Many of us dislike Comodo's Defense+ simply because it is so naggy. It bombards us with pop-ups, sometimes causing lag, and doesn't seem to trust the safe software we have. This article will show you a series of steps and procedures how to tame this overprotective HIPS

This article is outdated, and for Comodo Firewall Version 3. Please do not use it as your only guide, especially on later versions.

First of all, in order for the suggestions in this article to work 100% properly, Comodo's Defense+ level must be in "Clean PC Mode". If not, My Pending Files will not automatically detect new potentially dangerous files for you to evaluate. If you don't want that, do not follow section C (reading it may still help you).

Secondly, although optional, checking everything under Defense+ "Monitor Settings" (Defense+ Tab>Advanced>Defense+ Settings>Monitor Settings) will increase your security. It'll cause the alerts to appear more often, but if you follow this guide properly, that won't be of an issue for your trusted programs.

Lastly, both section C and D will not work if your Comodo Defense+ level is "Paranoid Mode".

First of all, something that quite a few people knows, is the "Treat this application as:" part of a Defense+ alert. In order to view it (if it's hidden), you have to click the more options trigger underneath the message at the left side. There you will see a variety of option, but the 2 most useful are: "Installer or Updater" and "Trusted Application".

• Actions to perform

1. Make sure you use it only when Comodo pops-up with an alert regarding the installer or updater file, not explorer or something else.
2. Checkmark "Treat this application as: Installer or Updater", and click ok.
3. Make sure Comodo goes into Installation Mode during the installation. Only use this if you are absolutely certain that it can be trusted.
4. You can also treat file archivers and self extracting archives as Installers and Updaters without making Comodo go into Installation Mode.
5. Next is "Trusted Application", only do this if the application is 100% safe AND needs unrestricted access to your system.
6. Checkmark "Treat this application as: Trusted Application" when an alert regarding that application appears, and click ok.
7. Do the same for other "Treat this application as:" choices.

• Why this is necessary

1. This is the easiest way to make Comodo obey you and stay silent.
2. Installers and updaters, Trusted Applications, etc will be treated with the proper rights and privileges.

• Benefits of doing so

1. There will be far less, if any, pop-ups regarding the installation.
2. Comodo won't nag you about your file archiver whenever you extract your archives again.
3. Your trusted applications that requires unrestricted access to your system won't be troubled.
4. You won't have to bother with creating new rules. 

Next is something less known, the "My Pending Files". It monitors all new, unknown to Comodo's database, files that have potentially dangerous extensions.  In order to access it, you have to open Comodo and click "waiting for your review" under "Proactive Defense" in the "Summary" tab.

• Actions to perform

1. When the window comes into view, first click "Purge" to get rid of non-existing entries.
2. Select all the safe and trusted files, and click "Move to: My Own Safe Files".
3. Select all of the unsafe files (if any) and click "Move to: My Blocked Files".
4. "Remove" all the useless entries such as files within your recycle bin, and other temporary files.
5. As for the unknown ones, you'll have to determine what it is by looking at its directory, clicking "Lookup..." (maybe even submitting it to Comodo for analysis), googling, and uploading it to VirusTotal + Anubis (or similar sites). If you come up with nothing, than you might as well remove it from the list, Comodo will still monitor it and spring into action if it does something.

• Why this is necessary

1. Comodo won't be overwhelmed with files that it doesn't know about, and become overprotective.
2. You will have full control over all potentially dangerous files on your system.

• Benefits of doing so

1. You will have a more secure and convenient system.
2. Major decrease in the amount of unnecessary alerts. 

My Safe Files and My Safe Vendors are both useful whitelists that gives additional rights to whatever files or vendors you trust. Although My Pending Files works more efficiently than manually adding files in My Safe Files (especially when you have a large whitelist that'll take a long time to load), this might be better if you're unsure about what you have in your computer. Do not add anything to either unless Comodo keeps on alerting you about a safe file or files from trusted vendors. The locations are: "My Own Safe Files" (Defense+ Tab > Common Tasks > My Own Safe Files), "My Safe Software Vendors" (Defense+ Tab > Common Tasks > My Trusted Software Vendors).

• Actions to perform

1. When either windows are open, click add.
2. Then you can specify whether to manually adds files from your hard drive ("Browse Files..." / "Read from a signed executable...") or manually add files running in your memory, such as your AV ("Browse Running Process" / "Read from a running process").
3. Select your file or process and press enter.
4. As for the window of "Browse Files...", you'll have to drag and drop files first from the "Existing items" to the "Selected items". If you made a mistake, you can remove items from "Selected items" by right-clicking the entries and clicking remove / edit, or you can select them and press the delete button on your keyboard. Alternatively, you can click the arrow buttons.
5. Lastly, you can close "My Own Safe Files" and click either apply or cancel for "My Trusted Software Vendors".

• Why this is necessary

1. Same as Section C.

• Benefits of doing so

1. Same as section C.

Don't always check remember my answer in alerts, which creates rules in Comodo's Security Policies.

• Actions to perform

1. Don't check remember my answer for any temporary files.
2. Examples: Installers/Updaters (unless you keep them in the same directory permanently and need to use them), uninstallers, .tmp files, and anything within temporary directories.
3. Still press ok, and don't forget about the previous section.

• Why this is necessary

1. Comodo's rules won't be cluttered with non-existant entries, in other words, junk.

• Benefits of doing so

1. Comodo will respond to you almost immediately.
2. It will help prevent slowing down of Comodo in the future.

It is important to regularly purge old non-existing entries within both its Defense+ rules, Firewall rules, and "My Own Safe Files".

• Actions to perform

1. Open up Comodo and go to the "Defense+" tab.
2. Click "Advanced" at the left side.
3. Click "Computer Security Policy".
4. After the window appears, click "Purge" to get rid of non-existant entries.
5. Do the same for Firewall rules (this time: Firewall tab > Advanced > Network Security Policy), and "My Own Safe Files" (Defense+ Tab > Common Tasks > My Own Safe Files).
6. More advanced users can manually remove unnecessary rules and create new ones.

• Why this is necessary

1. Improved speed and security.

• Benefits of doing so

1. Alerts will be more responsive.
2. Comodo won't confuse malware with the same name and directory as your old nonexistant file.

By following these practices your computer will be easier to use and better protected. I hope this article helps change your mind about Comodo Defense+.

J_ L (Special thanks to Midnightcowboy, peter, and PsychEroc)