Gizmos Needs You

Gizmo's Freeware is Recruiting

 We are looking for people with skills or interest in the following areas:
 -  Mobile Platform App Reviews for Android and iOS
 -  Windows, Mac and Linux software reviews       Interested? Click here



How to Tame Comodo Defense+ 3 Without Disabling It


Many of us dislike Comodo's Defense+ simply because it is so naggy. It bombards us with pop-ups, sometimes causing lag, and doesn't seem to trust the safe software we have. This article will show you a series of steps and procedures how to tame this overprotective HIPS

This article is outdated, and for Comodo Firewall Version 3. Please do not use it as your only guide, especially on later versions.

A. Your security settings

First of all, in order for the suggestions in this article to work 100% properly, Comodo's Defense+ level must be in "Clean PC Mode". If not, My Pending Files will not automatically detect new potentially dangerous files for you to evaluate. If you don't want that, do not follow section C (reading it may still help you).

Secondly, although optional, checking everything under Defense+ "Monitor Settings" (Defense+ Tab>Advanced>Defense+ Settings>Monitor Settings) will increase your security. It'll cause the alerts to appear more often, but if you follow this guide properly, that won't be of an issue for your trusted programs.

Lastly, both section C and D will not work if your Comodo Defense+ level is "Paranoid Mode".

B. Treat this application as ...

First of all, something that quite a few people knows, is the "Treat this application as:" part of a Defense+ alert. In order to view it (if it's hidden), you have to click the more options trigger underneath the message at the left side. There you will see a variety of option, but the 2 most useful are: "Installer or Updater" and "Trusted Application".

  • Actions to perform
  1. Make sure you use it only when Comodo pops-up with an alert regarding the installer or updater file, not explorer or something else.
  2. Checkmark "Treat this application as: Installer or Updater", and click ok.
  3. Make sure Comodo goes into Installation Mode during the installation. Only use this if you are absolutely certain that it can be trusted.
  4. You can also treat file archivers and self extracting archives as Installers and Updaters without making Comodo go into Installation Mode.
  5. Next is "Trusted Application", only do this if the application is 100% safe AND needs unrestricted access to your system.
  6. Checkmark "Treat this application as: Trusted Application" when an alert regarding that application appears, and click ok.
  7. Do the same for other "Treat this application as:" choices.
  • Why this is necessary
  1. This is the easiest way to make Comodo obey you and stay silent.
  2. Installers and updaters, Trusted Applications, etc will be treated with the proper rights and privileges.
  • Benefits of doing so
  1. There will be far less, if any, pop-ups regarding the installation.
  2. Comodo won't nag you about your file archiver whenever you extract your archives again.
  3. Your trusted applications that requires unrestricted access to your system won't be troubled.
  4. You won't have to bother with creating new rules. 
C. My pending files

Next is something less known, the "My Pending Files". It monitors all new, unknown to Comodo's database, files that have potentially dangerous extensions.  In order to access it, you have to open Comodo and click "waiting for your review" under "Proactive Defense" in the "Summary" tab.

  • Actions to perform
  1. When the window comes into view, first click "Purge" to get rid of non-existing entries.
  2. Select all the safe and trusted files, and click "Move to: My Own Safe Files".
  3. Select all of the unsafe files (if any) and click "Move to: My Blocked Files".
  4. "Remove" all the useless entries such as files within your recycle bin, and other temporary files.
  5. As for the unknown ones, you'll have to determine what it is by looking at its directory, clicking "Lookup..." (maybe even submitting it to Comodo for analysis), googling, and uploading it to VirusTotal + Anubis (or similar sites). If you come up with nothing, than you might as well remove it from the list, Comodo will still monitor it and spring into action if it does something.
  • Why this is necessary
  1. Comodo won't be overwhelmed with files that it doesn't know about, and become overprotective.
  2. You will have full control over all potentially dangerous files on your system.
  • Benefits of doing so
  1. You will have a more secure and convenient system.
  2. Major decrease in the amount of unnecessary alerts. 
D. My Own Safe Files & My Trusted Software Vendors

