Why do I get Defense+ alerts on safe programs?

In the Defense+ settings, it is set to “Train with Safe”. The help describes this level as:

Train with Safe Mode: While monitoring critical system activity, the firewall will automatically learn the activity of executables and applications certified as ‘Safe’ by Comodo. It will also automatically create ‘Allow’ rules these activities. For non-certified, unknown, applications, you will receive an alert whenever that application attempts to run.

Although the help says “firewall”, this is describing the settings for Defense+. Okay, so why do I see alerts that say “ is a safe application …”? If the rules are getting automatically generated for safe programs, why am I still getting prompted about them? If I am going to get prompted for safe (known) applications then I might as well as just shove the slider all the way up to Paranoid.

The whole point of updating CFP to get a database of safe applications and configuring CFP to learn (not prompt) the safe applications is to reduce the prompts (so I don’t have to bother with them). This feature works in Online Armor (what I used before trying CFP). Doesn’t work in CFP since I still get the alerts for safe apps.

Hello All,
I have the same issue

Its part of the HIPS protection I believe.

I moved the slider up to paranoid! Could never figure out the utility of “safe” applications vs “certified as safe by Comodo” but after a little CFP experience on your system it doesn’t make any difference except for an occasional new program you need to deal with.

Yep, that is why I said Defense+. The whole point of Comodo providing a database of known and safe applications is so that users won’t have to get bothered answering the D+ alerts for those applications. If they are safe, and if you set the slider at “Train with Safe Mode”, the D+ (HIPS) feature is supposed to recognize when the application is a safe one, learn the behavior of that safe application, but NOT bother the user with an alert. The purpose of the safe list was to reduce the prompting so users would not be overly pestered with the alerts.

Online Armor does the same thing by having a safe apps database and it works. Many users that might consider getting a HIPS-enabled security product are turned off by the initial flood of numerous alerts. By having a safe list, the alert count should be severely reduced. Users wouldn’t be bothered with alerts for well-known and pervasive programs, like Word, Windows Explorer, Internet Explorer, FireFox, Outlook [Express], Thunderbird, Adobe Reader, and other highly common applications. Most computer users just want to use their computer, not spend a majority of their time with a flood of alerts trying to get the security product trained until it eventually shuts up. There are some of us that don’t trust the safe list and want full control over any application that wants to connect or load and even go wander off into the access rights and other properties of the rules for firewall and D+, but those are not the typical user who see security products as a required but somewhat unwanted utility and definitely not as useful work.

Hate to said Vangaurd but I have over 225 programs and I am not overwelmed with alerts. I just did a fresh install of Comodo on my laptop. I put the firewall and D+ in training mode. Launch all my programs or maually ad some. Takes several hours though. After I am done I put the firewall to train with safe mode and D+ to clean pc mode. After that the only time I get D+ alerts is when a program changes such as a patch or something. Or when I install something. I tested D+ using the GRC leak test, System Shutdown Simulator and the PC Flank test and they all pass.

“Launch all my programs or maually ad some. Takes several hours though.”

You really think the “normal” user that uses their computer to do real tasks is going to waste hours trying to configure a security product? If I put a padlock on a door, I don’t spend more time than needed to just put it on. I don’t stand there inspecting it for hours or even for a minute. Ease-of-use is a very strong characteristic that is very important to many users. After all, if ease-of-use were not an issue, Comodo, TallEmu, SSM, DiamondCS, and other firewall and HIPS programs would have never bothered with safe lists in the first place. Obviously a problem is being noted in Comodo’s product that it won’t use the safe lists that Comodo themself produce.

Sounds like it’s worth a writeup in the bugs forum. Fill out the form there and reference this thread. :slight_smile:

Same problem here. Extremely frustrating. It’s about to cause me to look for another firewall to replace this nagging nanny.

I had Zone Alarm Pro (boo, hiss) before Comodo, and one of the good things ZAP did was to actually REMEMBER MY ANSWER when I checked the box for it to remember my answer to the pop up. Comodo NEVER remembers my answer, so why did the programmers even add the ‘Remember my answer’ check box?


It really shouldn’t work like this.
Btw note, that if even a safe application gets modified it will become unsafe. I mean if internet explorer is in the safelist, and it is learnt by cfp when installed but after you update IE you will get an alert about it (although ie is still safe, it was updated by Microsoft not a virus) is a normal activity. It is due to comodo not having the signature of the latest ie version IMHO. Anyway, I suggest using cleanpc mode for a period and only after that switch to train with safe mode.

at brianconner: it should remember it. So it is not necessarily the programmers fault. It sounds like a corrupt installation or a kind of incompatibility. Are you using the latest version of comodo? What other programs are running with it?

Yes, it is the latest version,

Not sure what you’re asking WRT other programs running with it. I have Comodo BOClean and AVG antivirus running.

The other frustration is that whenever I get a Comodo Firewall pop up, it takes focus away from the app I was using, and it does not return focus after I click OK. That means, I have to make another click back to the app I was using.

Comodo Firewall is not a well behaved, user friendly app. I don’t mind paying for a firewall that is actually useful, but at this point in time, Comodo isn’t that app.

Yeah I was asking that, but as far as I know they shouldn’t be source of conflict.
Its sad to hear it is not meeting your expectations. I don’t receive popups unless I installed something new. But thats not a problem. Usually I have to answer only one popup. I select ‘trusted’ ‘browser’ or one of the other predefined policies according to the newly installed program, and after this I barely receive alerts for it.

I just went in and looked at Comodo Firewall’s ‘Computer Security Settings’ list.

Even though I had previous told it to consider all Applications as Trusted applications, it did not have that setting for any apps. Instead, it showed each one as having a Custom Setting, and when I looked at the custom settings, it said to Ask for just about every action.

So, it is not obeying my instructions. Not very useful. It gets tiring to have to get several (more than 3) pop up warnings from Comodo when I try to load WordPerfect. I’m not accessing the Internet, only trying to type a letter to print out.

(:AGY) again.

What is your defense+ security level? If you are sure that your computer is not infected then set it to cleanpc mode.

That’s what I did earlier this AM. I still got dozens of pop up warnings. After manually setting my applications to Trusted Application, they warnings seems to have settled down. As you have agreed, I shouldn’t have had to do that.

Neither Comodo BOClean nor AVG anti-virus are giving me any hits or warnings, so I’m as certain as I can be that my PC is clean.

To be honest Im stuck with your problem.
One thing is sure, it should not work like this.
In your application rules list…are there any ~ signs in the path and/or file names?

No, nonr of them have a tilde in the path.

I was asking that because in the past there was a bug which resulted in cfp not remembering settings and having that tilde in the path or filenames in the rules.

But it looks like its not the case.
Well Im really out of ideas now. We need to wait for a developer to look into this. Have you had the same symptoms with previous versions too?
From here you can download older versions if you have the patience as its clear that the current one is unusable and annoying you, which is understandable.

File modification is not learnt in Clean PC Mode or Train with Safe Mode


Thank you, thank you, thank you! I cannot tell you how affirmed I feel after reading your posts in this thread. I probably fit your definiion of a “normal” computer user…someone who isn’t married to my pc and and doesn’t want to be. I want to use my computer as a fun tool to use for buying stuff on the internet, downloading music, having some fun with Windows MovieMaker, etc.

I’m not a programmer and I’m not a techie. But I feel like I have to become one of those in order to master CFP. Trust me when I say I have spent hours and hours reading the Help sections and the forums. But this software has many nuances that don’t seem to work as expected, terminology that goes over my head, and is complicated for the ordinary pc user. I’ve had it on my system for about a month now and I’m about to give up on it. The last straw may have been a few days ago when I ran Windows Check Disk for the first time in a while (just a routine thing to do every now and then) and all sorts of he** occurred. Then I later read that CFP has a bug in it that causes the CHKDSK problems. So on top of the complexities of CFP, the normal computer user has to also contend with it screwing up some pretty important system-related functions.

The final insult is that I’m scared to death to uninstall it. I know most software leave traces if/when uninstalled, but apparently CFP can uninstall so poorly that one is unable to go back to using the built-in Windows Firewall afterwards (Windows still thinks CFP is installed). I have printed out the special CFP V3 uninstall sticky in this forum, but again, for a normal pc user, the listed steps…including a romp through the registry…are ridiculous and daunting. And I shouldn’t have to download yet another software program like Revo (as one frequent poster repeatedly instructs) in order to get rid of this one.

Anyway, that’s my rant. VanguardLH, you get my vote.