Application Allowing [Resolved]

[Guest]

[ForzaItalia]

Something I'm not understanding is why applications aren't remembering being allowed access. I searched and the closest I found was http://forums.comodo.com/index.php/topic,6907.0.html, but that didn't help because there was no resolution.

I'm finding firefox.exe, iexplore.exe and realplay.exe, which I allowed  (checking to remember) keep asking for access again and I have many instances of each. Are there certain properties I need to change when I allow an application?

Any help will be appreciated,
thanks in advance,

ForzaItalia

CAMPIONE DEL MONDO

[Soyabeaner]

Hi again, ForzaItalia .  There are many possibilities:

1.  Your Alert Frequency Level is set above the default 'low' level.  You are alerted every time those programs attempt connecting via different ports and/or different IP addresses.

2.  Application Behavioral Analysis (ABA) has detected that a different parent executable has started the programs to attempt connections to the internet (e.g. instead of a desktop shortcut, another program launches Firefox).

3.  Well --- I think it's better that you please post a screenshot of a couple of those alerts for us before suggesting other scenarios.

[ForzaItalia]

I attached the main two that keep asking for access. I imagine the "component monitor" has something to do with this, should it be on learn (default) or turn on? Also, the "alert frequency level" is at low (default).

Thanks again 

ForzaItalia

________________
oggi e il giorno nuovo

[Soyabeaner]

Sorry .  I can't see the pictures because I only have the cheap Windows Wordpad program without any graphics filter conversions available.  If possible, it's preferable that the screenshots are in png, jpg, gif, etc. rather than as a document format.

The Component Monitor (CM) is another possibility, but it shouldn't ask you more than once.  Best to leave it as Learn mode for the first few weeks of installing CFP to avoid the initial alerts on safe components.  Then you can change it to On mode.

Another method to minimize alerts is to enable the default Do not show any alerts for the applications certified by COMODO option.  This is in Security > Advanced > Miscellaneous > Configure > 2nd option.

[ForzaItalia]

Do not show any alerts for the applications certified by COMODO option is checked. Is it possible an application (ie Firefox, iexplorer) need many instances allowed before it finally remembers? I'm attaching the screenshots as .JPGs

Thank you for your patience

ForzaItalia

[Soyabeaner]

1st Pic: IE is an invisible application.  I get a similar alert if I launch my browser through another program like Yahoo Messenger.  If this is what you want, meaning both programs are recognized as trusted, then clicking on Remember option to Allow shouldn't ask you again.

2nd Pic: FF is acting as a server.  This is the TCP loopback connection being checked by CFP.  If you don't run any proxy server, go to Security > Advanced > Miscellaneous > Configure > enable the Skip loopback (127.x.x.x) TCP connections option.

3rd Pic: I can only comment on the ones that I know of in your App Mon rules.  Your Divx Installer should not have a rule because it should be a one-time occurrence that it needs outbound connection.  You should remove that rule.  Also delete the TCP/UDP In rule for Firefox because it doesn't need that.  You might wonder why some of them look like duplicate rules, such as the two for IE7.  If you click on each one, examine the parent at the bottom detailed info.  I bet one is explorer.exe (which is basically Windows' main executable for almost all programs) and the other is something else.

After all that's done, you should restart your browsers (or reboot if nothing has seemed to change).

Edit: I remember that IE is a certified app, so if the parent for one of your App Mon TCP/UDP Out rules is explorer.exe, it can be deleted.

[ForzaItalia]

I must say, you rock. Thank you for the help, now I think I'm starting to understand how some of the settings work.

thanks a million

FI

[Soyabeaner]

Excellent .

I'll lock this as resolved.  If you ever need to open it just PM any moderator.

[Tags:]