if you take a surface look in the rules, you think, “i can purge uninstalled program rules out of the list”.
but when you purge out this rules, there are still rules left. for example:
“explorer.exe, start this program”.
so a malware writer could trust in luck to find usual folders for special programs. as in a lottery he would find someone using comodo cis who had uninstalled a normal program out of the default folder.
now you just simply have to “copy paste” something in this folder adress. with the same name as the uninstalled program.
and it will be executable through explorer.exe. as i showed in another case, there are malicious effects that can be triggered without any further question. the only needed question was: explorer.exe tries to start “test.exe”. after this question all the stuff happened.
and copy and paste is not guarded by comodo cis.
today i erased a lot of “explorer.exe” rules, inside the rules set for defense+ . i dont think that normal users ever see this rules list for each single program itself.
why are not ANY related rules to an uninstalled program cleaned away? until now ONLY the direct program rules can be purged with a button.