Comodo Help
Find the desired product help
Comodo Internet Security

Comodo Internet Security

Version 5.9/5.10

English

Print Help Download Help
Defense+ Tasks - Introduction > Computer Security Policy > Trusted Software Vendors
  • Introduction To Comodo Internet Security
    • Special Features
    • System Requirements
    • Installation
      • CIS Premium Installation
      • CIS Pro-Installation And Activation
      • CIS Complete-Installation And Activation
        • Installing Comodo Internet Security 2012 Complete
        • Activating Online Backup, TrustConnect And Guarantee
        • Installing Comodo Backup
        • Installing Comodo TrustConnect
      • Activating Pro/ Complete Services After Installation
        • Activating Your License
        • Activating Your Guarantee Coverage
        • Renewal Of Your License
    • Starting Comodo Internet Security
    • Comodo Internet Security - Overview Of Summary Screens
      • Comodo Internet Security – Summary
      • Comodo Antivirus – Summary
      • Comodo Firewall – Summary
    • Comodo Internet Security - Navigation
    • Understanding Alerts
  • Antivirus Tasks-Introduction
    • Run A Scan
    • Update Virus Database
    • Quarantined Items
    • View Antivirus Events
    • Submit Files To Comodo For Analysis
    • Scheduled Scans
    • Scan Profiles
    • Scanner Settings
      • Real Time Scanning
      • Manual Scanning
      • Scheduled Scanning
      • Exclusions
  • Firewall Tasks-Introduction
    • View Firewall Events
    • Define A New Trusted Application
    • Define A New Blocked Application
    • Network Security Policy
      • General Navigation
      • Application Rules
      • Global Rules
      • Predefined Policies
      • Network Zones
      • Blocked Zones
      • Port Sets
    • View Active Connections
    • Stealth Ports Wizard
    • Firewall Behavior Settings
      • General Settings
      • Alert Settings
      • Advanced Settings
  • Defense+ Tasks - Introduction
    • View Defense+ Events
    • Trusted Files
    • Unrecognized Files
      • Unrecognized Files
      • Submitted Files
    • Computer Security Policy
      • Defense+ Rules
      • Predefined Policies
      • Always Sandbox
      • Blocked Files
      • Protected Files And Folders
      • Protected Registry Keys
      • Protected COM Interfaces
      • Trusted Software Vendors
    • The Sandbox - An Introduction
      • Unknown Files - The Sand-boxing And Scanning Processes
    • View Active Process List
    • Run A Program In The Sandbox
    • Defense+ Settings
      • General Settings
      • Execution Control Settings
      • Sandbox Settings
      • Monitoring Settings
  • More Options-Introduction
    • Preferences
      • General Settings
      • Parental Control Settings
      • Appearance
      • Log Settings
      • Connection Settings
      • Update Settings
    • Manage My Configurations
      • Comodo Preset Configurations
      • Importing/Exporting And Managing Personal Configurations
    • Diagnostics
    • Check For Updates
    • Manage This Endpoint
    • Browse Support Forums
    • Help
    • About
  • Comodo GeekBuddy
    • Overview Of Services
    • Launching The Client And Using The Service
    • Accepting Remote Desktop Requests
    • Registration
    • Activation Of Service
    • Uninstalling Comodo GeekBuddy
  • TrustConnect Overview
    • Microsoft Windows - Configuration And Connection
    • Mac OS X - Configuration And Connection
    • Linux / OpenVPN - Configuration And Connection
    • Apple IPhone / IPod Touch - Configuration And Connection
    • TrustConnect FAQ
  • Comodo Dragon
  • Appendix 1 CIS - How To... Tutorials
    • Setting Up Security Levels Easily
    • Setting Up The Firewall For Maximum Security And Usability
    • Blocking Internet Access While Allowing Local Area Network (LAN) Access
    • Setting Up Defense+ For Maximum Security And Usability
    • How To Password Protect Your CIS Settings
    • How To Reset Forgotten Password (Advanced)
    • Running An Instant Antivirus Scan On Selected Items
    • Creating An Antivirus Scanning Schedule
    • Running An Untrusted Program Inside Sandbox
    • Restoring Incorrectly Quarantined Item(s)
    • Submitting Quarantined Items To Comodo For Analysis
    • Enabling File Sharing Applications Like BitTorrent And Emule
    • Blocking Any Downloads Of A Specific File Type
    • Disabling Defense+ And Sandboxing For Specific Files Selectively
    • Switching Between Complete CIS Suite And Individual Components (just AV Or FW)
    • Switch Off Automatic Antivirus And Software Updates
    • Suppressing CIS Alerts Temporarily While Playing Games
  • Appendix 2 Comodo Secure DNS Service
    • Router - Manually Enabling Or Disabling Comodo Secure DNS Service
    • Windows XP - Manually Enabling Or Disabling Comodo Secure DNS Service
    • Windows 7 / Vista - Manually Enabling Or Disabling Comodo Secure DNS Service
  • Appendix 3 CIS Versions
  • About Comodo Security Solutions

Trusted Software Vendors

 

In Comodo Internet Security, there are two basic methods in which an application can be treated as safe. Either it has to be part of the ‘Safe List’ (of executables/software that is known to be safe) OR that application has to be signed by one of the vendors in the 'Trusted Software Vendor List'.

 

From this point:

  • IF the vendor is on the Trusted Software Vendor List AND the user has enabled 'Trust Applications that are digitally signed by Trusted Software Vendors' THEN the application will be trusted and allowed to run.

  • IF the vendor is not on the Trusted Software Vendor List OR the user has not enabled 'Trust Applications that are digitally signed by Trusted Software Vendors' THEN the application will be sandboxed. If the application in question is an installer then CIS will generate an elevated privilege alert.

Software publishers may be interested to know that they can have their signatures added, free of charge, to the ‘master’ Trusted Software Vendor List that ships to all users with CIS. Details about this can be found at the foot of this page.

 

The 'Trusted Software Vendors' area can be opened by navigating to Defense+ Tasks > Computer Security Policy > Trusted Software Vendors.

 



Click here to read background information on digitally signing software

 

Click here to learn how to Add / Define a user-trusted vendor

 

Software Vendors – click here to find out about getting your software added to the list

 

Background

 

Many software vendors digitally sign their software with a code signing certificate. This practice helps end-users to verify:

  1. Content Source: The software they are downloading and are about to install really comes from the publisher that signed it.

 

  1. Content Integrity: That the software they are downloading and are about to install has not be modified or corrupted since it was signed.

In short, users benefit if software is digitally signed because they know who published the software and that the code hasn't been tampered with - that are are downloading and installing the genuine software.

 

The 'Vendors' that digitally sign the software to attest to it's probity are the software publishers. These are the company names you see listed in the first column in the graphic above.

 

However, companies can't just 'sign' their own software and expect it to be trusted. This is why each code signing certificate is counter-signed by an organization called a 'Trusted Certificate Authority'. 'Comodo CA Limited' and 'Verisign' are two examples of a Trusted CA's and are authorized to counter-sign 3rd party software. This counter-signature is critical to the trust process and a Trusted CA only counter-signs a vendor's certificate after it has conducted detailed checks that the vendor is a legitimate company.

 

If a file is signed by a Trusted Software Vendor and the user has enabled 'Trust Applications that are digitally signed by Trusted Software Vendors' then it will be automatically trusted by Comodo Internet Security (if you would like to read more about code signing certificates, see  http://www.instantssl.com/code-signing/).

 

One way of telling whether an executable file has been digitally signed is checking the properties of the .exe file in question. For example, the main program executable for Comodo Internet Security is called 'cfp.exe' and has been digitally signed.

  • Browse to the (default) installation directory of Comodo Internet Security.

  • Right click on the file cfp.exe.

  • Select 'Properties' from the menu.

  • Click the tab 'Digital Signatures (if there is no such tab then the software has not been signed).

This displays the name of the CA that signed the software as shown below:

 



Click the 'Details' button to view digital signature information. Click 'View Certificate' to inspect the actual code signing certificate. (see below)

 



It should be noted that the example above is a special case in that Comodo, as creator of 'cfp.exe', is both the signer of the software and, as a trusted CA, it is also the counter-signer (see the 'Countersignatures' box). In the vast majority of cases, the signer or the certificate (the vendor) and the counter-signer (the Trusted CA) are different. See this example for more details.

 

Adding and Defining a User-Trusted Vendor

 

A software vendor can be added to the local 'Trusted Software Vendors' list in two ways:

  • By reading the vendor's signature from an executable file on your local drive

  • By reading the vendor's signature from an running process



Click the add button on the right hand side and select 'Read from a signed executable...'. Browse to the location of the executable your local drive. In the example below, we are adding the executable 'YahooMessenger.exe'.

 

 

After clicking 'Open', Comodo Internet Security checks that the .exe file is signed by the vendor and counter-signed by a Trusted CA. If so, the vendor (software signer) is added to the Trusted Vendor list (TVL):



 

In the example above, Comodo Internet Security was able to verify and trust the vendor signature on YahooMessenger.exe because it had been counter-signed by the trusted CA 'Verisign'. The software signer 'Yahoo! Inc' is now a Trusted Software Vendor and is added to the list. All future software that is signed by the vendor 'Yahoo! Inc' is automatically added to the Comodo Trusted Vendor list.

 

Comodo Internet Security also allows you to add a trusted vendor by selecting from processes that are currently running on your PC. To do this, click the 'Add...' button and select 'Read from a running process...':



 

Select the signed executable that you want to trust and click the 'Select' button. Comodo Internet Security performs the same certificate check as described above.

 

If Comodo Internet Security cannot verify that the software certificate is signed by a Trusted CA then it does not add the software vendor to the list of 'My Trusted Vendors'. In this case, you can see the following error message.

 



Note: The 'My Trusted Software Vendors' list displays two types of software vendors:

  • User defined trusted software vendors - As the name suggests, these are added by the user via one of the two methods outlined earlier. These vendors can be removed by the user by selecting and clicking the 'Remove' button.

  • Comodo defined trusted software vendors - These are the vendors that Comodo, in it's capacity as a Trusted CA, has independently validated as legitimate companies. If the user needs to remove any of these vendors from the list, it can be done by selecting the vendor, clicking 'Remove' and restarting the system. Please note that the removal will take effect only on restarting the system.

 

The Trusted Vendor Program for Software Developers

 

Software vendors can have their software added to the default Trusted Vendor List that is shipped with Comodo Internet Security. This service is free of cost and is also open to vendors that have used code signing certificates from any Certificate Authority. Upon adding the software to the Trusted Vendor list, CIS automatically trusts the software and does not generate any warnings or alerts on installation or use of the software.

 

The vendors have to apply for inclusion in the Trusted Vendors list through the sign-up form at http://internetsecurity.comodo.com/trustedvendor/signup.php and make sure that the software can be downloaded by our technicians. Our technicians check whether:

  • The software is signed with a valid code signing certificate from a trusted CA;

  • The software does not contain any threats that harm a user's PC;

before adding it to the default Trusted Vendor list of the next release of CIS.

More details are available at http://internetsecurity.comodo.com/trustedvendor/overview.php.


Comodo Internet Security User Guide | © 2012 Comodo Security Solutions Inc. | All rights reserved

Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2025. All rights reserved.