Author Topic: CFP 3.0.9.229 BETA 32-Bit Bug Reports [CLOSED]  (Read 91741 times)

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: CFP 3.0.9.229 BETA 32-Bit Bug Reports
« Reply #180 on: October 10, 2007, 05:47:39 PM »
OS:Windows XP SP2
AV: Avast

Submit files to comodo for analisys results in few errors (translated) after I press Submit.
I get exactly the same errors with cfpupdate.
It is strange but If I launch Thunderbird I don't get this error ??? How could this be :o ?

  • The instruction at "0x76ea3cd9" refferred to memory address "0x76ea3cd9". That memory could not be "written"
  • The instruction at "0x76eaa773" refferred to memory address "0x76eaa773". That memory could not be "written"
  • The instruction at "0x76ea32a5" refferred to memory address "0x76ea32a5". That memory could not be "written"
« Last Edit: October 10, 2007, 05:52:50 PM by gibran »
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline grampa

  • Comodo's Hero
  • *****
  • Posts: 392
Re: CFP 3.0.9.229 BETA 32-Bit Bug Reports
« Reply #181 on: October 10, 2007, 06:28:16 PM »
Hiya,
don't know if this has been mentioned before.
I press the 'start button' and the menu opens - good!
I press 'all programs' and the list is shown - good!
I try to open a subfolder or click an application (e.g. the Nero folder or the Adobe Acrobat Reader application) - nothing happens. They're not even highlighted.
As soon as I disable Defense+ it works again.
Another observation: Spyware Terminator is not loaded at startup with Defense+ activated (even with ST's HIPS disabled - so no conflict here).
It led me to turn off Defense+ (which I'd like to be activated but which causes too many troubles).
Otherwise CFP seems to work great.
Keep up the good work.
Cheers,
grampa.
"It is a mistake to think you can solve any major problems just with potatoes." (Douglas Adams)

Offline xiuhcoatl

  • Unaffiliated Forum Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 911
Re: CFP 3.0.9.229 BETA 32-Bit Bug Reports
« Reply #182 on: October 11, 2007, 01:00:01 AM »
Also posted in how CFP 3.0.9 works
if a mod wants to delete one post "please leave the bug report"
Little Mac
 here is my converstion with Egemen see if you can verify what I am saying
If I understand him correct and he understands me
the behavior of Windows installer Application is a Bug
It´s a long conversation

Thanks
 OD
when you select "Remember my answer" for a pop up with "Windows installer Application"  you should still get the pop-up telling you to  and In the "Summary" screen  "Proactive Defense" it should say  "Switch to Previous Mode" not "Switch to Installation Mode"(Andysnap_029.jpg)]

I still think either CFP is not performing as you are explaining or you are missunderstanding the actions I am taking

I am not selecting "Installation Mode"  I am when I recieve a pop-up
from Say "rtvscan.exe(Andysnap_028.jpg) in the case of Symantec AV or svchost.exe(Andysnap_027.jpg) in the case of windows update.

When in the case of Symantec Live Update
rtvscan.exe  pops up with
"Rtvscan.exe is trying to modify a protected file or directory. What would you like to do?"

I select "Treat this application as"  {windows Installer Application]

then I check the  "Remeber my answer"  check bok

CFP3.09 will create a rule in D+
Application                     Treat as
C:\....\rtvscan.exe           Windows Installer Application

I will not recieve any rminders of this being a Windows Installer Application(the following part in brackets was not in my pm to Egemen)[In the summery screen the "Proactive Defense" still says "Switch to Instalation Mode"(Andysnap_029.jpg)]

Nor will this change my status in the Summery screen
the only way to change this is delete the rule in D+

Hope this clarifies

OD

PS I will post this in the bug section
with snapshots of the rules in D+

No. Remembering will not dismiss the reminder. You should receive the reminder unless you explicitly swith to the previous mode.

No, my point is when had a pop-up forSaay rtvscan.exe trying to scan or whatever exactly it does I think when Symantec AV Corp 10.0 Server is updating I was getting many Pop-ups so I made it A "Windows Installer application" the Pop-ups Pretty much stopped.

However, in 'Installation Mode" you have said the user should recieve a reminder to disactivte the 'Installation Mode" every 5 minutes

My question is this
Should you recieve this same reminder when you have clicked Remember for an EXE (such as rtvscan.exe)


If so I did not recieve the reminder


Or if as i suspect clicking by clicking remeber you diactivate or bypass the step that creates the remider

svchost.exe itself is safe and could be trusted. But it does host lots of other services that malware processes can exploit. So as long as svchost.exe is protected, which HIPS already protects, there is no threat. However, in Installation Mode, this can be a problem because OLE Automation, can cause svchost.exe to create child processes. In vista there are different scenatios for this. This means, granting those child processes( such as iexplore.exe etc) the same rights. So 5 min reminder will keep bugging the user to switch to the previous mode.

