I have a bit of difficulty understanding some of the Anti Execute protection options and need some clarification.

Under 'Protection Options' there is:
"Forbid Internet Explorer from activating programs that are not on the White List"

Underneath there is:
"Block activation of all programs not on the White List"

Now, in the help document it states that when both of these options are activated together "IE can load programs as required"
Surely if one option stops IE activating any programs not on the white list and the other option blocks activation of any programs not on the white list then no program not on the white list would be able to activate. Is this a typo or have I completely misunderstood.

Also, if I am using Firefox would the "Forbid IE etc..." become irrelevant.
And what exactly is the difference between "Enable Anti-Executable Protection" and "Block activation of all programs not on the White List".
Would the second option simply block activation without a pop up or do they both do basically the same thing?
Sorry if this seems a rather long convoluted query but I have a great liking for this program and want to ensure I use it correctly. No good finding out I didn't understand it properly when its too late ;D

Hi,
-{ Quote: "...Now, in the help document it states that when both of these options are activated together "IE can load programs as required"
Surely if one option stops IE activating any programs not on the white list and the other option blocks activation of any programs not on the white list then no program not on the white list would be able to activate. Is this a typo or have I completely misunderstood...." }-

The difference here is in what you want to lock down. When you only activate the IE option, IE is not allowed to load programs that are not on the While List but you can. By activating the "Block activation of all programs not on the White List", you extend that restriction to activation of programs not actually activated by IE (IOW - everything else on the Real System).

-{ Quote: "Also, if I am using Firefox would the "Forbid IE etc..." become irrelevant." }-

Yes, this is only for IE at this time.

-{ Quote: "And what exactly is the difference between "Enable Anti-Executable Protection" and "Block activation of all programs not on the White List".
Would the second option simply block activation without a pop up or do they both do basically the same thing?" }-

The first option will warn at activation of a program and the second will block activation of programs not already on the list.

Mike

Mike,
Many thanks for the clarification, the IE option makes sense now.
One last question - would "Block activation of all programs not on the White List" be much the same as "Enable Anti-Executable Protection" with the "Deny all if there are no rules" option selected?

No, The "Deny all if there are no rules" option is a general setting that should silence the block so would only apply to not being "nagged" as often as being asked.

Thanks Mike for further the clarification. All set to go now.

Mike,
One more question. A little while ago I had Firefox crash for the one and only time in 4 years. I had Anti-Execute on "Ask me if there are no rules" selected. Anti-Execute immediately popped up asking if it was OK for *** process to shut down Firefox - to which I clicked yes. Now, if I had had "Trust all files in the Real System" selected would Anti-Execute have allowed the process that shut Firefox down to have continued as a trusted process without a pop-up?

Hi,
Yes, or alternately add the process to the White list.

Hi Moon and all buddies here,

I have tried Process Guard long long before, but it seems to be forgotten these years. Now, we have switched to Comodo Internet Security to block the process in "Defence + Security Level" (no need to block the process in "Firewall Security Level"). Am I right? Secondly, is it poorer in substance than the anti-exec of Returnil? Thanks.:o

Best Regards,
Jade

Hi,
The AE in RVS is not a full featured HIPS implementation and was designed to provide protection from a specific type of malware rather than a general approach taken in products like Comodo. Given this we have consistently said that if you already use a full featured solution, the AE in RVS is redundant.

HTH
Mike