Policies aren't being applied to programs run from network (V3.0.14 - .25 X32)

[Guest]

[MrBrian]

Firewall and Defense+ policies aren't being applied to any executables run from a network.  In my case, the network location is a FAT32-based share using the Shared Folders feature in a VMWare virtual machine.  Perhaps the issue happens on any executables run from any network location?  Can anybody else give feedback on whether this is the case?

Version: V3.0.14.276
CPU: 32 bit
OS: Win XP SP2
Other security programs running: Returnil, NOD32
Defense+ Security Level: Train with Safe Mode
Firewall Security Level: Custom Policy Mode

[MrBrian]

This is a follow-up on my own post.  When I discovered this issue, I was using a program not on the Comodo whitelist.  Be sure, if you're testing this issue, to use a program not on the Comodo whitelist.  One such program is the leaktest available at http://www.grc.com/lt/leaktest.htm.

[MrBrian]

Issue still exists in v3.0.16.295

[MrBrian]

Issue still exists in v3.0.18.309.

[MrBrian]

Issue still exists in v3.0.20.320.

[hiddenstar]

Defense+ and firewall both blocked the Exe while adding the application thru Running process and given Isolated\Blocked application privilege... I mean to say that- its using Device name(File path) for the Network Exe's..  Am i Right??

[MrBrian]

Defense+ and firewall both blocked the Exe while adding the application thru Running process and given Isolated\Blocked application privilege... I mean to say that- its using Device name(File path) for the Network Exe's..  Am i Right??

This happens using the shared folders feature of VMware.  It's a mapped drive.  CFP will never give any alerts for a program run from this mapped drive.

[hiddenstar]

Hi,
   I have attached the snapshot of the alert and the UNC path rule for the network exe's. Please verify this.

OS:Win XP x32 SP2
CFP:3.0.20.320

Thanks,
Vicky.

[MrBrian]

Thank you hiddenstar for your testing   It appears that in your case CFP is working correctly.  However, in my case I am using a mapped drive, not a UNC path.  I gave the following command at the command prompt: 'fsutil fsinfo drivetype s:' (without quotes) and received the answer: 'S: - Remote/Network Drive'.  Volume S is the volume with the problematic behavior.

[MrBrian]

Issue still exists in v3.0.21.329.

[MrBrian]

Issue still exists in v3.0.22.349.

[MrBrian]

Please provide more info about your environment (e. g. guest os, VMWare version).
If you uninstall Returnil and NOD32 (and other security apps except CFP) does it make any difference?

Thank you for responding .

Host OS - Windows XP2 with all patches
Guest OS - Windows XP2 with all patches
VMWare Workstation v5.5.6
Returnil not installed in the virtual machine.
I didn't try to uninstall NOD32 in virtual machine but perhaps I will soon, just to rule it out as a possibility.

[sovereignty68]

It works for me. Even the executable is in Safe list, I still get the alert.....

[Yuriy]

MrBrian,
NP. Hopefully developers will provide some feedback.

[Yuriy]

It works for me. Even the executable is in Safe list, I still get the alert.....

What are your system details? Do you also use latest CFP on VMWare on Win XP SP2 x32 host and guest?

[Tags:]