- Dec 29, 2014
- 1,711
Starting a project to refine Comodo, but it will take some time. I first got this thought tonight looking at the Firewall rules, and I was having success finding information on ip ranges and then creating rules for applications. This has long been something I have wanted to do, but I then moved forward a little bit, creating ask rules for all of what Comodo defines Temp files and then also for the File Group Windows Sockets. Just simple ask rules, but I started to get that feeling about the config where I wanted more:emoji_sob:
. Only difference this time is I felt for the first time that I can do this, especially starting with the Firewall rules. I think it's going to easily be the best place to start for me.
Hope is to build a default scheme down the road that anyone can use. So to get everyone warmed up, I went looking around and quickly found a list of all executable files. I don't think this is by any means all of them, but I am not 100% satisfied with Comodo's list of executables. That said, I'm not worried, because the strength of Comodo is really in the Container and generally in the default deny concept. However, I do sense that there could be some interesting revelations down the line as the fairies are dancing in my head for creating location rules, such as we see in Easy File Locker for protection of files and backups and then also possibly some new HIPs groups which could be associated with limited HIPs monitoring, meaning only some of the 16 HIPs categories put into action (i.e. interprocess memory access, Write to a Protected Zone, Process Execution, etc.).
OK, for laughs to start here is the list of executables I found:
A few pop into my mind that I don't see here, and those would be .msi, .mui, and .msc. Not sure about things like .cpl and .mmc.
So that's it. If anyone would like to chime in with anything here anytime, please do. I have started a new config I am calling Experimental Proactive. I saved my current state and then imported it by the name for the new profile. As of now, I am using that profile, but I can go back if necessary. If I can make good enough progress, I will then turn to coming up with some nice default rules. That will be a big challenge, so I'll probably have to go back to a brand new OS image and Comodo firewall installation to do this, so there won't be ANY clutter...just great rules.
Welcome any and all contributors. This may take months, maybe over a year, but I will try to keep good logs in Evernote and then pass them here from time to time...:emoji_v::emoji_fingers_crossed::emoji_fist::emoji_pray:
. Only difference this time is I felt for the first time that I can do this, especially starting with the Firewall rules. I think it's going to easily be the best place to start for me.Hope is to build a default scheme down the road that anyone can use. So to get everyone warmed up, I went looking around and quickly found a list of all executable files. I don't think this is by any means all of them, but I am not 100% satisfied with Comodo's list of executables. That said, I'm not worried, because the strength of Comodo is really in the Container and generally in the default deny concept. However, I do sense that there could be some interesting revelations down the line as the fairies are dancing in my head for creating location rules, such as we see in Easy File Locker for protection of files and backups and then also possibly some new HIPs groups which could be associated with limited HIPs monitoring, meaning only some of the 16 HIPs categories put into action (i.e. interprocess memory access, Write to a Protected Zone, Process Execution, etc.).
OK, for laughs to start here is the list of executables I found:
Executable Files
Executable files contain code that is run when the file is opened. Windows programs, Mac OS X applications, scripts, and macros are all considered executable files. Since these file types run code when opened, unknown executable files, such as those received as e-mail attachements, should not be opened.
Common executable file extensions include .EXE, .APP, .VB, and .SCR.
Executable files contain code that is run when the file is opened. Windows programs, Mac OS X applications, scripts, and macros are all considered executable files. Since these file types run code when opened, unknown executable files, such as those received as e-mail attachements, should not be opened.
Common executable file extensions include .EXE, .APP, .VB, and .SCR.
