Author Topic: CFP 3.0.9.229 BETA - Questions about how it works [CLOSED]  (Read 45127 times)

Offline Andreas

  • Comodo's Hero
  • *****
  • Posts: 442
Re: CFP v3.0.9.229 BETA - Questions about how it works
« Reply #15 on: September 28, 2007, 01:54:21 PM »
Can anybody explain me what is the "switch to installation mode"?

Thanks

Andreas
Windows 7 Home Premium 32 Bit, CIS Premium 5.10.228257.2253 (Antivirus Security Level: stateful, defense+: Safe Mode, Firewall Security Level: Costum Policy Mode, Sandbox Security Level: disabled), Firefox 11.0, Thunderbird 11.0.1

Offline Arkangyal

  • "There is nothing impossible to him who will try." - Alexander The Great, ancient Greek King of Macedon, 356 BC-323 BC.
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1346
  • [ Visit Hungary ] www.hungary.hu
    • My blog
Internet explorer vs. avast webshield vs. cfp denied webrowser.
« Reply #16 on: September 28, 2007, 02:09:34 PM »
After the reboot i imported my previous rules, then opened internet explorer. As last time, https isn't working ~ avast webshield. I switched off the webshield, then closed IE. After the 2nd running of IE, the browser couldn't connect to anywhere. I checked CFP rules and CFP denied all incoming&outgoing connection for the browser. Why?

Picture attached.

Offline JamesFrance

  • Comodo's Hero
  • *****
  • Posts: 1270
Re: CFP v3.0.9.229 BETA - Questions about how it works
« Reply #17 on: September 28, 2007, 02:11:01 PM »
Hi Andreas, if you look back through this thread you will find an answer from Little Mac for that question. :)
James

Offline Andreas

  • Comodo's Hero
  • *****
  • Posts: 442
Re: CFP v3.0.9.229 BETA - Questions about how it works
« Reply #18 on: September 28, 2007, 02:13:37 PM »
Hi Andreas, if you look back through this thread you will find an answer from Little Mac for that question. :)

Thanks!

 (:TNG) (:TNG) (:TNG)
Windows 7 Home Premium 32 Bit, CIS Premium 5.10.228257.2253 (Antivirus Security Level: stateful, defense+: Safe Mode, Firewall Security Level: Costum Policy Mode, Sandbox Security Level: disabled), Firefox 11.0, Thunderbird 11.0.1

Offline djbronko

  • Newbie
  • *
  • Posts: 19
Re: CFP v3.0.9.229 BETA - Questions about how it works
« Reply #19 on: September 28, 2007, 03:05:25 PM »
Quote
Previous configurations exported are not compatible with this one because of the major arhitectural changes. So please try clean install only.

Does that mean I have no chance to use the firewall rules I created in 3.0.8.214?
I have lots of them, and I really want to avoid all the work I've already done. (:SAD)

Offline Little Mac

  • Forum Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6303
  • The Colonel told me to.
Re: CFP v3.0.9.229 BETA - Questions about how it works
« Reply #20 on: September 28, 2007, 03:21:42 PM »
Does that mean I have no chance to use the firewall rules I created in 3.0.8.214?
Afraid so.  I tried importing them anyway (cuz I didn't read the release notes very well) and it did nothing.

On the other side of it, this version seems to be pretty decent so far at recognizing and allowing applications; far better than the previous at any rate.  I'll give it a few days and then start tweaking.

LM
These forums are focused on providing help and improvement for Comodo products.  Please treat other users with respect and make a positive contribution.  Thanks.
Forum Policy

Offline Notme

  • Newbie
  • *
  • Posts: 6
Re: CFP v3.0.9.229 BETA - Questions about how it works
« Reply #21 on: September 28, 2007, 03:36:40 PM »
hi

On the previous versions of comodo firewall in the ShieldsUP tests it said in green: you have no reserved DNS(or something like that).Now it shows a red text: The text below might uniquely
identify you on the Internet followed by my ip and isp.

anyone knows why?

can someone help me with that?

Offline Andreas

  • Comodo's Hero
  • *****
  • Posts: 442
Re: CFP v3.0.9.229 BETA - Questions about how it works
« Reply #22 on: September 28, 2007, 03:54:27 PM »
can someone help me with that?

Maybe a screenshot of grc text is better to understand it.

Andreas

Windows 7 Home Premium 32 Bit, CIS Premium 5.10.228257.2253 (Antivirus Security Level: stateful, defense+: Safe Mode, Firewall Security Level: Costum Policy Mode, Sandbox Security Level: disabled), Firefox 11.0, Thunderbird 11.0.1

Offline Arkangyal

  • "There is nothing impossible to him who will try." - Alexander The Great, ancient Greek King of Macedon, 356 BC-323 BC.
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1346
  • [ Visit Hungary ] www.hungary.hu
    • My blog
Re: CFP v3.0.9.229 BETA - Questions about how it works
« Reply #23 on: September 28, 2007, 04:05:07 PM »
can someone help me with that?

For the rDNS issue, i guess you had some strange connections. This 2nd one looks normal.

