Missed part 1? Click here!
Upon starting COMODO Antivirus for the first time, you may be surprised, and perhaps a bit worried, by the multitude of alert boxes which slide up from your taskbar almost immediately. However, don’t be alarmed as this behavior is normal as COMODO Antivirus begins to integrate itself within your computer system. So what exactly can you expect to see? Here’s a quick guide to one of the most important features/alerts in COMODO Antivirus:
COMODO Defense+ Alerts
Typically the first type of alert to present itself, COMODO Defense+ alerts appear when a program present on your system attempts to change or access an installed program or important portions of your operating system (such as the Registry.) COMODO tends to “play it safe” (i.e. is a bit paranoid) when it detects such behavior, and as such will alert you with a detailed Defense+ Alert containing a variety information and options:
1. Alert Description – The name of the file(s) in question, and a quick description of the suspicions activity intercepted by Comodo.
2. Visual Guide – Big, bold icons show which programs are causing the alert. If you do not recognize the displayed icon, clicking on the filename beneath it will display further file information.
3. “Security Considerations” - Typically filed with a lengthy, somewhat technical, explanation of what is causing COMODO Defense+ to raise an alert, the “Security Considerations” box should be read carefully for further understanding of what is going on behind the scenes, and what actions you may need to take to keep your computer safe.
4. Alert Resolution Buttons – Here you will find two options to immediately take care of the security alert: “Allow,” which will allow the programs to perform the activity mentioned in the Alert Description/Security Considerations, or “Block” which will deny said activity.
5. Alert Resolution Options – Before you press the “Block” or “Allow” buttons, take a moment to consider using any of the additional Alert Resolution Options available directly above the “Allow” / “Block” button section. These options are:
“Create a Windows system restore point” – Checking this box will tell Windows to create a restore point with which to rollback your system to an earlier date in the event that you want to change your Alert Resolution choice(s.) (Click here for further information on using Windows System Restore.)
“Submit the files to COMODO for analysis” – If you suspect the program in question may in fact be a rogue application, selecting this option will send the program file to COMODO where it will undergo a threat analysis, and subsequently be added to/flagged by the COMODO database as a safe or harmful application.
“Remember my answer” – Check this box if you want COMODO to solve any future alerts caused by the same programs and circumstances with your selected Allow or Block action.
“More Options” - Clicking here will expand the Defense+ panel to display the additional options to Allow, Block, or “Treat this application as.”
“Treat this application as” allows you to further define how you would like COMODO Defense+ to handle the program(s) causing the alert through a drop down list of pre-defined rules. Most of these options are quite advanced and beyond the scope of this article, with the exception of the “Installer or Updater” option. If you are installing a new program or updating an existing one, and are reasonably certain this installation/update is causing the Defense+ Alert, select “Installer or Updater” to temporarily Allow the program(s) in question to make any necessary changes to your system without the interruption of many multiple Alerts.
8. Sandbox Button – Occasionally you may see a Defense+ alert with a button marked “Sandbox” next to the “Allow” and “Block” buttons. This Alert appears when a program trying to install itself your computer is not yet trusted (digitally signed or whitelisted) by Comodo. If you are not confident the program attempting to install itself is trustable, you can click the “Sandbox” button to have COMODO run it in a safe area with limited access to important system functions. On the other hand, if you are sure the program you are trying to install is from a safe source, you can select the “Always trust this file or package” check box to have COMODO suppress any future warnings when installing programs from the maker of the file in question (e.g. Microsoft, Adobe, Apple, etc.)
9. Alert Severity Color Code – A quick way to discern the severity of the Alert in question, these color codes come in three colors for Defense+ Alerts:
Red - The most severe alert. Indicates the program activity detected is highly suspicious and consistent with behavior exhibited by many malware programs and viruses. Carefully consider all the info mentioned above before allowing any of the detected suspicious activity.
Orange – Medium severity alert. An Orange alert indicates Defense+ detected unusual program activity which is consistent with suspicious behavior found in many malware, as well as many legitimate, programs. If you recognize the programs contained within the alert information, it is likely this is normal behavior by a legitimate program, and may be Allowed.
Yellow - Lowest priority alert. Most alerts of this type are safe to Allow, and will have the “Remember my answer” option pre-selected by default.
Now that you have familiarized yourself with the most common portions of the COMODO Antivirus Defense+ Alert system, it is time to look over the less common, far more urgent virus, attack, and isolated application alerts, as well as virus scan options to further lockdown and secure your computer system. For this information, see Part 3 of our COMODO AV Guide: COMODO Antivirus Free Part 3: Severe Virus Alerts.