| File Extension | File Type | Popularity |
| .0XE | F-Secure Renamed Virus File | 170 |
| .73K | TI-73 Application | 171 |
| .89K | TI-89 Application | 190 |
| .8CK | TI-84 Plus C Silver Edition Application File | 135 |
| .A6P | Authorware 6 Program | 162 |
| .A7R | Authorware 7 Runtime File | 189 |
| .AC | Autoconf Script | 183 |
| .ACC | GEM Accessory File | 250 |
| .ACR | ACRobot Script | 220 |
| .ACTC | Action(s) Collection File | 175 |
| .ACTION | Automator Action | 209 |
| .ACTM | AutoCAD Action Macro File | 271 |
| .AHK | AutoHotkey Script | 191 |
| .AIR | Adobe AIR Installation Package | 193 |
| .APK | Android Package File | 167 |
| .APP | macOS Application | 196 |
| .APP | FoxPro Generated Application | 272 |
| .APP | Symbian OS Application | 284 |
| .APPLESCRIPT | AppleScript File | 223 |
| .ARSCRIPT | ArtRage Script | 400 |
| .ASB | Alphacam Stone VB Macro File | 350 |
| .AZW2 | Kindle Active Content App File | 267 |
| .BA_ | Renamed BAT File | 233 |
| .BAT | DOS Batch File | 202 |
| .BEAM | Compiled Erlang File | 325 |
| .BIN | Unix Executable File | 181 |
| .BIN | Generic Binary Executable File | 189 |
| .BTM | 4DOS Batch File | 400 |
| .CACTION | Automator Converter Action | 157 |
| .CEL | Celestia Script File | 275 |
| .CELX | Celestia Script | 208 |
| .CGI | Common Gateway Interface Script | 190 |
| .CMD | Windows Command File | 179 |
| .COF | MPLAB COFF File | 210 |
| .COFFEE | CoffeeScript JavaScript File | 209 |
| .COM | DOS Command File | 209 |
| .COMMAND | Terminal Command File | 200 |
| .CSH | C Shell Script | 275 |
| .CYW | Rbot.CYW Worm File | 200 |
| .DEK | Eavesdropper Batch File | 233 |
| .DLD | EdLog Compiled Program | 229 |
| .DMC | Medical Manager Script | 400 |
| .DS | TWAIN Data Source | 271 |
| .DXL | Rational DOORS Script | 400 |
| .E_E | Renamed EXE File | 267 |
| .EAR | Java Enterprise Archive File | 219 |
| .EBM | EXTRA! Basic Macro | 229 |
| .EBS | E-Run 1.x Script | 200 |
| .EBS2 | E-Run 2.0 Script File | 177 |
| .ECF | SageCRM Component File | 223 |
| .EHAM | ExtraHAM Executable File | 356 |
| .ELF | Nintendo Wii Game File | 188 |
| .EPK | LG Firmware Package | 233 |
| .ES | SageCRM Script File | 400 |
| .ESH | Extended Shell Batch File | 300 |
| .EX4 | MetaTrader 4 Program File | 222 |
| .EX5 | MetaTrader 5 Program File | 250 |
| .EX_ | Compressed Executable File | 221 |
| .EX_ | Renamed Windows Executable File | 194 |
| .EXE | Windows Executable File | 173 |
| .EXE | PortableApps.com Application | 223 |
| .EXE1 | Renamed EXE File | 225 |
| .EXOPC | ExoPC Application | 400 |
| .EZS | EZ-R Stats Batch Script | 300 |
| .EZT | EZT Malicious Worm File | 375 |
| .FAS | Compiled Fast-Load AutoLISP File | 227 |
| .FAS | QuickSilver Fast Save Lisp File | 267 |
| .FKY | FoxPro Macro | 267 |
| .FPI | FPS Creator Intelligence Script | 233 |
| .FRS | Flash Renamer Script | 200 |
| .FXP | FoxPro Compiled Program | 170 |
| .GADGET | Windows Gadget | 206 |
| .GPE | GP2X Video Game | 217 |
| .GPU | GP2X Utility Program | 200 |
| .GS | Geosoft Script | 271 |
| .HAM | HAM Executable File | 500 |
| .HMS | HostMonitor Script File | 200 |
| .HPF | HP9100A Program File | 500 |
| .HTA | HTML Application | 233 |
| .ICD | SafeDisc Encrypted Program | 191 |
| .IIM | iMacro Macro File | 237 |
| .IPA | iOS Application | 177 |
| .IPF | SMS Installer Script | 350 |
| .ISU | InstallShield Uninstaller Script | 215 |
| .ITA | VTech InnoTab Application File | 400 |
| .JAR | Java Archive File | 173 |
| .JS | JScript Executable Script | 229 |
| .JSE | JScript Encoded File | 350 |
| .JSF | Java Script Command File | 226 |
| .JSX | ExtendScript Script File | 173 |
| .KIX | KiXtart Script File | 283 |
| .KSH | Unix Korn Shell Script | 360 |
| .KX | KiXtart Tokenized Script File | 325 |
| .LO | Interleaf Compiled Lisp File | 300 |
| .LS | LightWave LScript File | 300 |
| .M3G | Mobile 3D Graphics Program | 169 |
| .MAC | Application Macro File | 300 |
| .MAM | Microsoft Access Macro | 333 |
| .MCR | 3ds Max Macroscript File | 193 |
| .MCR | Tecplot Macro | 209 |
| .MEL | Maya Embedded Language File | 240 |
| .MEM | Macro Editor Macro | 333 |
| .MIO | MioEngine Application File | 350 |
| .MLX | MATLAB Live Script | 233 |
| .MM | NeXtMidas Macro File | 242 |
| .MPX | FoxPro Compiled Menu Program | 225 |
| .MRC | mIRC Script File | 233 |