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: CFP v3.0.9.229 BETA - Questions about how it works
« Reply #24 on: September 28, 2007, 05:21:39 PM »
Gibran, egemen did say that you need to uninstall the previous version and do a clean install, as they are not compatible.   That worked fine for me.

Thanks, so you all downloaded from the forum :)
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3317
Re: CFP v3.0.9.229 BETA - Questions about how it works
« Reply #25 on: September 28, 2007, 06:04:35 PM »
I was unable to get the new beta using cfp update. Did you have the same issue?

Since this one requires different configuration settings, we havent put updates from previous versions.

There are serious architecural changes so the previous configurations are not compatible. Sorry about that.

Egemen

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3317
Re: CFP v3.0.9.229 BETA - Questions about how it works
« Reply #26 on: September 28, 2007, 06:21:59 PM »
Can anybody explain me what is the "switch to installation mode"?

Thanks

Andreas

Hi Guys,

Let me explain the 2 new modes further.

1 - Installation Mode :

In thiss version of Defense+, there is a builtin security policy called "Windows Installer Application". This policy, when applied, gives a process maximum accesss rights. When the system switches to the installation mode, the *child* processes i.e. the process which has "Windows Installer Application" access right will have the same rights as its parent.

For example :

xyzsetup.exe is treated as "Windows Installer Application".

xyzsetup.exe will be able to modify everything. Later xyzsetup.exe tries to run "aftersetupconfig.exe" file. If you switch to installation mode, aftersetupconfig.exe will also have the same access rights as xyzsetup.exe.

This is more useful for windows updates. svchost.exe is the process responsible for downloading and installing windows updates in Windows XP.

1- svchost.exe will connect to the MS site
2 - svchost.exe downloads ie7setup.exe
3- svchost.exe runs ie7setup.exe
4- ie7setup.exe install IE7.

If you dont switch to installation mode, after step4, CFP is going to show its usual popups for the ie7setup.exe because it has no rights.

If you switch to Installation mode, it will be installed silently. Upto 3 chlid processes..

CFP will remind you every 5 minutes to switch back from the installation mode because of the implicated security risks.

For example, in certain cases, iexplore.exe can be run from svchost.exe. If the system is in installation mode, iexplore.exe can be treated as installer too! Thats why CFP will always bug you to switch from this mode asap.

I hope this makes it clear.

2 - Clean PC Mode

If your computer is clean, you may not want toanswer frequent popups. ın this mode, CFP will assume all the files in the *fixed* drives are safe and will learn all the activities of them.

However if a new file is introduced to the system, be it from the internet or from somewhere else, or even if a file is modified, CFP will immediately assume it as suspicious and move it to the My Pending List.

Later you can review and remove these files from this list. When you manually remove the files from this list, they will be assumed as safe.


My Pending List has other uses for clean PC mode too. For example, you may not want CFP to assume some files/folders as safe. For example your leaktester programs directory. You can add them to My Pending Files list and CFP will not assume them as safe.

We will provide a full documentation with the final release, but for now, i hope this makes things clear.

Egemen

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: CFP v3.0.9.229 BETA - Questions about how it works
« Reply #27 on: September 28, 2007, 06:49:37 PM »
Since this one requires different configuration settings, we havent put updates from previous versions.

There are serious architecural changes so the previous configurations are not compatible. Sorry about that.

Egemen

NP I had all the relevant settings configured in no time. :)

BTW is install mode applicable only to the special windows installer policy or will it be possible to use another predefined policy as well and have all child processes inherit that one?
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3317
Re: CFP v3.0.9.229 BETA - Questions about how it works
« Reply #28 on: September 28, 2007, 06:58:45 PM »
NP I had all the relevant settings configured in no time. :)

BTW is install mode applicable only to the special windows installer policy or will it be possible to use another predefined policy as well and have all child processes inherit that one?

Currently only for Installer policy. Security implications for others must be identified clearly as it is hard to predict the effects of non-builtin policies.

Offline kcrannie

  • Comodo Family Member
  • ***
  • Posts: 61
Re: CFP v3.0.9.229 BETA - Questions about how it works
« Reply #29 on: September 28, 2007, 07:09:57 PM »
Sorry to correct you on your post, v941726, but "Learnt" is a word, at least in Canada.

"Learned" or "Learnt" are both the Past Participle of the verb "Learn".  A past participle indicates past or completed action or time.  It is often called the "ed" form as it is formed by adding "d" or "ed" to the base form of regular verbs, however, it is also formed in various other ways for irregular verbs.

It can be used to form a verb phrase as part of the present perfect tense.

For example: -

I have Learnt english.  ("Learnt" is part of the verb phrase 'have learnt').

Trust this proves helpful.

Kevin



lots of bsod's so far. seems to work better w/o cav running. hmm.
also, picky i know, but learnt isn't a word. it's "learned". at least in america.

haven't had a bsod with cav not running. it's been an hour. with cav running it was a max of about ten minutes after a reboot.

kpc

p.s. is this going to be the thread to post bugs to.
"Oh, to be alive in such an age when miracles are everywhere and every inch of common air throbs a tremendous prophecy of greater marvels yet to be."
 - Walt Whitman

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek