I often use development environments like Visual Studio, JetBrains IDEs & command-line compilers. However; Xcitium’s Auto-Containment sometimes flags / restricts processes triggered during local builds, even when they’re safe and essential for my workflow. This can become disruptive when working on large codebases that spawn child processes dynamically.
I’m wondering if Xcitium plans to / already does support context-aware rules that detect trusted developer workflows and automatically allow such operations. For example; if a process is launched from a known IDE path or during a specific compile operation; could containment be bypassed intelligently? This would avoid constant rule tweaks or manual exclusions while still keeping protection intact. Checked https://wiki.xcitium.com/frontend/web/topic/how-to-create-auto-containment-rules-in-a-windows-profile-Alteryx Course guide related to this and found it quite informative.
Would love to hear if others in the community have similar issues / if there’s an official way to create these smarter exceptions. Maybe a “developer mode” or IDE integration plugin? This would really help devs stay protected and productive.
Yes you can.
Xcitium has a mode where we use it for “installers” where installers launch child processes.
So Xcitium does have the ability to “trust the child processes”.
Xcitium’s Comodo Client Security (CCS) allows administrators to trust files installed by trusted installers. This means that if an application is installed by a vendor or installer that CCS deems trustworthy, the files associated with that installation will be automatically given a “Trusted” trust rating. This is a key feature in Xcitium’s Zero Trust philosophy, allowing for a more permissive approach to trusted applications while still maintaining security. [1, 2, 3, 4]
Vendor Rating: CCS maintains a list of vendors and their associated trust ratings, including “Trusted”. [1, 2]
Installer/Updater Rule: Within the Host Intrusion Prevention System (HIPS) rules, there’s a specific rule that allows trust to be granted to files installed by trusted installers or updaters. [1]
Automatic Trust: When an application is installed by a vendor listed as “Trusted” in CCS, the associated files are automatically given a “Trusted” trust rating. [1, 2]
Global Whitelist: You can also manually add specific files or folders to a global whitelist, which bypasses any security checks. [2, 5]
Customizing Trust: Administrators can further customize the trust ratings of files and applications within CCS to manage access control. [6, 7]
In essence, trusting installers in Xcitium simplifies security by allowing legitimate applications to be run without unnecessary scrutiny. This approach is part of Xcitium’s broader Zero Trust model, which emphasizes continuous verification and limiting access to resources based on trust and authorization. [3, 4]
This would avoid constant rule tweaks or manual exclusions while still keeping protection intact. Checked https://wiki.xcitium.com/frontend/web/topic/how-to-create-auto-containment-rules-in-a-windows-profile- Alteryx Course guide related to this and found it quite informative. 
This would really help devs stay protected and productive.
