Disable Auto-Containment on a Per-application Basis
The
default auto-containment rules will run unknown executables in the
container and queue them for submission to Comodo Cloud scanners for
behavior analysis. Users, however, have the option to exclude
specific files or file types from this auto-containment process by
creating a rule. This is particularly useful for developers that are
creating new applications which, by their nature, are as yet unknown
to the Comodo safe list.
To
disable the auto-containment selectively
1. Open 'Tasks' interface by clicking the green curved arrow at top right of the 'Home' screen.
2. Open 'Containment Tasks' and click 'Open Advanced Settings'.
3. Click 'Security Settings' > 'Advanced Protection' > 'Containment' > 'Auto-Containment' from the left hand side pane.
4. Click the handle at the bottom of the interface and open the option panel.
Make sure 'Enable Auto-Containment' and 'Enable file source tracking' check boxes are selected.
5. Click the 'Add' button
6. In the 'Manage Contained Program' interface, select 'Ignore' from the 'Action' drop-down options:
7. By default, the 'Source' tab will be selected. Click the 'Browse' button beside the 'Target' field then click 'Files' from the options.
8. Navigate to the location where the application is installed or stored, select it and click 'Open'.
9. Click the 'Reputation' tab, select the checkbox beside 'File is rated as' and click 'Unrecognized' from the drop-down options.
10. Click the 'Options' tab.
By default, 'Log when this action is performed' will be selected.
- Log when this action is performed – Whenever this rule is applied for the action, it will be logged.
- Don't apply the selected action to child processes – Child processes are the processes initiated by the applications, such as launching some unwanted app, third party browsers plugins / toolbars that was not specified in the original setup options and / or EULA. CCS treats all the child processes as individual processes and forces them to run as per the file rating and the contained rules.
- By default, this option is not selected and the ignore rule is applied also to the child process of the target application(s).
- If this option is selected, then the Ignore rule will be applied only for the target application and all the child processes initiated by it will be checked and containment rules individually applied as per their file rating.
11. Select the options as required and click 'OK'.
The 'Ignore' rule will be saved for the specified application and displayed in the 'Auto-Containment' screen. Make sure to keep this rule above all other rules for unrecognized files.
Alternatively…
1. Assign Trusted rating to the file from the File List interface
2. Digitally sign your files with a code signing certificate from a trusted CA then manually add your organization to the Trusted Software Vendors list
3. Disable 'Auto-Containment' by deselecting the 'Enable Auto-Containment' check box in the 'Auto-Containment' settings panel. Not recommended.
For more details on Auto-Containment process, refer to the section Configuring
Rules for Auto-Containment.