Why popups for safe applications?

What’s the point of this popup exactly? Parent application is safe, so no real need to annoy user in between.
But if parent application is not safe and tries to launch another unsafe (or safe) application, popup should appear.
This way unnecessary popups wouldn’t even be displayed.
Oh, i’m using Clean PC setting and all subsettings at their “factory” default.


http://i14.photobucket.com/albums/a348/rejzor/th_CIS1513136642.jpg

Parent application safe ≠ child application safe.

Ever heard of silent drive-by downloads? Internet Explorer Mister Safe Parent Application launches malware in the background. Autorun worms? Explorer.exe launches USB malware in the background. And so on and so forth.

It says !You can safely allow blablabla. So it’s safe. And thats what 99% of users would select.

Good spotting RejZoR :slight_smile:

But Solcroft does have a point: just because a parent is safe does not mean any and all child processes are also safe.

It’s the same logic. There’s no telling whether the dll the safe parent application is trying to load as a global hook hasn’t been tampered with by malware, or is malware itself. The parent application was verified, but the dll itself hasn’t and Comodo has no idea whether THAT is safe.

Of course, if you trust a program and all its modules explicitly, you could mark it as a trusted app.

Well, It says “Virtualpc.exe” is trying to install a global hook, It’s safe - So why pop-up?
If Virtualpc was exploited than you would get an alert saing x.exe is attempting to modify virtualpc.exe.
The next pop-up would appear “virtual pc.exe is an unreconized application and is attempting too…” Virtualpc.exe would change and there for wouldnt match the “fingure prints” in comodo’s whitelist.

Hope I made sense? lol ;D

Either way, The wording needs to be changed in comodo’s pop-up.

You’re still talking parent process, Kyle. What if “Virtualpc.exe” (your example) started a new application (child). CIS does not know if this child application is safe (not whitelisted). As a user concerned with safety of their PC, that is a need-to-know situation. That child process may suddenly start making changes to your Registry files or access the Internet or modify another file (of which you should be aware).
I think it is wonderful CIS picks up on this and lets you the user decide if you wish to permit this action to continue.

Seriously one solution to reduce pop ups would be to get people to stop running in Clean PC mode
for ever and ever.

How many miles do you put on a car and still call it “new”.

Clean PC mode is woefully misunderstood.
You see people making posts like I have 3,000 pending files, Now what?
At some point move on to Safe or Custom to take full advantage of the whitelist and or your rules.

Later

PS John and solcroft are right on this one.

I thought whitelisting was only available in Clean-PC mode?

I meant the CIS Safelist aka trusted vendors when I say whitelist.

Okay that’s fair enough, The wording should be changed though. the picture says “IT’s safe to allow this request”

@John, I use Safemode and use the Whitelist.

thank you both.

Um, sorry, Clean PC mode is the lowest mode which blocks stuff and is enabled by default. Your suggestion makes absolutelly no sense what so ever.

Are you sure this DLL file has been on your PC before you switched into Clean PC Mode and it isn’t modified or recreated while you start/use VirtualPC? I scanned my PC and I did not find this DLL file on it although I had installed Virtual PC. What reminds me about an issue I reported a while ago which in fact wasn’t the issue at all but intended behaviour of Defense+. One of developers explained it, here is a quote and the link to original thread.

When the light goes on.
And you say Ohhh I get it.

My post will make perfect sense.

Later

I don’t get it. What’s the point of trusted vendors (digital signatures) list if it’s not even used.
Both, virtualpc.exe and vpckeyboard.dll are digitally signed by Microsoft Corporation which is on the list of trusted applications.
And i also have “Trust the applications digitally signed by trusted vendors” enabled under Defense+.
It sems like CIS doesn’t even check digital signatures. At all.

It doesn’t use the lists or automatically make rules for you because you are in Clean PC mode.

Read the help files about Clean PC vs. Safe mode.

It is a place to start from, not a place to stay.

The higher you go, the more paranoid settings you use. So moving to Safe again makes no sense.
Digitally signed apps should be trusted at all times regardless of mode used (except maybe in paranoid mode).

“Safe” is even worse. It spawned like 6 popups just because i run avast! installer.