| .MRP | Mobile Application File | 218 |
| .MS | 3ds Max Script File | 333 |
| .MS | Maxwell Script | 217 |
| .MSL | Magick Scripting Language File | 200 |
| .MXE | Macro Express Playable Macro | 260 |
| .N | Neko Bytecode File | 256 |
| .NCL | NirCmd Script File | 400 |
| .NEXE | Chrome Native Client Executable | 240 |
| .ORE | Ore Executable File | 400 |
| .OSX | PowerPC Executable File | 267 |
| .OTM | Outlook Macro File | 300 |
| .OUT | Compiled Executable File | 194 |
| .PAF | Portable Application Installer File | 247 |
| .PAF.EXE | PortableApps.com Program File | 208 |
| .PEX | ProBoard Executable File | 300 |
| .PHAR | PHP Archive | 212 |
| .PIF | Program Information File | 253 |
| .PLSC | Messenger Plus! Live Script File | 194 |
| .PLX | Perl Executable File | 267 |
| .PRC | Palm Resource Code File | 300 |
| .PRG | Program File | 231 |
| .PRG | GEM Application | 267 |
| .PS1 | Windows PowerShell Cmdlet File | 242 |
| .PVD | Instalit Script | 500 |
| .PWC | PictureTaker File | 200 |
| .PYC | Python Compiled File | 226 |
| .PYO | Python Optimized Code | 229 |
| .QIT | QIT Trojan Horse File | 250 |
| .QPX | FoxPro Compiled Query Program | 400 |
| .RBF | LEGO MINDSTORMS EV3 Robot Brick File | 267 |
| .RBX | Rembo-C Compiled Script | 290 |
| .RFU | Remote Firmware Update | 200 |
| .RGS | Registry Script | 225 |
| .ROX | Actuate Report Object Executable File | 333 |
| .RPJ | Real Pac Batch Job File | 233 |
| .RUN | Linux Executable File | 167 |
| .RXE | Lego Mindstorms NXT Executable Program | 213 |
| .S2A | SEAL2 Application | 300 |
| .SBS | SPSS Script | 325 |
| .SCA | Scala Script File | 300 |
| .SCAR | SCAR Script | 175 |
| .SCB | Scala Published Script | 214 |
| .SCPT | AppleScript Script File | 275 |
| .SCPTD | AppleScript Script Bundle | 200 |
| .SCR | Script File | 185 |
| .SCRIPT | Generic Script File | 233 |
| .SCT | Windows Scriptlet | 280 |
| .SEED | Linux Preseed File | 200 |
| .SERVER | MySQL Server Script | 400 |
| .SHB | Windows Document Shortcut | 340 |
| .SMM | Ami Pro Macro | 433 |
| .SPR | FoxPro Generated Screen File | 260 |
| .TCP | Tally Compiled Program File | 211 |
| .THM | Thermwood Macro File | 283 |
| .TIAPP | TiTanium App | 280 |
| .TMS | Telemate Script | 300 |
| .U3P | U3 Smart Application | 220 |
| .UDF | Excel User Defined Function | 322 |
| .UPX | Ultimate Packer for eXecutables File | 333 |
| .VBE | VBScript Encoded Script File | 292 |
| .VBS | VBScript File | 235 |
| .VBSCRIPT | Visual Basic Script | 300 |
| .VDO | Heathen Virus File | 300 |
| .VEXE | Virus Executable File | 200 |
| .VLX | Compiled AutoLISP File | 183 |
| .VPM | Vox Proxy Macro File | 233 |
| .VXP | Mobile Application File | 202 |
| .WCM | WordPerfect Macro | 175 |
| .WIDGET | Microsoft Windows Mobile Widget | 209 |
| .WIDGET | Yahoo! Widget | 169 |
| .WIZ | Microsoft Wizard File | 267 |
| .WORKFLOW | Automator Workflow | 167 |
| .WPK | WordPerfect Macro | 500 |
| .WPM | WordPerfect Macro File | 300 |
| .WS | Windows Script | 240 |
| .WSF | Windows Script File | 282 |
| .WSH | Windows Script Host Settings | 229 |
| .X86 | Linux Executable File | 267 |
| .XAP | Silverlight Application Package | 178 |
| .XBAP | XAML Browser Application File | 167 |
| .XLM | Excel Macro | 119 |
| .XQT | SuperCalc Macro File | 250 |
| .XYS | XYplorer Script File | 300 |
| .ZL9 | ZoneAlarm Quarantined EXE File | 189 |
A few pop into my mind that I don't see here, and those would be .msi, .mui, and .msc. Not sure about things like .cpl and .mmc.
So that's it. If anyone would like to chime in with anything here anytime, please do. I have started a new config I am calling Experimental Proactive. I saved my current state and then imported it by the name for the new profile. As of now, I am using that profile, but I can go back if necessary. If I can make good enough progress, I will then turn to coming up with some nice default rules. That will be a big challenge, so I'll probably have to go back to a brand new OS image and Comodo firewall installation to do this, so there won't be ANY clutter...just great rules.
Welcome any and all contributors. This may take months, maybe over a year, but I will try to keep good logs in Evernote and then pass them here from time to time...
:emoji_v::emoji_fingers_crossed::emoji_fist::emoji_pray:
