Why is defense+ learning apps in Safe Mode ?

If i’m correct the previous version would alert if i started a program using for example launchy (app launcher).

I press Alt-Space, run lanspy and in SafeMode Defense+ is learning start .exe lanspy it’s also added to the policy.
I previous versions it would alert, now i have to go to Paranoid Mode to get the Alert ?

Anybody else noticed this behaviour change ?

p.s. running latest version

Looks like it, I’ve been doing some testing and some others alert like i was used to.

Hello guys.

I liked CFP/CIS very much until today. Yesterday evening I’ve updated my CIS from previous to latest version (3.13.121240.574) and it started to annoing me. Since yesterday everything was OK. Defense+ was set to “safe mode” and it was really safe mode - it was asking me about running new executable by another already running application whenever I wanted (whenever specific app was set to ask about it), now it stopped. Now it’s learning EVERYTHING. WTF ?! In safe mode ? It could happen in “Clean PC mode” and in “learning mode” but not in a “safe mode” !! What is even more annoing - the specific app that starts new process was set to always ask whenever it sends window message or wants tu run new executable. I could even set the rule for that specific app to “limited application” and CIS still learned executables that it wanted to start. IN SAFE MODE !!! JESUS CHRIST its paranoia !!! I had to set Defense+ to “Paranoia Mode” but it asks me about just everything what is as much annoing as seeing that everything is learned !!

My questions are :

  1. Is it a common bug in newest version or just my problem ?
  2. What can I do to make CIS to running in real “Safe Mode” rather than “it is set to safe mode but it’s learning everything” mode
  3. Why this happened ? What can I do to prevent this ?

Additional informations:
I’m running clean, freshly installed Windows 7 Professional x86 (MSDNAA) on old Athlon 3200+.

My second os in Win XP. Few hours after updating to newest CIS I lost internet connection on that os… Is it possible that it was CIS update fault ? It was the only thing that I’ve changed before it happened.


Safe programs can run safe programs with no alert in clean PC or safe mode. I think this is OK.

Safe programs can also do direct disk access and install device drivers. I don’t think this is so good as very few programs actually require this and it is very dangerous.

I noticed this and i don’t like this at all. Now we are forced to use Paranoid Mode to get the Alert

Safe mode says “Every action of the safe executable files are learnt”. If you have allowed the app, it will allow it’s actions. I think this is an improvement. I don’t use safe mode because in the past it blocked actions of programs I know are safe such as DvD Flick and cost me hours of lost time. If it doesn’t do that anymore, it’s a good thing.

I still don’t have an answer to my question… Let my clarify that - I’m asking why Comodo overrides my choice and add some apps to list of allowed to be run by for example firefox ? You think it is safe that firefox is treated as “safe application” and can run anything it wants ? Every app run by firefox is added AUTOMATICALLY to list of allowed applications (that can by executed by firefox) - and when I remove them manually - current version of Comodo is learning them again, and again overrides my settings. It’s annoing and not safe at all. I don’t need control of running applications, that learns everything what’s happening on my computer. Defense+ doesn’t defend me against anything in this situation.

PS - 30 minutes ago my CIS just “crashed”. And left me nice report to send…

It does that with Firefox because it is in the trusted vendors list. Anything in there will have full rights. An app that is run by Firefox will still be screened by CIS and popups or warnings will still be displayed if malicious actions are attempted.