Security and Utility Software Installed - CIS (both CFP and CAV)
Step by step description to reproduce the issue - Repeats Intermittently
How you tried to resolve the problem - Can’t track the cause
Upload Memory Dumps on crash if you encounter any - Uploaded at each BSOD
Attach screenshots to your posts to clarify the issue further - N/A
Any other information you can think of - None
Please put any False Positive Reporting here - N/A
Still getting intermittent BSODs when accessing my Floppy/CD/DVD drives. I’m now uploading my system minidumps along with any Comodo crash dump. ??? This is getting to be a major frustration.
Only SAS MBAM on-demand
3 & 4. This sounds like a VERY serious one to me. If anyone has compared CIS Beta & CFP 3.0.25.378, You will notice some things:
a)Defense+>Advanced>Computer Security Policy>%windir%\explorer.exe and it is a “Windows System Application” - Well okay, that’s fine because it is a Windows Application, However with that default setting set (And not custom like CFP 3.0.25.378) Try blocking some programs, Any program. Just try blocking Firefox or any app on your PC, Or “Treat as Isolated Application” (Which blocks a program totally). You will see your programs can still get passed.
b) Making %windir%\explorer.exe as a “Trusted Application” solves the issue, But you CAN NOT Treat “explorer.exe” as an Isolated App because it totally blocks everything. You will find your programs inaccessible with error messages, Going into “Safe Mode” and changing explorer to Trusted solves the issue.
Let me explain this with some screen shots using Firefox as an example.
In the above Screen Shots, explorer.exe is not a Windows System Application, It is “Trusted” or “Custom Policy”, And therefore, you get that Alert. If you “block this request” and have “remember my answer ticked”, Firefox will block fine, and that’s a good thing:
However, If you set Explorer.exe to Windows System Application, As it is default in CIS right now like below"
And you see that Firefox Alert again (Clearing Firefox off Computer Security Policy):
You will notice, explorer.exe isn’t there. And when you block it, it will run like it wasn’t blocked. Treating any app as “Isolated Application” won’t help either, It effects explorer.exe & therefore you can’t use your programs… But won’t effect any other program.
So 2 things before the RC/Public:
Remove the Computer Security Policy Isolated Application for %windir%\explorer.exe. If a user treats Explorer.exe as an Isolated Application, they will find no programs will work on there PC’s.
Redefine %windir%\explorer.exe instead of Windows System Application or edit it some how… This does reduce pop ups actually, That’s a great thing… But still, With WSA with explorer.exe, Blocking an app, Isolating an app, won’t help.
So yeah that’s about it. You can tell how much I care now… lol ;D Anyway maybe you can keep it as a Windows Sys App just maybe something is allowing programs blocked or isolated that’s a deep setting or something… I dunno… Just a heads up.
If anyone has a solution or same problem… let me know.
32 Bit | Windows XP | Pro Service Pack 2
Comodo Firewall 3.5.52396.411 Beta only security program
The GUI takes 6 seconds to disappear after I right click on CFP system tray icon to exit. The icon disappears fast as it did before, but not the GUI when it’s left on screen. Last stable release didn’t have this minor issue.
32 Bit | Windows XP | Pro Service Pack 2
Comodo Firewall 3.5.52396.411 Beta only security program
To add to my first bug report, I notice the filename and its path where the user sets to store the CFP log is truncated whenever the Miscellaneous > Settings > Logging tab is accessed.
Temporary workaround is to click on the path link and then do something like click the OK or Cancel button – however, the issue returns as soon as the above steps are taken. At least this time I don’t think it’s a DPI issue
Just to follow up on my above post. If you do have explorer.exe as Custom (When explorer Alerts you before the program runs and asks) go to edit %windir%\explorer.exe and click Access Rights and click Modify… on Run an executable You will notice this:
My point is that’s a normal thing with allowed and blocked applications. If %windir%\explorer.exe is Windows System Application You will find that Allowed & Block list blank, Therefore that’s why I think programs can get past, Regardless if that particular program is Allowed or Blocked on an Alert, + Isolated.
You’re right. It is the same… Thanks for pointing it out. But still, Whether explorer.exe is a Windows System Application or Trusted, Programs still get through when they are specifically blocked or Isolated.
I’m not sure what you mean with get passed but limited application and Isolated application policies are not meant to prevent the execution of an application they got assigned to.
You have explorer.exe as Windows System Application right? Just try blocking a program… Click “Block” and it won’t block, and the applications run as normal is what I meant.
I completely agree with your observation of the “Windows System Application” being the wrong policy for explorer.exe. Sure, technically it is a windows system application, but I’ve noticed the same thing you talk about: any application executed by explorer just gets allowed (thanks to the “run an executable” *-status in the predefined windows sys app policy). In CFP we got an alert every time explorer tried to run a new app.
It’s probably best - for now at least - to change explorer.exe to trusted, right?
I don’t know… gibran is the tech guy. :a0 But basically:
Changing explorer.exe to custom and blocking an app will block the app (good thing) totally.
Keep explorer.exe as Windows System Application and you run and app, and you choose to block it the app will run anyway. Malware will install easily like this, I do like not having the pop ups for explorer.exe though… Just the ACTUAL exe’s that run.
If anyone else can tell me the same thing… pls post so we can get this resolved in future versions.
Exactly! IIRC I posted something along those lines in the CFP forum a while ago. And the popup that said “explorer.exe is not a known application, it’s trying to execute xyz” or something like that, is a bit confusing.
A compromise would be better: “explorer.exe is a safe/known application, i wants to run xyz”. That way we get the information that a program wants to run and that explorer.exe is the parent…
I see. I guess that the rationale behind that choice was not that explorer is a windows system application but simply to prevent new users from assigning an isolated app policy to explorer.exe itself when they got that execute application alerts.
So I guess that this
Should refer to the execution alert triggered when an new application is launched using explorer.exe.
But Josh you should already know that treat as limited application or isolated application is not meant to block the execution of the app which is assigned to.
Those who got windows system app policy assigned to explorer.exe can chose whenever these apps should run with restricted privileges.
Besides even if a new untrusted app is allowed to execute from explorer.exe there would still be an alert for that app specific actions if that app is not considered trusted.
Did you think that If explorer.exe was so untrusted then the protected files/folder access right should have been set to Ask too?
The only advantage that the trusted policy had over windows system application policy was that the user could create a list of allowed/blocked app execution and then use it for parental control purposes.
Well in our secret little corner I misunderstood a post by Matty…
I know, I should of known that… My mistake. :-[
I think I have gone a bit over-board… Sorry for wasting everyone’s time with this matter, I understand gibran now. Thanks for posting. I was just getting a little worried when the applications were still “running through” when I blocked them, But I got a good idea now.
Additional Screenshot for this Report as you can see, it’s “fast” and high on CPU with AV disabled.
It’s superslow with AV enabled. Overall performance is also noticeably slower than with AV disabled.
32 Bit | Windows XP | Pro Service Pack 2
Comodo Firewall 3.5.52396.411 Beta only security program
Defense+ in Clean PC Mode
I think someone reported this in one of the earlier builds: after performing a lookup in Pending Files and moving the files that are marked as safe to the safelist, they still appear in the Pending Files screen until it’s closed. Last stable release just automatically cleared them instead of having to exit the screen.
As per my complain in the last two betas, cmdagent is still consuming 10% of my quad-core machine, why?
On that note, is it necessary for cmdagent to work so fervently? When I use the latest CPF before the CIS beta, initially it gave me the same amount of cpu usage from the cmdagent, but it got better as the patches came in.
Now after 2 betas and a very long pre-beta period, CIS should work much better than CPF, no?
Please look into this. I am now seriously considering reverting to using AVG and CPF, they work a lot better than CIS.
I was just getting a little worried when the applications were still “running through” when I blocked them, But I got a good idea now.