After installing CIS (Firewall only, no antivirus), I put it in training mode; however, I found that during training mode that I also had to disable Execution Control (because it didn’t get automatically disabled by training mode). I ran all my programs. That took awhile. When done, I put CIS into Safe Mode and reenable Execution Control (which is set to handle unknown files as Untrusted).
So I figured only new executables that showed up on my host sometime later would fall under the Execution Control enforcement. After all, the point of training mode is to learn how my current applications behave (to learn them). Didn’t work that way. After going to Safe Mode and enabling Execution Control, one of the programs (Blueberry Flashback for captuing the screen) that I had previously ran under training mode (to learn its behavior) was treated as Untrusted so ran in the sandbox (the partial one where restrictions are applied, not the full one where the process gets truly isolated). This caught me by surprise. I figured Training Mode was supposed to learn the behaviors of this program so it would be trusted later. I really don’t want to use Clean PC Mode but prefer Safe Mode.
The default configuration is with the “Create rules for safe applications” disabled. Do I have to enable this option and go back into Training Mode to relearn all my applications by running them all again so rules get defined for them that stick when I go back to Safe Mode? Or am I stuck with adding the unknown executable to the Trusted Programs list one by one? What’s the point of Training Mode if programs currently unknown in Comodo’s whitelist don’t get whitelisted locally (by having them automatically added to the Trusted Progrmas list)?
If I’m stuck having to manually trusting the programs not currently in Comodo’s whitelist, how do I get them into Comodo’s whitelist? For executables that I have to manually add to the Trust Programs list, I see no option to submit that file to Comodo.