porkpiehat

Level 5
Hi, would it be possible to create a custom rule, that assigns a 'untrusted/unrecognised' rule to every file that I download/run from my 'malware' folder? cheers.
 
Reactions: Moose

porkpiehat

Level 5
ok, I've set up the rule, with 'block' and 'quarantine' as the actions.... downloaded the 'adware fake optimizer' into the 'malware' folder, and run the fake optimizer program... which alerts UAC and proceeds with its 'select a language' installer... at what point should Comodo have jumped on it and blocked/quarantined the program?
 

jamescv7

Level 61
Trusted
Verified
@porkpiehat : The first protocol is quarantine them for safe keeping purpose as much as possible, especially for probably FP rates that you can restore anytime.

Blocked can be acceptable that which only prevent the execution but not removing the totality of file existence.
 
Reactions: porkpiehat

porkpiehat

Level 5
update, I re installed CIS, and everything is working as it should... click on file, and BAM...GO TO JAIL!! happy days :)
 
H

hjlbx

ok, I've set up the rule, with 'block' and 'quarantine' as the actions.... downloaded the 'adware fake optimizer' into the 'malware' folder, and run the fake optimizer program... which alerts UAC and proceeds with its 'select a language' installer... at what point should Comodo have jumped on it and blocked/quarantined the program?
@porkpiehat

You set up rule for auto-sandbox to Block the execution of any Unrecognized file - then auto-quarantine that file... is this correct ?
 

porkpiehat

Level 5
actually, I've just discovered that EAM was screwing up the auto sandbox rules... now that I've deleted EAM everything is being caught... although I'm chuffed that Comodo is working, I'm totally gutted that I cannot run EAM with it.... ho hum!!