I’m not sure if this is a bug or not. I’ll let you decide.
Each time I plug in a new USB device (or an old device to a new USB port) Comodo pops-up asking about services.exe for 4 to 12 times. It seams that services.exe is trying to change the registry and Comodo is intercepting it.
That’s all ok, but the only options Comodo gives are Allow and Block. The third option is grayed out and says “No applicable predefined policies”.
How come I can’t mark services.exe as a Windows system executable ?
I have a Win7 64bit installation with CIS 3.14.129887.586
I understand the motivation for making sure the user intended the device installation, but the amount of times it pops-up for a single USB device inserted is not reasonable. It’s always between 4 and 12 pop-ups.
Please also take into account that this happens even if you plug a device you already used in the past in a different USB port in the computer.
I’m sure most of your users use Windows and use USB devices. I think its a reasonable user experience requirement to avoid this multi-pop-up cascade. I’m sure you can come up with something creative…
Please also take into account that this happens even if you plug a device you already used in the past in a different USB port in the computer.
I’m sure most of your users use Windows and use USB devices. I think its a reasonable user experience requirement to avoid this multi-pop-up cascade. I’m sure you can come up with something creative…
[/quote]
That shouldn’t happen. That indicates that there is a problem with the installation of the actual driver. Are you sure you are allowing for each alert of services.exe?
Try to launch DPC Latency checker executable on Windows 7. Make sure beforehand dpclat.exe is not in the “trusted apps” list or its digital signature is in the “trusted vendors list”.
If there would be no alert(s) dpclat.exe executable tries to modify protected registry key, but instead there would be alerts services.exe tries to modify protected registry keys, then Defense+ does not provide information on W7 what calls services controller.
Wold this USB device be a U3 flash drive? If so, it presents to the OS as multiple devices, based on the partitioning of the flash device. One of the devices will need to load other software from itself into memory to allow the other parts of the device to be read.
Please also take into account that this happens even if you plug a device you already used in the past in a different USB port in the computer.
This, again, is by design. All removable devices and the software on them are always considered untrusted by CIS, regardless of whether you have used the device or the software on it on that particular PC before. This is because the device can, and probably will be, removed from the CIS protected system and used in a non-CIS protected one.
I'm sure most of your users use Windows and use USB devices. I think its a reasonable user experience requirement to avoid this multi-pop-up cascade. I'm sure you can come up with something creative...
A plain vanilla flash drive should, at worst, produce a single alert.
Your “by design” idea is forcing me to switch D+ to Training Mode everytime drivers for new hardware or hotfixes are installing (thus making it useless and extremelly anoying). I will simply NOT clicking on 10 and more pop-ups just to feel “secure”. Do you really think I can get viruses by installing things from Windows Update? Seriously?
I’d like to add that when Win7 updates its Windows Defender settings, services.exe pops-up as well. And this happens every other day. Yet again an annoyance.
This thread seems like a religious user experience war…
In the end user experience wins, either the company “gets it” or another company comes out and takes the market.
Comodo, you have the community’s support, your purist technical approach is not the right path for wide-spread adoption. As many, I give support for my close family, and believe me my mother and sisters do not know how to handle these alerts, and we’re all on “Low” settings. The Threatcast was an engenius move (although still not what it could be), please continue in that direction…
Since I wrote the things above, I had two incidents where I plug in a new wireless mouse\keyboard combo and I can’t approve services.exe as I don’t have a mouse or a keyboard to do so. Only solution is to restart the computer or use a mouse that was already previously approved, or disable Comodo before plugging-in the new mouse\keyboard combo.
Obviously this is a bad flow.
