巧用Comodo模式切换，打造另类程序安装模式(10月12日更新)

bbbxyoiil

学习学习

Magis

要是能把这些规则添加到默认的Installation Mode里取代默认就好了

aseioteur

刚看了COMODO官网上的介绍

1 - Installation Mode :

In thiss version of Defense+, there is a builtin security policy called "Windows Installer Application". This policy, when applied, gives a process maximum accesss rights. When the system switches to the installation mode, the *child* processes i.e. the process which has "Windows Installer Application" access right will have the same rights as its parent.

For example :

xyzsetup.exe is treated as "Windows Installer Application".

xyzsetup.exe will be able to modify everything. Later xyzsetup.exe tries to run "aftersetupconfig.exe" file. If you switch to installation mode, aftersetupconfig.exe will also have the same access rights as xyzsetup.exe.

This is more useful for windows updates. svchost.exe is the process responsible for downloading and installing windows updates in Windows XP.

1- svchost.exe will connect to the MS site
2 - svchost.exe downloads ie7setup.exe
3- svchost.exe runs ie7setup.exe
4- ie7setup.exe install IE7.

If you dont switch to installation mode, after step4, CFP is going to show its usual popups for the ie7setup.exe because it has no rights.

If you switch to Installation mode, it will be installed silently. Upto 3 chlid processes..

CFP will remind you every 5 minutes to switch back from the installation mode because of the implicated security risks.

For example, in certain cases, iexplore.exe can be run from svchost.exe. If the system is in installation mode, iexplore.exe can be treated as installer too! Thats why CFP will always bug you to switch from this mode asap.

I hope this makes it clear.
很长，大概的意思就是在该模式下运行安装程序的拥有Windows Installer Application权限，这个规则是comodo默认的一个规则，权限很大，在预设规则里没找到，这里也提到这样做很不安全，呵呵！

所以，看来我的模式还是有用的哦，至少在windows目录下建个文件要请示你，加入开机启动项也要请示！呵呵！也不麻烦的，自己用了！呵呵

aseioteur

更新了，insteller or updater模式的权限，很大很吓人哦！！