(New bug in RC2 - Severity not sure, may be config specific)
Taskbar ICON (shield) not visible after installing RC2 over RC1 even though firewall (cfp.exe and cmdagent) loads.
Your Operating System: XP SP3 32 bit
Other Security and Utility Software Installed: Avira Basic, Spybot, CMF
Step by step description to reproduce the issue: Install RC2 over RC1, using miscellaneous/check for updates, follow installation defaults, reboot as requested.
How you tried to resolve the problem: Reboot many times (does not work); Log on as different user, then as main user (does work); load firewall again (does work)
Upload Memory Dumps on crash if you encounter any: none
Attach screenshots to your posts to clarify the issue further: not applicable
Please put any False Positive Reporting here: not applicable
Any other information you can think of: One of those bugs that is more of an embarrassment for Comodo than anything else as there are easy work-arounds. Probably relates to known XP fragility re loading task bar icons.
I’m not saying this doesn’t need addressing but it is rather CMF issue than CF and since there hasn’t been any update for months for CMF so I doubt that there will be any update soon. Unfortunately I cannot give you the service name because they must have changed it in some version and now there is no service running in background, at least I can’t notice any. The service mentioned before was injecting a dll file into every executable launched, and I believe this was giving you a buffer underrun protection, but many application do not like this and they refuse to work or work incorrectly. Anyway, I installed CMF on my system and did some tests. I was able to reproduce your issue by only instaling CMF, nothing else has been changed. Adding an exclusion for java.exe or closing CMF didn’t help either. Although I didn’t notice any service running in background the CMF acted exactly the same if there was one. And I suspect that when you close CMF.EXE you close just a GUI and the dll is still injected to every executable. This is just my assumption I do not know how actually CMF works at the kernel level or whatever it is called :D. Anyway the only workaround for me was to uninstall CMF. The problem has gone right away. I suggest you to do the same. I used CMF for a few months and I never had any alert from it. The only few times it gave me an alert was back then when I checked it with Comodo Buffer Underrun Tester(or similar name) application. If you really need buffer underrun protection then maybe you should try SafeSurt. It basically do the same thing but it only protects your web browser instead of the whole system.
I have come across a certain firewall behavior that I am not so sure whether it’s intentional or a bug…
Firewall Behavior Setting = Custom Policy Mode
Run eg. FileZilla (FTP Client Application). Firewall alert pops up for connect permission to Destination IP = x, and Destination port 21 etc. Grant the permission with “Remember my Answer”. So far so good.
The network rule that is inserted in Network Security Policy for FileZilla, does not contain the reference to that particular IP and port 21, that I granted permission to. Instead it has blanket permissions, ie To IP Any and Destination port is Any.
Is this a design feature, or perhaps a bug? I cannot honestly remember how RC1 or previous versions behaved re this particular scenario.
Please post all bug reports & BSOD’s here and make sure to include:
Windows XP SP3
None
Start a manual scan, make sure it scans some large files (20MB mp3’s for instance), try to stop the scan while it’s scanning these large files. Rather than stopping immediately it first finishes scanning the file (which can take up to 20 seconds depending on how large).
I can confirm this happened to me too (while I was running a manual scan) even up to the point where Windows XP security manager was complaining my anti virus software was out of date. When I updated again the msg disappeared. This has happend twice so far but every time manually updating the virus definitions again resolved the issue.
You need at least High to get specific port numbers in automatic rules, and Very high to also get destination address.
Can you try again and see if that works ?
I already did before your post. Setting Alert level on High does acquire the Dest Port, and setting it on Very High, acquires both Dest IP and Port.
Although it is nice to know how, nonetheless, Alert Level settings may not be the right place to make the firewall acquire fine grained info, in my opinion. Having said that, I do not see where else can there be such a setting, thanks for your help.
The VirtualBox-causing-COMODO-to-crash issue has been reported by me and fOrTy_7. However, I have only tested with CFP 3.0.25 and I have not tried with CIS (any version). fOrT7_7, on the other hand, has been using many betas + release candidates and the issue still exists.
Besides, we’re not even sure if its a COMODO issue or not. (Can someone please read my post on the 3.0.25 to find out why I think that is so? And may someone please download my crash dumps, for references sake, since the problem exists with CFP 3.0.25?)
Image execution Control Level = Aggressive
Files to check = .bat, .exe
Defense+, Common Tasks
My Trusted Software Vendors = Only COMODO
Firewall, Advanced
Firewall Behavior Settings = Custom Policy Mode
Alert level = Very High
Default Global Rules (As set by CIS)
Network Security Policy contains CMD.EXE and PING.EXE, both blocked for any in/out communications on IP protocol; both of these entries on top of the list.
On cmd.exe pinging any host eg www.bbc.co.uk goes through unhindered, no questions asked…
I have searched the Comodo forums for this particular problem without success.
Any pointers??
Disabling and enabling the network connection (Ethernet) takes a long time during which cmdagent uses lots of resources; sometimes up to 90%,
I am on Vista 32 SP1
Security program and others:
Spywareblaster
Spybot Search and Destroy (sdwinsec running)
A squared Free (a2service is running)
Malwarebytes Antimalware Free
Super Antispyware Free
Winpatrol (not residential)
Perfect Disk 2008
Disable the network connection (ethernet) and enable it again. Watch the actiivity by cmdagent. It is a lot, up to 90% and takes a lot of time.
Other information. This is an observation and I am not sure if it related. In the process of starting the network connection again the screen goes black two or three as may happen with a driver update for the graphics card (Radeon 9500 with the latest Catalyst driver: 8.10
Computer joined to domain (2003) and connected via proxy but unable to update virus database (gets to 5% then gives up) and CIS constantly reporting that an update (program update) is available on manual update. See below for details.
Edit: Forgot to mention, program update works fine (when an update is available) so not sure if it’s a proxy issue regarding virus database update ???.
Your Operating System (32 or 64 bit) and Service Pack revision (Instructions for XP and Vista)
Windows Vista SP1, 32-bit
Other Security and Utility Software Installed
BOClean 4.27, Windows Defender and SafeSurf 1.0.0.6
Step by step description to reproduce the issue
Using update links in both Summary (or AntiVirus) and Miscellaneous tabs
How you tried to resolve the problem
Problems occurs every time
Upload Memory Dumps on crash if you encounter any
n/a
Attach screenshots to your posts to clarify the issue further
n/a
Please put any False Positive Reporting here
n/a
Any other information you can think of
Same problems occured in previous versions of CIS
Thanks - I agree CMF is involved just tested this myself. Does not happen unless CMF installed. Continues to happen even if CMF out of memory. Have amended bug report accordingly.
Have now found I can resolve this problem by listing all versions of Java.exe (and st_client_wrapper, but should be only one of these in OO/progam) on the disk as exceptions in CMF. Java update just keeps adding versions in version numbered folders in the programs/java directory, AND keeps one version in Windows/system32. (Same is true for CVtres.exe in Windows\Microsoft.net\framework if you have multiple versions of .net - all versions of cvtres.exe must be listed as exceptions). Note that as additional versions are added in future these will need to be listed as exceptions as well. FYI have found that OO and ActualWindowsManager conflict as well - just in case you are using this!
