Conserving resources and minimizing work

[Guest]

[bxf]

This will obviously give you people an idea of my age, but such is life.

My introduction to computers came in the form of a 64K(!) mainframe. This was for the OS and applications running together. When you stop laughing, you may continue reading.

I still have the mentality of conserving resources and reducing overhead, and I sometimes expend disproportionate effort in finding a way to do something in four instructions rather than six. OK, this is sometimes done in the spirit of the art of coding and showing how clever I can be, but whatever.

OK, to get on track here, I appreciate the PURGE functions that are available in the FW and DEFENSE+, but would like more. I'd like to be able to find references to non-existent items within the Custom Policy/Access Rights definitions. Is there a way I can do this without manually searching through the Registry and then going to the relevant item's DEFENSE+ entry and deleting the Access Rights reference? This is very tedious. A SEARCH function would be very useful here, as would be a SORT function on the main Computer Security Policy display.

It appears to me that a Trusted Application has fewer definitions, and hence should result in reduces overhead. Am I seeing things correctly?

Does the inclusion of a vendor in My Trusted Software Vendors result in a reduction of anything, or is this just an automatic way of generating Computer Security Policy entries that would have been generated anyway?

Thanks for any input.

[grue155]

IBM or DEC mainframe? (or Honeywell or Burroughs or Univac, or any other BUNCH machine in particular?) My intro was a CDC 6400 back when...

I'm not sure if this will given you all of what you're looking for, but the CFP Config Reporting Script will read thru the registry and produce a lot of output on a single, but very long, page. The script is detailed in the sticky topic at the top of the forum page. At least it'll give somethng you can print out, mark up, and use as a guide in doing the actual cleanup.

Re Trusted Applications and Vendors, some of it is shortcut for rule generation, and some isn't. It's a context dependent question. If you look at the Config Report output, how it's structured may give you some idea of the why and when and where or things.

I hope that helps, at least a little...

[bxf]

IBM or DEC mainframe? (or Honeywell or Burroughs or Univac, or any other BUNCH machine in particular?) My intro was a CDC 6400 back when...

I'm not sure if this will given you all of what you're looking for, but the CFP Config Reporting Script will read thru the registry and produce a lot of output on a single, but very long, page. The script is detailed in the sticky topic at the top of the forum page. At least it'll give somethng you can print out, mark up, and use as a guide in doing the actual cleanup.

Re Trusted Applications and Vendors, some of it is shortcut for rule generation, and some isn't. It's a context dependent question. If you look at the Config Report output, how it's structured may give you some idea of the why and when and where or things.

I hope that helps, at least a little...

Nothing but the best for me in those days - IBM 360/50. Those were the days, with all the flashing lights people used to marvel at:)

I wasn't aware of the Config Report - should be of some benefit. I'll try it out.

Thanks for your input.

[bxf]

Well, I finally decided to expend some of my unused mental energy and write my own cleanup process. It works for me, but the usual caveats apply, and I take no responsibility for any failures. You may wish to backup the Registry entry HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro before running the following script, which will remove all references to non-existent files from the Access Rights definitions. Save the following as a file with a VBS extension and then run it:

Option Explicit

Dim objWMIService, objShell, objgReg, i, j, k, l, m, n, folder, bad, RC, HaveNone, temp
Dim RegPath1, RegPath2, RegPath3, RegPath4, RegPath5, MsgPath, NumAppl, NumRules, NumItems, RuleFlags, strFileName, AorB(2)
Dim objFSys, objOutFile, colProcessList, objProcess

Const wshYes = 6
Const wshYesNoDialog = 4

Const cHKLM = &H80000002
Const strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

set objShell = CreateObject("WScript.Shell")
Set objgReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
Set objFSys = CreateObject("Scripting.fileSystemObject")

AorB(1) = "Allowed"
AorB(2) = "Blocked"

RC = 999
Set colProcessList = objWMIService.ExecQuery ("Select * from Win32_Process Where Name = 'cfp.exe'")
For Each objProcess in colProcessList
    RC = 0
Next
 
If RC = 0 Then
   i = objShell.Popup("You should terminate CFP, or at least ensure that no activity will be updating any CFP definitions while this cleanup is running. Do you wish to Continue?", 0, "CFP Registry Cleanup", wshYesNoDialog)

