Missing "Predefined Firewall Policies"

[Guest]

[risk]

Just earlier my Comodo Firewall (version 3.10) stopped responding so I force ended its process.  But after restarting it again, I noticed that the Predefined Firewall Policies are missing, even after a Windows restart.

Is there a way to restore these Predefined Firewall Policies without reinstalling the Firewall application itself?

[Toggie]

Welcome to the forum risk.

Unfortunately I don't know of any way to independently restore these polices. You could try running Diagnostics from the Misc tab to see what it reports.

[risk]

Thanks, Toggie.

I did run the Diagnostics.  It reported that there aren't any problems with my installation.

Would anyone be so kind to post the settings for these Predefined Firewall Policies so I can manually define/re-create them?

[SiberLynx]

Hi risk,

I posted the images below

At the same time this bug with disappeared Predefined Policies was  reported long ago and I don't remember whether there was a solution found. One of the examples is here:
https://forums.comodo.com/empty-t22444.0.html

Attached are Firewall ones, since you requested those.
As you can see, in the thread referred the Defense+ Policies were gone as well.

Sure you may try to recreate those, but I would suggest clean reinstall because you may not see what else is wrong.

In addition it would be helpful for developers if you provide more details about your system (OS, Service Pack; platform...); other security Software you are running; etc. and maybe you can recall something specific like circumstances when that may've happened.

My regards

[risk]

Your post is much appreciated, SiberLynx.

I had thought of reinstalling Comodo, but it worries me that doing so would require the freshly installed firewall to "re-learn" from scratch the custom policies/settings I've already set for my existing applications.

[SiberLynx]

Your post is much appreciated, SiberLynx.
I had thought of reinstalling Comodo, but it worries me that doing so would require the freshly installed firewall to "re-learn" from scratch the custom policies/settings I've already set for my existing applications.

You are welcome, risk.

Please use Export feature for saving your settings.
My bad,  I should've mentioned that in the first place, in context with reinstallation...
but  you can try recreating those ... and use Export / Import  in the future.

Cheers

[earthsound]

I hate to respond to an old thread, but this very nearly covers my problem.   Recently, COMODO crashed on me. After restarting, I started getting popup notices for events that had already been covered by custom policies.

I looked through my COMODO settings and noticed that all of my Predefined Firewall Policies were missing/empty. 

Also, under COMODO's Network Security Policy window, the "Treat as" column still has all the original names, such as Custom, Trusted Application, Web Browser, etc., but many of the rules are now missing.

If a process is treated as Trusted Application, for example, it will have under it:

"Add rules for this application"

instead of the rules that used to be set for Trusted Applications. 

Unlike the poster in https://forums.comodo.com/empty-t22444.0.html, my Computer Security Policies were not wiped out...they appear to be intact.

The "My Port Sets" is blank, but I cannot honestly remember if it is blank by default.

The "My Network Zones" is blank except for 2 recently re-added VMWare Virtual Ethernet Adapters.

I'm running Windows XP Pro SP3 & have the Firewall & Defense+, but no Antivirus, running within COMODO. I was hoping to find out why & possibly fix this problem.

I really hate starting from scratch, as it looks like I'm going to have to do, b/c a backup of this bad configuration results in a 6.45 MB CFG file. 



On a side note, why does COMODO have a subdirectory called scanners that contains nothing but Antivirus files when I do not have the Antivirus component installed? That folder is taking up 107MB of space.

Additionally, the Repair subdirectory also contains some Antivirus files, putting that folder at 140MB.

[SiberLynx]

... Recently, COMODO crashed on me. After restarting, I started getting popup notices for events that had already been covered by custom policies.
I looked through my COMODO settings and noticed that all of my Predefined Firewall Policies were missing/empty.   ...

Hi earthsound ,

Can you be more specific about it and provide more details about the crash and circumstances when that happened?

Any messages, any Warnings/Errors in the system Events?

as for your a side note about the presence of the AV folder/files  when user choose not to use Comodo's AV that is just very unfortunate thing, but by itself that never  caused any problems here

Have you ever saved (Export) settings?
If not please do that periodically, so you can try just Import them back.
Even if that is not a complete list  that is still better than starting from scratch.

As a matter of fact the version of CIS was not mentioned as well

My regards

[earthsound]

Hi earthsound ,

Can you be more specific about it and provide more details about the crash and circumstances when that happened?

Unfortunately, I don't remember what I was doing, if anything, the last time it crashed. The crash reporter wasn't able to send the zipped crash log(s), so I emailed it by manually (like I have every time CFP has crashed since the crash reporter always fails to send the crash log).

Any messages, any Warnings/Errors in the system Events?

Nothing terribly helpful, I'm afraid. The Application log showed an Application Error, Event ID 1000:

Code:

Faulting application cfp.exe, version 3.13.54210.572, faulting module , version 0.0.0.0, fault address 0x00000000.

The crash dump didn't appear too informational, either:

Code:

Microsoft (R) Windows Debugger  Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\pathtofile\CRASH.DMP]
User Mini Dump File: Only registers, stack and portions of memory are available

Symbol search path is: symsrv*symsrv.dll*c:\websymbols*http://msdl.microsoft.com/download/symbols;SRV*c:\websymbols\*http://symbols.mozilla.org/firefox;SRV*c:\websymbols*http://build.chromium.org/buildbot/symsrv
Executable search path is:
Windows XP Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Fri Dec 11 13:28:49.000 2009 (GMT-6)
System Uptime: not available
Process Uptime: 0 days 23:52:12.000
..........................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(9d4.6cc): Access violation - code c0000005 (first/second chance not available)
eax=000004c0 ebx=067d38e8 ecx=0012d710 edx=59a63d70 esi=067d38c0 edi=067d3918
eip=7c90e514 esp=0012d6e0 ebp=0012d6f0 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
ntdll!KiFastSystemCallRet:
7c90e514 c3              ret
0:000> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for urlmon.dll -


FAULTING_IP:
cfp+a2b61
004a2b61 ??              ???

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 004a2b61 (cfp+0x000a2b61)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000004
Attempt to read from address 00000004

DEFAULT_BUCKET_ID:  APPLICATION_FAULT

PROCESS_NAME:  cfp.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS:  00000004

BUGCHECK_STR:  ACCESS_VIOLATION

LAST_CONTROL_TRANSFER:  from 00000000 to 004a2b61

STACK_TEXT:  
0012ea28 00000000 f1d3a5d3 00000000 02904e40 cfp+0xa2b61


STACK_COMMAND:  ~0s; .ecxr ; kb

FOLLOWUP_IP:
cfp+a2b61
004a2b61 ??              ???

SYMBOL_STACK_INDEX:  0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: cfp

IMAGE_NAME:  cfp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4afc9d1a

FAULTING_THREAD:  000006cc

SYMBOL_NAME:  cfp+a2b61

FAILURE_BUCKET_ID:  ACCESS_VIOLATION_cfp+a2b61

BUCKET_ID:  ACCESS_VIOLATION_cfp+a2b61

Followup: MachineOwner

0:000> .ecxr
eax=00000000 ebx=004a3080 ecx=02904e40 edx=00090000 esi=02904e40 edi=02606a48
eip=004a2b61 esp=0012ea2c ebp=0012eb34 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010246
cfp+0xa2b61:
004a2b61 ??              ???

0:000> lm kv m cfp*
start    end        module name
00400000 00a06000   cfp      T (no symbols)          
    Loaded symbol image file: cfp.exe
    Image path: C:\Program Files\COMODO\Firewall\cfp.exe
    Image name: cfp.exe
    Timestamp:        Thu Nov 12 17:41:14 2009 (4AFC9D1A)
    CheckSum:         001B96AB
    ImageSize:        00606000
    File version:     3.13.54210.572
    Product version:  3.13.54210.572
    File flags:       0 (Mask 3F)
    File OS:          4 Unknown Win32
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0000.04b0 0000.04e0 0409.04b0 0409.04e0
017c0000 01807000   CFP_17c0000   (deferred)            
    Image path: C:\Program Files\COMODO\Firewall\themes\CFP.theme
    Image name: CFP.theme
    Timestamp:        Thu Nov 12 17:37:41 2009 (4AFC9C45)
    CheckSum:         0004B562
    ImageSize:        00047000
    File version:     3.13.54210.572
    Product version:  3.13.54210.572
    File flags:       0 (Mask 3F)
    File OS:          4 Unknown Win32
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0000.04b0 0000.04e0 0409.04b0 0409.04e0

as for your a side note about the presence of the AV folder/files  when user choose not to use Comodo's AV that is just very unfortunate thing, but by itself that never  caused any problems here

Yes, although it has nothing to do w/ this crash/problem, it's still way too much space taken up for something that's not even being used.    After the reinstall, the AV files are taking up just over 206MB.  

Obviously, this bug should be fixed, but in the meantime, I'd like to know if I can delete them without having cfp re-download them without asking me.

Have you ever saved (Export) settings?
If not please do that periodically, so you can try just Import them back.
Even if that is not a complete list  that is still better than starting from scratch.

I had, but it had been too long to be of much use. I didn't mind starting from scratch. This way, I can add the couple of dozen firewall rules I know that I need and go from there. The other plus is that cfp is much faster and more responsive now, mostly likely due to the much smaller amount of settings in the registry (I still don't understand why cfp uses the registry instead of a sqlite file (or some other type) for the multitudinous amounts of rules it can create).

As a matter of fact the version of CIS was not mentioned as well

My regards

Sorry about that. As you can see from the debugger output of the crash dump, cfp.exe was version 3.13.54210.572. Which brings me to another question:

Today, I went to COMODO Firewall > Miscellaneous > Check For Updates and it said there was an update available. When I clicked on the details, it took me to the release notes where it said that 3.13.121240.574 was the latest. I was already running that version.

After updating, About COMODO Firewall reports that it is version 3.13.125662.579, however I cannot find any files in the program folder that match that version number. The closest I found was the framework.dll, which is now at version 3.13.60126.579. Where is the Product Version number coming from?

[edit: I see that version 3.13.125662.579 was released just to fix an AV bug. However, I still don't see where the reported version number comes from.]

Thanks to anyone able to shed some light here...

[EricJH]

The latest version is 3.13.125662.579. The page you visit is always too late with telling when there is a new version.

To know what version you are using look under Miscellaneous --> About.

In the forums new releases will always be announced in Feedback/Comments/Announcements/News - CIS.

[Tags:]