Treat "Explorer.exe" as an isolated application kills windows

Hi, i just ran into a very annoying problem (had to format the computer to fix it)

What happened was that i accidentaly clicked “treat explorer.exe as an isolated application”.

As soon as that happened the computer got completely locked down, no applications could be started, all start menu entries where blocked. A reboot results in a computer with nothing loaded except services.

I belive the Comodo should be smart enough to not allow this action for explorer.exe

an easier way would have been to boot into safe mode and reinstall Comodo 88)

Xan

it is possible to edit explorer.exe rule losiding CFP GUI from safe mode.

Please submit that to CFP wishlist.

Average joe doesn’t know that (i did not know comodo was the cause untill the problem returned after the format :()

Comodo should never have allowed this to happen in the first place

EDIT:

I see you moved my post, i hope this doesn’t prevent Comodo from fixing this “annoyance”

You can always post this in the Wishlist

https://forums.comodo.com/feedbackcommentsannouncementsnews/comodo_firewall_wishlist_v6-t15557.0.html;msg195174#msg195174

Xan

Please remember to read board guidelines when you open a new topic.
This topic could fit the feedback or help board but not the bugreport one.

Done, thanks.

I must say this is the first time i have seen a hips do something like this :stuck_out_tongue:

I do not agree. Comodo is making a FATAL mistake by offering an option in a pop-up that is 100% guaranteed to make the computer completely unusable. The average user will never be able to recover from this error on his own

See here:

It is one of the most powerful Hips héh ? :smiley:

I do not agree. Comodo is making a FATAL mistake by offering an option in a pop-up that is 100% guaranteed to make the computer completely unusable. The average user will never be able to recover from this error on his own
But then what about the virusses using the explorer.exe name ? You can kill them while using Comodo's Defense+

Xan

It is, but this bug almost completely disables comodo itself too. (only existing defence+ rules are applied nothing else works anymore, no firewall, no new behaviour checks)

no no no, It’s not a bug. It’s working perfectly fine, Doing what you told it to!

If you are going to suggest a different behaviour from the one implemented by design the wishlist topic could be appropriate.
For thoubleshooting the issue itself the help board is preferred.

IMHO the one who does a mistake is the average Joe that is unwilling to use a software properly but this doesn’t matter.

You are free to express your viewpoints in the appropriate places and in the limits of Comodo Forum policy.

Please understand the efforts volunteering moderators have to do to keep the forum tidy.
I don’t wish to prolong this topic any further with an OT discussion on topic placement.

Thank you for your cooperation.

i should not be able to tell it to do so. It should not allow any action that could comprimise its own security.

This “bug” also allows for attacks agains comodo and the OS. I found that you can still use the Run-as function and get programs to run. However since Comodo is completely crippled it does not prevent anything those applications do.

-I completely followed those guidelines
-I reported a problem that completely fits the description bug (unexpected behaviour in this case)
-I am not off-topic because there is no sub-forum for discussing mod-decisions
-Comodo already offers different choices for different applications//behaviours, the option to choose “isolated application” is a little oversight that no-one noticed in the test-fase
-Comodo comes with some default policies. One of these should be for explorer.exe


Can someone suggest the settings for a safe explorer.exe default policy

Hey Tetsuo, cmdagent.exe is stil running when you isolate explorer.exe

You’re still safe :slight_smile:

did you reboot also? (you won’t be able to so you need to reset)
On reboot none of the comodo exe’s will have been loaded.

I guess I have to take this chance to remember that bugreport board gudelines are outlined in IMPORTANT: HOW TO SUBMIT BUGREPORTS v2.2 (READ THIS IF YOU WANT THEM FIXED)

I beg to differ. It was an expected behaviour considering what the Isolated app policy do.
Using a predefined policy without bothering to examine it it is an user-error.
Asking a feature to prevent such users to misusing CFP it is a feature request.

You can PM an admin.

It does. explorer.exe is defined as Trusted app by default

[code=Application :%windir%\explorer.exe Treat as: [Trusted Application]]

Policy [Trusted Application] is defined as

Access Right 0: { Interprocess Memory Access } Default Action: Allow
Access Right 1: { Process Terminations } Default Action: Allow
Access Right 2: { Windows Messages } Default Action: Allow
Access Right 3: { Windows/WinEvents Hooks } Default Action: Allow
Access Right 4: { Protected COM Interfaces } Default Action: Allow
Access Right 5: { Phyisical Memory } Default Action: Allow
Access Right 6: { Disk } Default Action: Allow
Access Right 7: { Keyboard } Default Action: Allow
Access Right 8: { Computer Monitor } Default Action: Allow
Access Right 9: { Protected Files/Folders } Default Action: Allow
Access Right 10: { Protected Registry Keys } Default Action: Allow
Access Right 11: { DNS Client Services } Default Action: Allow
Access Right 12: {Device Drivers Installations} Default Action: Allow
Access Right 13: { Loopback Networking } Default Action: Allow




Predefined policy can be reviewed (and thus used properly) using [url=http://wiki.comodo.com/CFP3/Help_Guide/Defense_Task_Center/Predefined_Security_Policies]Defense+ Tasks > Advanced - Predefined Security Policies[/url]

[code=Isolated application policy]Policy [Isolated Application] is defined as
-----------------------------------------------------------------------------------------

Access Right 0: {      Run an Executable     }	Default Action: Block
Access Right 1: { Interprocess Memory Access }	Default Action: Block
Access Right 2: {    Process Terminations    }	Default Action: Block
Access Right 3: {      Windows Messages      }	Default Action: Block
Access Right 4: {   Windows/WinEvents Hooks  }	Default Action: Block
Access Right 5: {Device Drivers Installations}	Default Action: Block
Access Right 6: {   Protected COM Interfaces }	Default Action: Block
Access Right 7: {   Protected Files/Folders  }	Default Action: Block
Access Right 8: {   Protected Registry Keys  }	Default Action: Block
Access Right 9: {     DNS Client Services    }	Default Action: Block
Access Right 10: {      Phyisical Memory      }	Default Action: Block
Access Right 11: {            Disk            }	Default Action: Block
Access Right 12: {          Keyboard          }	Default Action: Block
Access Right 13: {      Computer Monitor      }	Default Action: Block
Access Right 14: {     Loopback Networking    }	Default Action: Block

Improperly submitted bugreports are usually moved to the help board in order to address them and eventually gather the information required for a proper bugreport.

As this is going to be a fruitless discussion I’m going to lock this topic and ask other mod to review this.