Leaking data during boot

[Guest]

[deedee]

Just started using Comodo and in general it works fine for me.
( Just like Sygate - Netveda - Zonealarm and others tried here ).

But they all leak data during boot it seems
Configured Comodo with the:
- Prevent all outgoing when booting
- Ask for all allowed apps first

AVG seems to update anyway before Comodo is started.

Pro for the Sygate was it seems to handle Explorer and IE explorer different

[kail]

Hi deedee, welcome to the forums.

By default CFP is blocking all incoming communications from boot (although there may be no visible indication of this). With outgoing also blocked, nothing gets in or out. AVG is a known & trusted application by Comodo (certified), and thus it would be silently allowed. You can turn off Comodo's silent treatment for trusted/certified applications, under Security -> Advanced -> Miscellaneous & clearing the "Do not show alerts for applications certified by Comodo" option.

[deedee]

Hi Kail

Thanks for the quick reply, did overlook the "advanced" setting
Block here is always all Ins and outs on ask
Will test somemore with it ( and advise it to friends who like a more practical less technical to configure firewall )

Add to comment - Tested it again with trusted application warning on plus ask before allowing
still seems to be able to grab some 150k AVG update before blocking.
Here there still some traffic possible during boot

[egemen]

You need to

* increase popup frequency level to at least to Medium
* Deselect automatically approve comodo cerfied applications
* select block all outgoıing connections during booting

This will prevent everything until the system is up and running. Otherwise, CPF temporarily allows but when the system is up, it asks.

egemen

[deedee]

Hello Egemen

Shift the alerts to "medium" others are already in that state ( as said before )
But dont get it when shifting the alert confirm would help.
It alerts when it is fully started ( and leaked the data before,
 Alert function seems to work fine - when started - so it seems, it alerts )

Also upgraded to the last beta version ( to test that ) but the same problem existst

Still remains all tested here ( next to Comodo ) seems to allow connect and send/receive data during boot a few seconds in time. Would be nice to have a solution which would block all
trafic during boot untill the system is really up.

[AOwL]

Do you have "allow invisible" and "skip advanced" in misc tab in the application rule for AVG?

[deedee]

No nothing of that, it didnt even appear in the application list,
after reinstall - not even by a detect all allowed -  for the beta as normal verion.
First had to allow it specific - afterwards it was in the application list,
In the component list it is present directly and allowed.
Advanced settings in apps settings seems to be oke.
Current config: all in out in apps = ask
Win: raw sockets as many services disabled ( perhaps some conflicts there possible? )

[deedee]

Some further more testing did me decide to install Sygate again
this one does block all your leak tests as well
as the comodo who has to be in ask mode for IE not to leak data
on low level it works better for me and gives me more control

Had some strange effects with AVG disabling ALG ( than there was no update in boot )
but the AVG email scan seems to be killed on the proces some minutes later.

[AOwL]

comodo who has to be in block mode to pass it

[Tags:]