Home

How to Tame Comodo Defense+ Without Disabling It

Last Update: Wed, 07/22/2009 - 08:32 — J.L.
 
Introduction
Many of us dislike Comodo's Defense+ simply because it is so naggy. It bombards us with pop-ups, sometimes causing lag, and doesn't seem to trust the safe software we have. This article will show you a series of steps and procedures how to tame this overprotective HIPS
 
A. Your security settings

First of all, in order for the suggestions in this article to work 100% properly, Comodo's Defense+ level must be in "Clean PC Mode". If not, My Pending Files will not automatically detect new potentially dangerous files for you to evaluate. If you don't want that, do not follow section C (reading it may still help you).

Secondly, although optional, checking everything under Defense+ "Monitor Settings" (Defense+ Tab>Advanced>Defense+ Settings>Monitor Settings) will increase your security. It'll cause the alerts to appear more often, but if you follow this guide properly, that won't be of an issue for your trusted programs.

Lastly, both section C and D will not work if your Comodo Defense+ level is "Paranoid Mode".
 
B. Treat this application as ...

First of all, something that quite a few people knows, is the "Treat this application as:" part of a Defense+ alert. In order to view it (if it's hidden), you have to click the more options trigger underneath the message at the left side. There you will see a variety of option, but the 2 most useful are: "Installer or Updater" and "Trusted Application".

  • Actions to perform
  1. Make sure you use it only when Comodo pops-up with an alert regarding the installer or updater file, not explorer or something else.
  2. Checkmark "Treat this application as: Installer or Updater", and click ok.
  3. Make sure Comodo goes into Installation Mode during the installation. Only use this if you are absolutely certain that it can be trusted.
  4. You can also treat file archivers and self extracting archives as Installers and Updaters without making Comodo go into Installation Mode.
  5. Next is "Trusted Application", only do this if the application is 100% safe AND needs unrestricted access to your system.
  6. Checkmark "Treat this application as: Trusted Application" when an alert regarding that application appears, and click ok.
  7. Do the same for other "Treat this application as:" choices.
  • Why this is necessary
  1. This is the easiest way to make Comodo obey you and stay silent.
  2. Installers and updaters, Trusted Applications, etc will be treated with the proper rights and privileges.
  • Benefits of doing so
  1. There will be far less, if any, pop-ups regarding the installation.
  2. Comodo won't nag you about your file archiver whenever you extract your archives again.
  3. Your trusted applications that requires unrestricted access to your system won't be troubled.
  4. You won't have to bother with creating new rules. 
 
C. My pending files

Next is something less known, the "My Pending Files". It monitors all new, unknown to Comodo's database, files that have potentially dangerous extensions.  In order to access it, you have to open Comodo and click "waiting for your review" under "Proactive Defense" in the "Summary" tab.

  • Actions to perform
  1. When the window comes into view, first click "Purge" to get rid of non-existing entries.
  2. Select all the safe and trusted files, and click "Move to: My Own Safe Files".
  3. Select all of the unsafe files (if any) and click "Move to: My Blocked Files".
  4. "Remove" all the useless entries such as files within your recycle bin, and other temporary files.
  5. As for the unknown ones, you'll have to determine what it is by looking at its directory, clicking "Lookup..." (maybe even submitting it to Comodo for analysis), googling, and uploading it to VirusTotal + Anubis (or similar sites). If you come up with nothing, than you might as well remove it from the list, Comodo will still monitor it and spring into action if it does something.
  • Why this is necessary
  1. Comodo won't be overwhelmed with files that it doesn't know about, and become overprotective.
  2. You will have full control over all potentially dangerous files on your system.
  • Benefits of doing so
  1. You will have a more secure and convenient system.
  2. Major decrease in the amount of unnecessary alerts. 
 
 
D. My Own Safe Files & My Trusted Software Vendors

My Safe Files and My Safe Vendors are both useful whitelists that gives additional rights to whatever files or vendors you trust. Although My Pending Files works more efficiently than manually adding files in My Safe Files (especially when you have a large whitelist that'll take a long time to load), this might be better if you're unsure about what you have in your computer. Do not add anything to either unless Comodo keeps on alerting you about a safe file or files from trusted vendors. The locations are: "My Own Safe Files" (Defense+ Tab > Common Tasks > My Own Safe Files), "My Safe Software Vendors" (Defense+ Tab > Common Tasks > My Trusted Software Vendors).

  • Actions to perform
  1. When either windows are open, click add.
  2. Then you can specify whether to manually adds files from your hard drive ("Browse Files..." / "Read from a signed executable...") or manually add files running in your memory, such as your AV ("Browse Running Process" / "Read from a running process").
  3. Select your file or process and press enter.
  4. As for the window of "Browse Files...", you'll have to drag and drop files first from the "Existing items" to the "Selected items". If you made a mistake, you can remove items from "Selected items" by right-clicking the entries and clicking remove / edit, or you can select them and press the delete button on your keyboard. Alternatively, you can click the arrow buttons.
  5. Lastly, you can close "My Own Safe Files" and click either apply or cancel for "My Trusted Software Vendors".
  • Why this is necessary
  1. Same as Section C.
  • Benefits of doing so
  1. Same as section C.
 
E. Remember my answer

Don't always check remember my answer in alerts, which creates rules in Comodo's Security Policies.

  • Actions to perform
  1. Don't check remember my answer for any temporary files.
  2. Examples: Installers/Updaters (unless you keep them in the same directory permanently and need to use them), uninstallers, .tmp files, and anything within temporary directories.
  3. Still press ok, and don't forget about the previous section.
  • Why this is necessary
  1. Comodo's rules won't be cluttered with non-existant entries, in other words, junk.
  • Benefits of doing so
  1. Comodo will respond to you almost immediately.
  2. It will help prevent slowing down of Comodo in the future.
 
F. Purging

It is important to regularly purge old non-existing entries within both its Defense+ rules, Firewall rules, and "My Own Safe Files".

  • Actions to perform
  1. Open up Comodo and go to the "Defense+" tab.
  2. Click "Advanced" at the left side.
  3. Click "Computer Security Policy".
  4. After the window appears, click "Purge" to get rid of non-existant entries.
  5. Do the same for Firewall rules (this time: Firewall tab > Advanced > Network Security Policy), and "My Own Safe Files" (Defense+ Tab > Common Tasks > My Own Safe Files).
  6. More advanced users can manually remove unnecessary rules and create new ones.
  • Why this is necessary
  1. Improved speed and security.
  • Benefits of doing so
  1. Alerts will be more responsive.
  2. Comodo won't confuse malware with the same name and directory as your old nonexistant file.
 
G. Training mode
Lastly, there's the old set Defense+ security level to "Training Mode". I do not recommend it unless you are absolutely sure you have a clean computer and only do safe tasks on it during that time. That may be fine if you are lazy and security conscious, but definitely not if you are forgetful (forgetting to set it back makes it completely useless).
 
Conclusion

By following these practices your computer will be easier to use and better protected. I hope this article helps change your mind about Comodo Defense+.

                                                                        J. L. (Special thanks to Midnightcowboy, peter, and PsychEroc)

 

Bookmark/Search this post with:
4.42857
Average: 4.4 (7 votes)
Your rating: None
#1Submitted by Anonymous on Sat, 08/22/2009 - 15:24.

Thanks for the article. It was helpful. I didn't even know about the "Purge" functions.

#2Submitted by Anonymous on Tue, 08/18/2009 - 15:56.

Your article is fine when Comodo is working as it should. But when it forgets settings constantly even though you ask it to remember and loses configuration settings you have set, then I'm afraid your article is no more useful than the application help file.

#3Submitted by J.L. on Wed, 09/09/2009 - 01:43.

I see.. But isn't that true for any other configurations? You should ask for help in the Comodo forums if you have such a problem.

#4Submitted by J.L. on Sat, 06/27/2009 - 00:47.

Note to all readers, My Pending Files will only automatically detect new potentially dangerous files if you set Defense+ to Clean PC Mode. Next article revision is still awaiting moderation.

#5Submitted by J.L. on Sun, 06/28/2009 - 08:28.

Also, you can enable Defense+ to monitor everything for maximum security by checking all the check boxes here: Defense+ Tab -> Advanced -> Defense+ Settings -> Monitor Settings. The alerts will appear more often, but if you follow this guide properly, that won't be of an issue for your personal programs.

These 2 important things are on the newest revision, but it's still awaiting moderation.

#6Submitted by peter on Sat, 07/04/2009 - 09:22.

If you're an Editor, you're supposed to self-moderate so "publish" whenever you are ready.

#7Submitted by J.L. on Tue, 07/07/2009 - 10:49.

Publish? I've never seen that button anywhere. Screenshot please?
Also I don't think I'm an Editor, yet I can edit pretty much anything here (though I wouldn't dare unless there's serious correction needed). Everything I edit requires moderation.

#8Submitted by Anonymous on Sun, 06/28/2009 - 08:01.

Thank you J.L. your article is excellent.

#9Submitted by J.L. on Sun, 06/28/2009 - 08:15.

You're very welcome. Really, even though many have read this, the replies are scarce..

#10Submitted by MidnightCowboy on Sun, 06/28/2009 - 11:27.

Welcome to the world of virtual journalism where sadly only the negative feedback tends to get posted. Rest assured though that the majority of visitors reading your article will have gone away satisfied without actually saying so!

I can understand this with some of my stuff because they probably fall asleep half way through but yours is maybe deserving of just a bit more comment.

How about tackling the firewall or AV settings next?

#11Submitted by J.L. on Sat, 07/04/2009 - 02:26.

Yes, that is expected, but there are barely any new comments at all (other than replies).

About the firewall and AV, I don't think I can do that (yet).
Currently, I'm using Avira, which is one of the best, something I always look for in security programs, and honestly, I'm a newbie when it comes to firewalls.
Also, I believe the firewall, something that came out since the first version, doesn't really cause much problems at all.

#12Submitted by Anonymous on Mon, 09/07/2009 - 08:27.

Hello JL,
This comment is a direct response to your observation about the few (congratulatory) comments you receive. I am one of the silent majority who really appreciates the huge amount of work that the Tech Alert team does on our behalf, for which I certainly thank you all.

I have used COMODO, Avira, ThreatFire, and Sandboxie, for a few years - indeed all my security is based solely on Gizmo's advice and recommendations.

#13Submitted by PsychEroc on Wed, 06/24/2009 - 17:04.

See also: Configuring CIS for Maximum Security with ZERO Alerts for Novices

#14Submitted by Anonymous on Mon, 06/22/2009 - 16:02.

I honestly believe the above is far beyond the scope of most novice computer users. I personally installed Outpost on Gizmos recommendation and think it is very reliable indeed. I 'trust' it is working well, because my knowledge and understanding of how firewalls actually work is very very limited. IMHO Comodo needs to create software that installs and creates great defence, without the recipient having to tinker too much. I understand this is probably impossible for free versions of anything, and you only get what you pay for. Nevertheless, if Comodos popularity were to diminish, that would have a negative affect on their R&D budget one would expect, thus the downward spiral of consumer appreciation begins. How much longer would the 'Ask toolbar' deal be offered to them? The consumer today expects a quality product, hassle free install, and strong performance from their freeware. If the latter qualities are not offered, then, thanks to great reviews from sites like Gizmos, we will choose other options.

#15Submitted by Anonymous on Mon, 06/22/2009 - 19:48.

I agree with the OP. About 1 1/2 years ago, I tried Comodo D+. I'm not a super-techie. But I'm not a novice either. My experience with Comodo's HIPS program was nightmarish. Simply put, it was too complicated, there were too many pop-ups, and I eventually found myself clicking on whatever it took to quiet it down. The nightmare worsened when I tried to uninstall Comodo. It left a ton of junk on my system. Ultimately, I had to perform surgery on my registry to try to get most of it out.

During that period, I had frequented Comodo's forum numerous times and asked polite questions, but received either rude or unhelpful answers.

Shortly after removing Comodo, I discovered Sandboxie. What a breath of fresh air. Forget HIPS!!! Sandboxing is the way to go...at least for me. I've been a happy user of Sandboxie ever since.

#16Submitted by J.L. on Mon, 06/22/2009 - 16:21.

Sorry that this article is in its oldest format, I'm contacting Gizmo about the newest revision. For now, it'll be like this..
Please comment at the forum: http://www.techsupportalert.com/freeware-forum/security/1155-how-to-tame...

#17Submitted by J.L. on Wed, 06/24/2009 - 18:20.

Ok, newest revision up, should've just re-edited it the first time...

#18Submitted by peter on Mon, 06/22/2009 - 21:17.

You have to understand that we try to help, or perhaps exchange information with, ALL users, from beginners to true experts.
We can readily accept that this article "is far beyond the scope of most novice computer users". But we will continue to present a very broad range of material, that we hope appeals to our ever-widening circle of readers.

#19Submitted by Anonymous on Tue, 06/23/2009 - 00:23.

Yes Peter. I am in complete agreement with you. I apologise if my opening comments created any impression of critisism towards the original author, or Gizmos. Upon reading again, i can see how you may think this. I considered myself a beginner when i first discovered this great site. I now have a much broader spectrum of understanding computers, and various sofrware thanks to the mighty Gizmo. I personally, will never reach the competence level of a techie or geek. But i am very thankful to all contributors to this wonderful site. Once again, my sincere apologies for any misunderstanding created.

#20Submitted by MidnightCowboy on Tue, 06/23/2009 - 13:35.

For the vendors it's a very difficult road to tread. I had many exchanges with Comodo's Melih during the transition from CIS 3.5-3.9 Final so I know the challenges involved with getting these things to work. The fact is that the majority of users want maximum protection with minimum popups and user input. The greater percentage even want to make no adjustments to their default install settings. It is trying to build this level of usability into these products which causes many of the issues, and not necessarily faults in the way individual components have been coded. Readers of my various ramblings elsewhere on the site will already know that my personal preference is for a layered approach involving a combination of several components. It's not that I'm against suites, far from it, but I would just like to see one forum which doesn't fill up with bug reports and error messages. From my experience all of the top solutions in this category eventually throw up issues which the majority of "ordinary" users cannot manage. To this end they then usually ignore what is presented by hitting "allow" to kill the alert. Thus their protection becomes degraded and one of the reasons why so many with these applications still get infected.

There are tutorials already in existence for Defense+ but I appreciate J.L.'s attempt to add to them.

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <b> <address> <blockquote> <br> <caption> <center> <code> <dd> <del> <div> <dl> <dt> <em> <font> <h2> <h3> <h4> <h5> <h6> <hr> <i> <img> <li> <ol> <p> <pre> <span> <strong> <sub> <sup> <table> <tbody> <td> <tfoot> <th> <thead> <tr> <u> <ul> <tr>
  • Lines and paragraphs break automatically.
  • [node:123] - insert full text (themed by theme('node'))
    [node:123 body] - insert node's body
    [node:123 teaser] - insert node's teaser
    [node:123 link] - insert link to node
    [node:123 collapsed] - insert collapsed node's body
  • You may use [view:viewname] tags to display listings of nodes.

More information about formatting options