With CIS v3.8 do you get less pop ups compared to previous versions?

I’d suggest checking how you have set up your rules. Are you importing your rules as you upgrade?

I had a similar prob when I went 3.5 to .8. A clean reinstall solved it.

I certainly can’t help but mess with the rules, and thus eventually cause myself probs. For instance, I often will set something to “alway’s ask”. We got lot’s of power with the Comodo firewall.

Thanks, but everything is as default as it could be. No import/export and CIS simply learns in Clean PC Mode that I execute Opera and give it network access (“treat as browser”). I don’t edit any D+ rules. Then, when attempting to download any file in Opera (or IE), the warning comes, every time.

Ok, well, now you’ve found out how deep my understanding of this all is. lol.

I use CIS on full blast, and live with the consequences.

But, I recently did the MS updates. And, similar to your comment, the MSRT had to modify, create?, a folder and had to modify some registry key’s. I know that cause I did get D+ notices.

Maybe my notices were because MS was messing with protected areas. I don’t know, I haven’t researched.

Maybe your notices are because of where you save your downloads? Or, are you running your downloads instead of saving them? I am, right now, recalling being prompted with a D+ when downloading some programs, and it always had to do with creating a folder.

Anyway, just trying to help jog the thoughts. If you find a answer to your question that works, please post!

Thank you for the ideas. :slight_smile:

As for MS Updates I can’t tell, I always disable D+ when updating because I don’t want it to learn things about temporary installers etc. But I guess your observation of MS messing with protected areas is correct, that would make sense, it’s OS updates after all.

No, just saving the .exe downloads, always in My Documents… “Opera is trying to create xyz.exe”… Perhaps making Opera a trusted application in D+ would work, but I’m not sure it’s a good idea, with regards to the security aspects of letting D+ trust a program which may be targeted for attacks.

If this gets resolved, I’ll try to remember posting here. :slight_smile:

Is My Documents a protected folder? I never get that alert. :-\ I use Safe Mode (FW/D+).

To the best of my knowledge, My Documents folder has never been protected by default (and I have never added it either).

I have noticed on my PC I can download from firefox without a pop-up but not from IE. In computer security policy *.exe is automatically added to firefox but not IE. This is in clean PC mode. Looks like a bug to me. The worst bit is IE 8 downloaded 230 MB before it complained that it could not save it.

Odd, I thought browsers were treated in the same way by D+, being nothing else than just .exe-files. It’s rather the Firewall that offers special profiles for browsers.

It looks like if ANY safe application writes to an exe file for some reason it is immediately gets a rule allowing it to write to *.exe (I wish it would not do this. It needs a setting, like firewall, for more or less rules).

For some reason it does not do this for IE 8. I am clean PC mode and it is not in my pending files so it should be safe. So I get a pop-up each time I download with IE 8. As I use firefox all the time I only recently noticed this.

I suppose this is the case in Clean PC Mode. As far as I know: You can tweak whether D+ should ask you about an .exe file executing another .exe file, but you can’t tweak D+ to ask you about an .exe file creating another .exe file.

No harm in letting the browser create the file, trying to run it though, is another thing… unless I’ve missed something here I’d like to see this option in D+. :-La

But protection for creating is same as protection for writing to an existing exe. This IS dangerous.

I’d rather say, the only potentially malicious event would be executing an .exe-file, not just getting it on the HDD… I wouldn’t mind some dangerous website making Opera create an .exe file on my HDD (although getting Opera to block itself would be nice, like Firefox+NoScript would do :)), but I’d mind a dangerous website making Opera execute the .exe file. You can have tons of malware on your machine but they do no harm unless executed.

Isn’t the pop up precisely because you are in Clean PC mode, and it is a New .exe

Haven’t thought of it that way before, but it sounds reasonable. If so, I would prefer CIS giving an alert only when executing this new downloaded file… For example you can drag & drop new, unknown files from a USB stick or likewise. This will cause no warning, but they are still entering the system as unknown files, similar to downloading something from the Internet. It would be sufficient (for me) to get a warning if these files were to be executed, no matter if their origin is a USB stick or created by the browser.

Well now I’m not so sure my first assessment was right.
I just downloded a couple of .exe in IE & FF D+ in Safe Mode(where I normally run) No Pop ups.
Switched to Clean PC and did same experiment still No Pop ups.

So if I was completely right I should have gotten Pop ups, so there must be something more to this.
Unless my existing rules from running in Safe mode skewed the result.

Maybe you could test by just flipping to safe mode and trying a download and see if it pops or learns.


Strange, Frogger. ???

I did try Safe Mode as soon as you posted your previous message, I didn’t tell you though. The result was the same, I got a popup when downloading a .exe file.

There should be a pop-up when executing a new or modified exe in clean PC mode but not when downloading. I think it is a bug. Executing is the most dangerous thing, not downloading or modifying the file.

Leoni, what OS are you using ?

I may be able to try and recreate this to see if you just have some setting wanked or not?

@ tcarrbrion,

I agree with your perspective.


:-TU tcarrbrion & Bad Frogger

Thank you for the attention. I’m on XP SP3, just CIS running (12 processes including cfp.exe & cmdagent.exe, + 1 process for Opera or IE8). The CIS version is currently the .494 beta but this alert has been around for ages, regardless of version.

I am on vista SP1 with the latest 3.8 of CIS and firefox can write to any exe but IE 8 cannot. I found one other program that can write to *.exe and quite a few programs can write to *.dll. None of these were added by me. In earlier versions I allowed firefox to just write to any file in the downloads directory but that is pointless now as it can write anywhere. I have not tried 3.9 yet.