HIPS provides ultimate protection that no AV can provide. The tradeoff for this is the number of alerts which we try to reduce significantly without sacrificing the security. There are more additions in the next bta to cope with these problems.

So this is the same as "Installation mode" and if Remember this is checked than this process maintains these rights

I have not seen the 5 minute reminder mentioned in dicusions about "Installation mode"

AS I mentioned in my post I had applied and remembered this for rtvscan.exe for symantec AV it pretty well  eliminated th pop-up .  I think today I deleted the decided that was to much power to give rtvscan ant deleted the rule.

TO give this right to svchost for windows update could allso open up othe vulnerability as (what do you  think)

then again With the old SPI firewalls without HIPs I was content and imagined with this and AV I cvould feel somewhat safe.

Thanks for the reply

Hi,

When switched to this mode, the child processes of applications treated as "Windows Installer application" will also inherit the same access rights. Unlimited access rights are granted to the applications treated as windows installer. Zero popup. If the installer executes a process, that process may also need such an access right. To be able to do so, the user needs to switch to the installation mode. Child processes upto 3, will be granted the same rights in installation mode.

Egemen


egemen I know you are a very busy man but
Could you clear this up for me I have searched the forums for an answer
and could not find one.  This is something I prefer not have people guess at as of the power of this policy

What is the diference between "Switch to Installation Mode" in "Summery" and selecting "Windows Installer Application" as a securuity policy?

please post your reply in my post below
 
Thanks alot
I have been very impressed with the work you all are doing

OD



You are correct, as far as I can tell.  I have wondered the same thing - what's the difference between Installation Mode and Windows Installer Application?  If one selects that from the popup w/Remember option checked, it creates a hard rule for that application; this rule remains past the installation.

I guess the idea is that you if you have an executable that will be controlling the updates you would set it as an Installer Application (perhaps not much different from Trusted Application??).  However, those rights would not perpetuate to any child processes it spawned.  So if you put it D+ into Installation Mode, this transfers the rights of the parent to the child (up to 3 children).  I didn't really get that until I re-read Egemen's quoted post in yours.  So this would be very handy for software updates where you might normally run into trouble.

Then, if you're just installing a new application, you set the setup package as an Installer Application, and turn on Installation Mode.  The only thing I see there is that you might not want to retain that Installer Application rule, so would have to go back in to delete/remove it.  I'm about to install another app, so I'll pay some more attention to the process.

LM

[attachment deleted by admin]
« Last Edit: October 11, 2007, 08:09:45 AM by Opus Dei »
When things go wrong, and they usually will,and your daily road, seems all uphill, when machines are down,and tempers high, when you try to smile, but can only cry,and you really feel you'd like to quit, don't run to me I don't give a sh*t.
(A semi retired systems analyst's credo)

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: CFP 3.0.9.229 BETA 32-Bit Bug Reports
« Reply #183 on: October 11, 2007, 10:04:57 AM »
OS: Windows XP SP2
AV: Avast

This affects all platforms. It is a minor glitch but please fix it asap.
It is not possible to purge Run an Executable lists in D+ policies Explorer.exe list are quite long it will be a mess to purge if of uninstalled/updated softwares :o
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline kail

  • Randomly Appearing
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11361
  • The future is much like the present, only longer.
    • COMODO's free software!
Re: CFP 3.0.9.229 BETA 32-Bit Bug Reports
« Reply #184 on: October 11, 2007, 12:49:14 PM »
Has anybody else observed (or can reproduce) performance degradation & high CPU in CFP.EXE (not CMDAGENT) when copying data across a LAN, where one or both systems are running CFP?

Different things do happen (in CPU loading & CFPs response time) depending on which system is running CFP (target, source or both), but the result is, in general terms, the same.

PS If testing this, don't let it run too long.. as CFP on the target system seems to take an equal amount of time to recover after the copy is aborted.
My System Details: W10Px64 with CIS 10 Beta, Firefox & Becky!
Forum Policy.
____
The problem is not the problems, the problem is people's attitude towards those problems.

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: CFP 3.0.9.229 BETA 32-Bit Bug Reports
« Reply #185 on: October 11, 2007, 01:32:10 PM »
Has anybody else observed (or can reproduce) performance degradation & high CPU in CFP.EXE (not CMDAGENT) when copying data across a LAN, where one or both systems are running CFP?

Different things do happen (in CPU loading & CFPs response time) depending on which system is running CFP (target, source or both), but the result is, in general terms, the same.

PS If testing this, don't let it run too long.. as CFP on the target system seems to take an equal amount of time to recover after the copy is aborted.

Yep something around these lines. As CIFS is handled using TCP/IP the same problem affect file sharing as well. I've not indexed other posts on the same subject in the unofficial bug-list but some testers suggested that CPU usage is proportional to the throughput.
Can you confirm if disabling V3 Firewal or D+ solve this issue?
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline kail

  • Randomly Appearing
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11361
  • The future is much like the present, only longer.
    • COMODO's free software!
Re: CFP 3.0.9.229 BETA 32-Bit Bug Reports
« Reply #186 on: October 11, 2007, 02:15:39 PM »
Yep something around these lines. As CIFS is handled using TCP/IP the same problem affect file sharing as well. I've not indexed other posts on the same subject in the unofficial bug-list but some testers suggested that CPU usage is proportional to the throughput.
Can you confirm if disabling V3 Firewal or D+ solve this issue?

Ooo errr. OK, this will have to wait until I'm in a position to uninstall CFP on both systems concerned. You'll see why below.

With CFP not running on the Source system & running on the Target system, but with both Firewall & D+ disabled..

Copy in progress, Target system shows moderate CPU usage on both DPCs & System. Copy is canceled, CFP then shows high CPU for a period roughly equal to the initial copying period (similar to the recovery warning I posted about initially).. despite being disabled. CFP on the Target system in non-responsive during the copy & recovery.

I get the impression that a large Copy will take a very, very long time.. But, I've not had the patience (yet) to let it finish.

Not sure about the throughput. That will require more detailed testing.
My System Details: W10Px64 with CIS 10 Beta, Firefox & Becky!
Forum Policy.
____
The problem is not the problems, the problem is people's attitude towards those problems.

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: CFP 3.0.9.229 BETA 32-Bit Bug Reports
« Reply #187 on: October 11, 2007, 06:52:11 PM »
Thanks.
This bug appeared in this beta IIRC V3.0.8 was not affected. Egemen confirmed it will be fixed in the next release.
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: CFP 3.0.9.229 BETA 32-Bit Bug Reports
« Reply #188 on: October 12, 2007, 03:52:49 AM »
OS: Windows XP SP2
AV: Avast

This affects all platforms. It is a minor glitch but please fix it asap.

File submit dialog has a incorrect file filter for sys files. Sys files cannot be selected as there is a selecto for *.SY files
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline Little Mac

  • Forum Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6303
  • The Colonel told me to.
Re: CFP 3.0.9.229 BETA 32-Bit Bug Reports
« Reply #189 on: October 12, 2007, 05:33:49 PM »
OS:  WinXPSP2
AV:  CAVS

Every time there are files to be submitted, it always adds some specific .exe files (for instance, the setup file for CFP 3.0.9.229).  I've removed them countless times, and even added them to "My Safe Files" and yet they continue to return.

Not sure what the deal is.

Also, I think there's a bit of an issue with this approach, as well, which I've come across today.  I tried to run a program (a-squared free) which has been on my computer for some time.  I got a message that it was not a valid win32 application.  No popups, no alerts, no logs.  I finally uninstalled it, and downloaded a new version.  Tried to run the installer, wham!  Not a valid win32 application.

On another computer I was putting together, after a couple reboots, I couldn't open or run anything except CFP.  All systray icons were gone, and every shortcut I clicked yielded a warning that rundll was not a valid win32 application.  No pops, no alerts, no logs.

Once I moved the "files to be reviewed" to the "My Safe Files" everything returned to normal.  The heck of it is, there were rules in D+ for the applications themselves, and in the case of the second computer, the dll should have already been approved as it was a pre-existing Windows component; it was not in the pending files list.

I think this may be related to the "block unknown requests" being checked, but IMO it shouldn't do that if there's already a rule...

