CFP3/Help Guide/Defense Task Center/Image Execution Control

From ComodoWiki

Jump to: navigation, search

Defense+ Tasks > Advanced - Image Execution Control Settings

Image Execution Control is an integral part of the Defense+ engine. If your Defense+ Security Level is set to 'Train with Safe Mode' or 'Clean PC Mode', then it is responsible for authenticating every executable image that is loaded into the memory.

Comodo Firewall Pro calculates the hash an executable at the point it attempts to load into memory. It then compares this hash with the list of known/recognized applications that are on the Comodo safe list. If the hash matches the one on record for the executable, then the application is safe. If no matching hash is found on the safelist, then the executable is 'unrecognized' and you will receive an alert.

This area allows you to quickly determine how proactive the monitor should be and which types of files it should check.

'General' tab

Image:cf_def_adv_iecs_gen.gif

Adjust the slider to your preferred protection level:

Aggressive - This setting instructs Defense+ to intercept the file types listed in the 'Files to Check' tab before they are loaded into memory and also Intercepts prefetching/caching attempts for the executable files.

Normal - Same as aggressive but does not intercept perfetching/caching attempts. This is the default and recommended setting.

Disabled - No execution control is applied to the executable files.

Click 'Apply' to implement your settings.

'Files to Check' tab

Lists file types that Defense+ will check using the Image Execution Level specifed on the 'General' tab.

Image:cf_def_adv_iecs_ftc.gif

The default and recommended setting is *.exe. This means every .exe file will be authenticated by Defense+ before it is allowed to run. If Defense+ is unable to authenticate a particular .exe file then you will receive an alert which will ask your permission before the application allowed to run.

Click the 'Add' button to add additional file groups or processes to the 'Files to check' list. Click here for an outline of the options available when adding file types.

Click 'Apply' to implement your changes.

Retrieved from "http://wiki.comodo.com/CFP3/Help_Guide/Defense_Task_Center/Image_Execution_Control"
Personal tools