

Can it be done ?

Defense+ Training Mode very few alerts if any.
Clean PC Mode some alerts.
Safe Mode some alerts.
Paranoid Mode lots of alerts.
Your choice which Mode or possible bad install.

That’s right but Training mode will consider all files on your PC as clean and all other files copied there ?

Quote from help File
Training Mode: The firewall will monitor and learn the activity of any and all executables and create automatic ‘Allow’ rules until the security level is adjusted. You will not receive any Defense+ alerts in ‘Training Mode’. If you choose the ‘Training Mode’ setting, we advise that you are 100% sure that all applications and executables installed on your computer are safe to run.

Well, this is not what I want. In this way everything is automatically learned: all files on my PC and everything I download or copy from CD and run. And that’s like having no HIPS.
Of course you will say I can keep it as such only for the first 2-3 days, but I want something to learn only the safe programs actions or to have them already in a list and not to prompt me dozens of times.

You can also do what I do. I have over 250 programs on my pc. I manually add my programs to the firewall and D+. Did you read any of the sticky’s under important topics? The whiletist covers mainly the firewall. D+ alerts are different.



Pls read the stickies… Valuable information.

If you are sure your PC is 100% clean, Put in Clean PC Mode, and all off your programs, etc already on your PC are automatically assumed Safe, and will NOT be alerted for, But new ones will be.


Well, I read everything… adding 250 programs manually on D+ is a killer. I’d better not use d+ at all if I should do this.

My point was to make a whitelist with common applications and their activities and for those to get no prompt.
Norton IS, for example has this feature and perhaps other firewalls also.

Norton is bloated junk and cannot offer the same level of protection that Comodo can. Comodo is also free where as Norton is $50 for 1 year.

That didn’t answer my question.

/offtopic: I know Comodo’s level of protection is the best now and it’s free and I congratulate the team behind it.

The whitelist is already there, I’d suggest to read the fine manual.

Comodo Firewall Pro includes a proprietary and continually updated white list of 1,000,000 safe executables. The integrity of every executable is checked against this database and Firewall Pro will alert users of potentially damaging applications before they are installed.
I hope this will clarify that it has a huge whitelist. If you don't want to enter the 250 programs I think it's the best you put D+ in 'Clean pc Mode'.


A white list of over a million applications is not very helpful if it only applies to the firewall and not to D+. It would be much more efficient to make a whitelist for known and trusted behaviors for D+, then allow the user to select whether to ignore the whitelist or use the whitelist. The technique of training the firewall is fine for techie’s who like to spend time this way, but for the average user, it is unsettling to deal with the abundant alerts about unfamiliar programs (which are actually common system/windows components).
more on whitelist for D+:

If a white list exists for D+, it is woefully inadequate. At least 95% of the alerts I got were from well known, safe programs, processes, and activities.

Note: to me, clean PC mode is not a safe way to “create a whitelist”, for reasons that I explain here:

Each CFP/CIS can contribute to improve the safelist.
CleanPC mode fill pendimg list with new files paths. from there it is possible to click the lookup button that will update the safelist if thsose apps were already verified or it will be possible to submit those apps to Comodo and have them added to the safelist.

There is also the Trusted vendors feature that allow the user to safelist all application from a trusted developer.

A behavioural heuristic approach is currently used by Threatfire but I never tested it because I prefer the CFP way (L)

If ever Comodo will add somethng like that I hope they will not remove the current features an also provide a way to redefine the monitored settings and protected entities. :-TU

pykko, I agree with you. Every software in security sphere should host some AI in defining relevant or non-relevant behavior. Somebody has 1 month to tune firewall and somebody has 10 minutes or even less. Development team definitely should take into considerations such example.

Just imagine. Your enemy has knife, you have a tank, big tank, but… You don’t know how to use it. Battlefield, web battlefield will be captured by your web-enemy, not by you. So…big protection must be useful, powerful and with good AI. Dream?.. Nevertheless, I would like this dream come true.

I also agree with Pykko and Yaraslau.
I posted similar concerns here and here.

I hope Comodo will incorporate some of these suggestions in future versions. Looking forward to more great things from Comodo.