Whats this third internal whitelist?? I dont know anything about this??
And you mentioned related to AV. Does this mean if AV is not installed then this third whitelist is not available or not in use??
Probably, yes. Or maybe it’s in use but not updatable.
Haven’t you noticed that some programs are treated as ‘safe’ while they aren’t signed or added to Trusted Files?
Ok, some new info here…
Online lookup now really gives ‘safe’ result for those files… So the problem can be solved by adding each files to Unrecognized files list and performing lookup for them. But the question is still here.
Just few days ago I wasn’t able even to add them to Unrecognized files ilst. CIS told me that these files are already safe. (As I assume they were in that ‘internal whitelist’). But then AV update and…
It really looks like Comodo reduces the local whitelist (maybe they are trying to reduce the size of the base…)
I have noticed that but I thought thats coz of local TVL. I thought programs in local TVL will not appear in Trusted lists & only programs found safe in cloud will appear in trusted lists. And I guess local or cloud whitelist both has signed & unsigned whitelisted programs.
CIS also has a hard coded database that comes with the program. That cannot be accessed. CIS always had that. Later the cloud got added.
Whitelist database gets updated by the program updater if I recall correctly.
Comodo is not working on reducing the white list. If that would have been the case us mods would have known about it.
When cfp.exe or cmdagent.exe crashes that may sometimes cause CIS to forget rules. I can imagine that the TFL or TSV lists get corrupted. That could be a possible cause of programs no longer being recognised as safe.
Another one could be a failure of the cloud look up. Or a combination of both. Can you check Windows Event Viewer to see if it reports crashes of cfp.exe or cmdagent.exe?
Because of the intermittent nature I think hiccups with the cloud look up (either server or client side) is the more likely explanation.
I am almost confident that the whitelist is also updated by AV database update process…
No crashes, no forgotten rules. Moreover, these exe files aren’t digitally signed and they havn’t been added to TFL (so, there is no problems with TSV/TFL). They were recognized as safe just because they were in ‘hard coded whitelist database’. Until AV update.
As to cloud lookup, now it works. If I perform it, CIS gives the result ‘safe’ and adds the files to TFL. But as I already said, it wasn’t neccessary until AV update. Files were recognized as ‘safe’ without cloud.