   If i <> wshYes Then
      WScript.Quit(0)
   End If

End If

Set objOutFile = objFSys.CreateTextFile("C:\Windows\Temp\CFP Invalid File List.txt", True)
objOutFile.WriteLine("The following entries were removed from the CFP Computer Security Policy Access Rights definitions:")
objOutFile.WriteLine(" ")

RegPath1 = "SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy"
objgReg.GetDWordValue cHKLM, RegPath1, "Num", NumAppl
NumAppl = NumAppl - 1

HaveNone = True
For i = 0 to NumAppl

   RegPath2 = RegPath1+"\"+CStr(i)+"\Rules"
   objgReg.GetDWordValue cHKLM, RegPath2, "Num", NumRules

   If NumRules > 0 Then
      NumRules = NumRules - 1

      For j = 0 to NumRules
         RegPath3 = RegPath2+"\"+CStr(j)
         objgReg.GetDWordValue cHKLM, RegPath3, "Flags", RuleFlags
       
       IF (RuleFlags = 1) OR (RuleFlags = 2) OR (RuleFlags = 4) OR (RuleFlags = 16) OR (RuleFlags = 512) OR (RuleFlags = 1024) OR (RuleFlags = 2048) Then
         For l = 1 to 2
            RegPath3 = RegPath2+"\"+CStr(j)+"\"+AorB(l)
            objgReg.GetDWordValue cHKLM, RegPath3, "Num", NumItems
            If NumItems > 0 Then
              NumItems = NumItems - 1
       
              k = 0
              n = 0
              Do While K <= NumItems
                     
                RegPath4 = RegPath3+"\"+CStr(k)
                MsgPath = RegPath3+"\"+CStr(k+n)
                objgReg.GetStringValue cHKLM, RegPath4, "Devicename", strFileName    'Devicename contains expanded name in case of %...% Filename
         
                IF Not IsNull(strFileName) Then
                  IF Mid(strFileName,2,2) = ":\" Then
                     folder = False
                     If Right(strFileName,2) = "\*" Then
                       strFileName = Left(strFileName,Len(strFilename)-2)
                       folder = True
                     End If   
         
                     bad = True
                     If folder Then
                        If objFSys.FolderExists(strFileName) Then
                          bad = False
                       End If
                     Else                                'not a folder
                        temp = Split(strFileName,"*")
                        If temp(0) <> strFileName Then   'generic name
                          bad = False
                       Else
                          If (objFSys.FileExists(strFileName)) Then
                             bad = False
                         End If
                       End If
                     End If
                   
                     If bad then
                       objgReg.DeleteKey cHKLM, RegPath4
                       objOutFile.WriteLine("HKLM\"+MsgPath+"  "+strFileName)
                       For m  = k+1 to NumItems
                          RegPath5 = RegPath3+"\"+CStr(m)
                          RC = objShell.Run("Reg.exe Copy ""HKLM\"+RegPath5+""" ""HKLM\"+RegPath4+""" /s /f", 0, True)
                          RegPath4 = RegPath5
                       Next
                       IF (NumItems > 0) AND (K <> NumItems) Then
                         objgReg.DeleteKey cHKLM, RegPath5
                       End If
                       objgReg.SetDWordValue cHKLM, RegPath3, "Num", NumItems
                       NumItems = NumItems - 1
                       k = k - 1                'so that we don't ignore what is now the new k'th item (just moved from k+1)
                       n = n + 1
                       HaveNone = False
                     End If
                  End If
                End If
                
                k = k + 1
              Loop
         
            End If
         Next
       End If
       
      Next
      
   End If

Next

If HaveNone Then
   objOutFile.WriteLine("All entries are valid - nothing to purge")
End If
objOutFile.Close

MsgBox "CFP Access Rights file cleanup - complete"

RC = objShell.Run("""C:\WINDOWS\notepad.exe"" ""C:\Windows\Temp\CFP Invalid File List.txt""", 4, False)

WScript.Quit(0)

Please note: one line changed above 2008.10.20

[grue155]

Oh my    Thank you for the effort. With your permission, we'll be adapting the script for usage here in the forums.

[bxf]

By all means, permission granted. Enjoy:)

Note: if CFP is active when you run the script, you will probably get an alert for REG.EXE when the script runs. Select ALLOW and REMEMBER, so that the alert is not repeated for each update attempt.

[Tags:]