LM
These forums are focused on providing help and improvement for Comodo products.  Please treat other users with respect and make a positive contribution.  Thanks.
Forum Policy

Offline lurkingatu2

  • Comodo Family Member
  • ***
  • Posts: 69
Re: CFP 3.0.9.229 BETA 32-Bit Bug Reports
« Reply #190 on: October 12, 2007, 06:01:51 PM »
i doin't know if this has been posted yet  :)

a few times now when i start my pc the comodo tray icon is a black square if i right click
it and exit and restart comodo 3.0.9.229 it looks fine but when i go online it doin't
show the tray animation (the red and green bars going up and down) so i have to restart my
pc then all seems fine



[attachment deleted by admin]
avira antivir pe classic winpatrol counterspy v2.5 superantispyware pro sandboxie spywareblaster zonedout for ie-spyad hostman with mvp hp host file 1.30ghz amd 256 mem xp pro sp2

Offline MFB

  • Newbie
  • *
  • Posts: 6
Cannot See all TABS, Wrong Display
« Reply #191 on: October 12, 2007, 09:56:08 PM »
Hi,

I cannot see the other tabs from the main screen.  I have installed in safe mode and reinstalled in normal.  I still cant see the last 2.  Take note that this only happens to Comodo Firewall Pro. All my apps have no visual layout issues.  Shots here do not change even with min or max window.

Here are some screen shots

[img width= height= alt=ScreenShot008.jpg]http://www.fileden.com/files/2007/10/2/1476862/ScreenShot008.jpg[/img]

[img width= height= alt=ScreenShot007.jpg]http://www.fileden.com/files/2007/10/2/1476862/ScreenShot007.jpg[/img]

[img width= height= alt=ScreenShot006.jpg]http://www.fileden.com/files/2007/10/2/1476862/ScreenShot006.jpg[/img]


« Last Edit: October 12, 2007, 09:59:10 PM by MFB »

Offline com812

  • Newbie
  • *
  • Posts: 5
    • www.euroofer.com
Could you help me, please? Error (Comodo Firewall beta v3.0.9.229)
« Reply #192 on: October 13, 2007, 04:55:39 AM »
Could you help me, please?  (Comodo Firewall beta v3.0.9.229)



Offline grampa

  • Comodo's Hero
  • *****
  • Posts: 392
Re: CFP 3.0.9.229 BETA 32-Bit Bug Reports
« Reply #193 on: October 13, 2007, 05:05:19 AM »
Also, I think there's a bit of an issue with this approach, as well, which I've come across today.  I tried to run a program (a-squared free) which has been on my computer for some time.  I got a message that it was not a valid win32 application.  No popups, no alerts, no logs.  I finally uninstalled it, and downloaded a new version.  Tried to run the installer, wham!  Not a valid win32 application.

Hey,
I got the same alert but in a different situation. I tried to open Presto Page Manager (which I've not yet opened since I installed CFP). Defense+ showed an alert and I pressed "cancel or deny" (gosh, I can't even remember what the button says  :-\) by mistake (without remembering). I then tried to open it again and .... "not a valid win32 application". That is strange! However, after rebooting I tried to open it again, the alert was shown again, I clicked allow and ... it opened without a problem.
Of course, Presto PM couldn't open the first time as I clicked deny but the alert "not a valid win32 app" is quite strange.

What's more (I know I posted it before but maybe s.o. has a workaround for this):
1) Spyware Terminator does not load at startup with Defense+ turned on (no matter which mode). I've allowed everything for this prog in Defense+ but to no avail. Turning of Defense+ helps. ST's loaded at startup without any problems. (ST's HIPS are turned OFF)!

2) When Defense+ is turned on, I cannot launch any programmes from the start menu. I press the start button and the menu pops up. I click 'all programs' and the menu is shown. But in this menu I simply cannot open any subfolder nor can I launch an application. Beats me! Again, turning off Defense+ does the trick.

I'd really like to have Defense+ running. So if you have any ideas how to work around these problems, plz let me know.

Cheers,
grampa.
"It is a mistake to think you can solve any major problems just with potatoes." (Douglas Adams)

Offline zt3000

  • Newbie
  • *
  • Posts: 3
GUI doesnt conform to display DPI settings
« Reply #194 on: October 13, 2007, 01:14:37 PM »
This problem occurs slightly in Beta version 3.08.214 (which is still usable)
BUT
Is really bad in the latest Beta version 3.09.229 (which is not usable).
A previous forum poster complained of same issue.

The reason this problem occurs is because the XP display dpi setting has been changed from 96dpi to a custom setting or to 120dpi. Once the default XP dpi has been changed and a reboot is completed, the screen will show similar to the following:

A long time ago, I believe there was a Borland programming product that had similar problems with GUI scaling issues. Seems like Comodo Firewall is not interfacing properly with the Windows API for screen/font scaling, but is using it's own inherent display API from the programming language used to create the product.

The dpi change in XP can be accessed by; control panel, display, settings, advanced.
Personally I make the dpi change to 115% because the icons/fonts/etc are too small on my 15.4" LCD laptop panel.



[attachment deleted by admin]

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek