System information

ManualsBrandsMcafee ManualsOtherQUICKCLEAN 3.0

111

112

113

114

115

116

117

118

119

120

Comodo Endpoint Security Manager - SME - Administrator Guide

• Paranoid Mode: This is the highest security level setting and means that Defense+ monitors and controls all

executable files apart from those that you have deemed safe. Comodo Internet Security does not attempt to learn the

behavior of any applications - even those applications on the Comodo safe list and only uses your configuration

settings to filter critical system activity. Similarly, the Comodo Internet Security does automatically create 'Allow' rules

for any executables - although you still have the option to treat an application as 'Trusted' at the Defense+ alert.

Choosing this option generates the most amount of Defense+ alerts and is recommended for advanced users that

require complete awareness of activity on their system.

• Safe Mode: While monitoring critical system activity, Defense+ automatically learns the activity of executables and

applications certified as 'Safe' by Comodo. It also automatically creates 'Allow' rules these activities, if the checkbox

'Create rules for safe applications' is selected. For non-certified, unknown, applications, you will receive an alert

whenever that application attempts to run. Should you choose, you can add that new application to the safe list by

choosing 'Treat this application as a Trusted Application' at the alert. This instructs the Defense+ not to generate an

alert the next time it runs. If your machine is not new or known to be free of malware and other threats as in 'Clean PC

Mode' then 'Safe Mode' is recommended setting for most users - combining the highest levels of security with an easy-

to-manage number of Defense+ alerts.

• Clean PC Mode: From the time you set the slider to 'Clean PC Mode', Defense+ learns the activities of the

applications currently installed on the computer while all new executables introduced to the system are monitored and

controlled. This patent-pending mode of operation is the recommended option on a new computer or one that the user

knows to be clean of malware and other threats. From this point onwards Defense+ alerts the user whenever a new,

unrecognized application is being installed. In this mode, the files in 'My Pending Files' are excluded from being

considered as clean and are monitored and controlled.

• Training Mode: Defense+ monitors and learn the activity of any and all executables and create automatic 'Allow' rules

until the security level is adjusted. You do not receive any Defense+ alerts in 'Training Mode'. If you choose the

'Training Mode' setting, we advise that you are 100% sure that all applications and executables installed on your

computer are safe to run.

Tip: This mode can be used as the 'Gaming Mode'. It is handy to use this setting temporarily when you are running an

(unknown but trusted) application or Games for the first time. This suppresses all Defense+ alerts while Comodo Internet

Security learns the components of the application that need to run on your machine and automatically create 'Allow' rules for

them. Afterward, you can switch back to 'Train with Safe Mode' mode).

• Disabled: Disables Defense+ protection. All executables and applications are allowed to run irrespective of your

configuration settings. Comodo strongly advise against this setting unless you are confident that you have an

alternative intrusion defense system installed on your computer.

Checkbox Options

• Block all unknown requests if the application is closed - Selecting this option blocks all unknown execution

requests if Comodo Internet Security is not running/has been shut down. This is option is very strict indeed and in

most cases should only be enabled on seriously infested or compromised machines while the user is working to

resolve these issues. If you know your machine is already ‘clean’ and are looking just to enable the highest CIS

security settings then it is OK to leave this box unchecked.

• Create rules for safe applications - Automatically creates rules for safe applications in Computer Security Policy.

Note: Defense+ trusts the applications if:

• The application/file is included in the Trusted Files list

• The application is from a vendor included in the Trusted Software Vendors list

• The application is included in the extensive and constantly updated Comodo safelist.

By default, CIS does not automatically create 'allow' rules for safe applications. This helps saving the resource usage, simplifies

the rules interface by reducing the number of 'Allowed' rules in it, reduces the number of pop-up alerts and is beneficial to

beginners who find difficulties in setting up the rules.

Enabling this checkbox instructs CIS to begin learning the behavior of safe applications so that it can automatically generate the

'Allow' rules. These rules are listed in the Computer Security Policy interface. Administrators can edit / modify the rules as they

wish.

Execution Control Settings