My Safe Files and My Safe Vendors are both useful whitelists that gives additional rights to whatever files or vendors you trust. Although My Pending Files works more efficiently than manually adding files in My Safe Files (especially when you have a large whitelist that'll take a long time to load), this might be better if you're unsure about what you have in your computer. Do not add anything to either unless Comodo keeps on alerting you about a safe file or files from trusted vendors. The locations are: "My Own Safe Files" (Defense+ Tab > Common Tasks > My Own Safe Files), "My Safe Software Vendors" (Defense+ Tab > Common Tasks > My Trusted Software Vendors).

  • Actions to perform
  1. When either windows are open, click add.
  2. Then you can specify whether to manually adds files from your hard drive ("Browse Files..." / "Read from a signed executable...") or manually add files running in your memory, such as your AV ("Browse Running Process" / "Read from a running process").
  3. Select your file or process and press enter.
  4. As for the window of "Browse Files...", you'll have to drag and drop files first from the "Existing items" to the "Selected items". If you made a mistake, you can remove items from "Selected items" by right-clicking the entries and clicking remove / edit, or you can select them and press the delete button on your keyboard. Alternatively, you can click the arrow buttons.
  5. Lastly, you can close "My Own Safe Files" and click either apply or cancel for "My Trusted Software Vendors".
  • Why this is necessary
  1. Same as Section C.
  • Benefits of doing so
  1. Same as section C.
E. Remember my answer

Don't always check remember my answer in alerts, which creates rules in Comodo's Security Policies.

  • Actions to perform
  1. Don't check remember my answer for any temporary files.
  2. Examples: Installers/Updaters (unless you keep them in the same directory permanently and need to use them), uninstallers, .tmp files, and anything within temporary directories.
  3. Still press ok, and don't forget about the previous section.
  • Why this is necessary
  1. Comodo's rules won't be cluttered with non-existant entries, in other words, junk.
  • Benefits of doing so
  1. Comodo will respond to you almost immediately.
  2. It will help prevent slowing down of Comodo in the future.
F. Purging

It is important to regularly purge old non-existing entries within both its Defense+ rules, Firewall rules, and "My Own Safe Files".

  • Actions to perform
  1. Open up Comodo and go to the "Defense+" tab.
  2. Click "Advanced" at the left side.
  3. Click "Computer Security Policy".
  4. After the window appears, click "Purge" to get rid of non-existant entries.
  5. Do the same for Firewall rules (this time: Firewall tab > Advanced > Network Security Policy), and "My Own Safe Files" (Defense+ Tab > Common Tasks > My Own Safe Files).
  6. More advanced users can manually remove unnecessary rules and create new ones.
  • Why this is necessary
  1. Improved speed and security.
  • Benefits of doing so
  1. Alerts will be more responsive.
  2. Comodo won't confuse malware with the same name and directory as your old nonexistant file.
G. Training mode
Lastly, there's the old set Defense+ security level to "Training Mode". I do not recommend it unless you are absolutely sure you have a clean computer and only do safe tasks on it during that time. That may be fine if you are lazy and security conscious, but definitely not if you are forgetful (forgetting to set it back makes it completely useless).

By following these practices your computer will be easier to use and better protected. I hope this article helps change your mind about Comodo Defense+.

J_ L (Special thanks to Midnightcowboy, peter, and PsychEroc)

Share this
Average: 3.9 (15 votes)
Your rating: None


by AnonymousUser2393we4 (not verified) on 1. June 2012 - 17:07  (94285)

This program even set to low settings seems to cause a significant amount of lag for many different games. It is nigh and day difference the difference of lag by completely disabling the defense+

I do only have a single core 2.0ghz CPU but also have 2GB of RAM and this is clearly noticeable.

It took me a while to figure where the lag was coming from, I even tried a reinstall and the lag is for sure coming from the defense+.

by Eric-Jan H te A (not verified) on 17. May 2011 - 16:24  (72107)

I think it is unwise to assign installer privilege to your archiver program. In this state your archiver will be able to overwrite crucial system files with hand crafted virus ones.

Something you definitely don't want without being alerted.

by tja23 (not verified) on 3. October 2010 - 3:14  (58939)

I don't believe this information is valid for the new version of Comodo Firewall: v5.0.163652.1142

Thanks J.L., a lot of good info for the older version, though.

by MidnightCowboy on 3. October 2010 - 7:02  (58942)

This article has been left in place because a lot of users are still with the older version. A tutorial for the new version is located here:

by Chiron on 3. October 2010 - 16:01  (58966)

These steps will only work with V3 and older of Comodo Firewall. Things have changed since then. Maybe the name should be changed to represent that.

by Rhino (not verified) on 25. August 2010 - 14:03  (56695)

Does anyone here remember Windows 3, how fast and sleek, as compared to Windows 7. Comodo is hands-on software, I really enjoy that. If you are not a hands-on person, you may be happier with a commercial product that uses " GatesWare, We Do It All So You Don't Have To" approach. If you are a hands-on person, Comodo is a fine product and praise to all who contribute here.

by AnonymousE (not verified) on 20. August 2010 - 19:28  (56436)

This is a pretty poor write up - perhaps the content in it is good - but few will benifit from poor instruction. Maybe a re-write and some general feedback and tweaking - and we can all tame this naggy queen.

by kendall.a on 21. August 2010 - 4:05  (56453)

If you have something constructive to say then please give us detailed suggestions. To say "This is a pretty poor write up" with no substantial suggestions is just rude and unhelpful. Our editors volunteer their time to try to help everyone else. Your comments were less than helpful and offensive to the writer.

Future comments of a similar nature will be deleted.

by Rhino (not verified) on 25. August 2010 - 13:21  (56690)


This person would make a great politician or news anchor, They tell us about the problem, they themself are not intellegent enough to offer a solution, KUDO's KENDALL

by Homo Habilis (not verified) on 25. August 2010 - 3:01  (56675)

Don't listen to him, Kendall - the guy can't even spell "benefit".

by Anonymous on 1. April 2010 - 13:31  (46672)

As a new silver surfer I find the COMODO defense+ alert very frustrating..

Every time it appears on my screen the computer locks and the arrow will not move for me to even respond to its requests it appears on my screen with increasingly regularity it means I sit for long periods of time waiting for it to disappear before I can resume my tasks.......

I am sure this is not what is meant to happen and would appreciate any one who can tell me what to do in these circumstances

by MidnightCowboy on 1. April 2010 - 15:16  (46694)

This sounds very much like a system conflict with another security program which you either have installed, or did do previously and bits of it have got left behind. If you would like some specific help with identifying the cause of this issue then please register and post here in the forum.

by HeWhoRocks on 9. March 2010 - 23:04  (45271)

I was just leak testing my ZA firewall here and it failed. I then reinstalled comodo and went to test it on the same site, but because i thought i'd give comodo dns a whirl, my ip is now not my ip, and i can't do the test. Would you happen to know how to disable comodo dns?

by J_L on 9. March 2010 - 23:14  (45273)
by HeWhoRocks on 9. March 2010 - 23:31  (45274)

Doh, i did not think of that: man do i feel silly. Thanks J.L, problem solved.

by Anonymous on 22. August 2009 - 15:24  (31332)

Thanks for the article. It was helpful. I didn't even know about the "Purge" functions.

by Anonymous on 18. August 2009 - 15:56  (31086)

Your article is fine when Comodo is working as it should. But when it forgets settings constantly even though you ask it to remember and loses configuration settings you have set, then I'm afraid your article is no more useful than the application help file.

by J_L on 9. September 2009 - 1:43  (32352)

I see.. But isn't that true for any other configurations? You should ask for help in the Comodo forums if you have such a problem.

by J_L on 27. June 2009 - 0:47  (24402)

Note to all readers, My Pending Files will only automatically detect new potentially dangerous files if you set Defense+ to Clean PC Mode. Next article revision is still awaiting moderation.

by J_L on 28. June 2009 - 8:28  (24450)

Also, you can enable Defense+ to monitor everything for maximum security by checking all the check boxes here: Defense+ Tab -> Advanced -> Defense+ Settings -> Monitor Settings. The alerts will appear more often, but if you follow this guide properly, that won't be of an issue for your personal programs.

These 2 important things are on the newest revision, but it's still awaiting moderation.

by peter on 4. July 2009 - 9:22  (24624)

If you're an Editor, you're supposed to self-moderate so "publish" whenever you are ready.

by J_L on 7. July 2009 - 10:49  (24766)

Publish? I've never seen that button anywhere. Screenshot please?
Also I don't think I'm an Editor, yet I can edit pretty much anything here (though I wouldn't dare unless there's serious correction needed). Everything I edit requires moderation.

by Anonymous on 28. June 2009 - 8:01  (24448)

Thank you J.L. your article is excellent.

by J_L on 28. June 2009 - 8:15  (24449)

You're very welcome. Really, even though many have read this, the replies are scarce..

by MidnightCowboy on 28. June 2009 - 11:27  (24459)

Welcome to the world of virtual journalism where sadly only the negative feedback tends to get posted. Rest assured though that the majority of visitors reading your article will have gone away satisfied without actually saying so!

I can understand this with some of my stuff because they probably fall asleep half way through but yours is maybe deserving of just a bit more comment.

How about tackling the firewall or AV settings next?

by J_L on 4. July 2009 - 2:26  (24483)

Yes, that is expected, but there are barely any new comments at all (other than replies).

About the firewall and AV, I don't think I can do that (yet).
Currently, I'm using Avira, which is one of the best, something I always look for in security programs, and honestly, I'm a newbie when it comes to firewalls.
Also, I believe the firewall, something that came out since the first version, doesn't really cause much problems at all.

by Anonymous on 7. September 2009 - 8:27  (32266)

Hello JL,
This comment is a direct response to your observation about the few (congratulatory) comments you receive. I am one of the silent majority who really appreciates the huge amount of work that the Tech Alert team does on our behalf, for which I certainly thank you all.

I have used COMODO, Avira, ThreatFire, and Sandboxie, for a few years - indeed all my security is based solely on Gizmo's advice and recommendations.

by PsychEroc on 24. June 2009 - 17:04  (24332)
by Anonymous on 22. June 2009 - 16:02  (24242)

I honestly believe the above is far beyond the scope of most novice computer users. I personally installed Outpost on Gizmos recommendation and think it is very reliable indeed. I 'trust' it is working well, because my knowledge and understanding of how firewalls actually work is very very limited. IMHO Comodo needs to create software that installs and creates great defence, without the recipient having to tinker too much. I understand this is probably impossible for free versions of anything, and you only get what you pay for. Nevertheless, if Comodos popularity were to diminish, that would have a negative affect on their R&D budget one would expect, thus the downward spiral of consumer appreciation begins. How much longer would the 'Ask toolbar' deal be offered to them? The consumer today expects a quality product, hassle free install, and strong performance from their freeware. If the latter qualities are not offered, then, thanks to great reviews from sites like Gizmos, we will choose other options.

by Anonymous on 22. June 2009 - 19:48  (24258)

I agree with the OP. About 1 1/2 years ago, I tried Comodo D+. I'm not a super-techie. But I'm not a novice either. My experience with Comodo's HIPS program was nightmarish. Simply put, it was too complicated, there were too many pop-ups, and I eventually found myself clicking on whatever it took to quiet it down. The nightmare worsened when I tried to uninstall Comodo. It left a ton of junk on my system. Ultimately, I had to perform surgery on my registry to try to get most of it out.

During that period, I had frequented Comodo's forum numerous times and asked polite questions, but received either rude or unhelpful answers.

Shortly after removing Comodo, I discovered Sandboxie. What a breath of fresh air. Forget HIPS!!! Sandboxing is the way to least for me. I've been a happy user of Sandboxie ever since.