Author Topic: CPF 3.0.11.246 RC1 32-Bit Bug Reports  (Read 62374 times)

Offline rogerval

  • Newbie
  • *
  • Posts: 8
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #120 on: November 17, 2007, 03:38:43 AM »
Greetings,
I'm still new to this firewall, but when I tried Gibson Research leaktest.exe it managed to penetrate the firewall's defences, even though I'd specifically defined it as a "blocked application" and said "no" to any requests the firewall alerted me to.
This doesn't sound right to me.
Both the firewall and proactive defence are set to "training with safe mode".
Kind regards,
Roger V.
(XP Home with SP2 and all security patches, PIII processor with 448MB ram; NOD32 antivirus version 3 installed; IE7 web browser.)
"The journey of a thousand miles begins with a broken fan belt and a flat tyre." (anon.)

fOrTy_7

  • Guest
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #121 on: November 17, 2007, 04:29:29 AM »
Greetings,
I'm still new to this firewall, but when I tried Gibson Research leaktest.exe it managed to penetrate the firewall's defences, even though I'd specifically defined it as a "blocked application" and said "no" to any requests the firewall alerted me to.
This doesn't sound right to me.
Both the firewall and proactive defence are set to "training with safe mode".
Kind regards,
Roger V.
(XP Home with SP2 and all security patches, PIII processor with 448MB ram; NOD32 antivirus version 3 installed; IE7 web browser.)

I tested this and firewall blocks this leaktest if it's set properly. You have to switch firewall to 'Custom  Policy Mode' or 'Train with Safe Mode'. The 'Trainig Mode' learns all connection attempts you make and saves it in 'Network Security Policy / Application Rules'. Maybe it would be better if 'Training Mode' would be renamed to 'Learn All Mode'. I see that not everyone read the descriptions.

During this test I noticed another bug.
Before I started messing with my firewall settings to verify this 'leak' I exported the firewall's configuration to a file using bulid-in option in 'Miscellaneous / Manage My Configurations'. CFP informed me that 'The configuration has been exported successfully' , but when I tried to restore my configuration nothing was restored. All changes I made after exporting the configuration were still there, although CFP stated that 'The configuration has been imported successfully'.

BTW, it would be useful if there would be some progress bar added to the import/export operation. Now it looks like CFP just hangs for a few seconds.
« Last Edit: November 17, 2007, 04:39:27 AM by fOrTy_7 »

Offline rogerval

  • Newbie
  • *
  • Posts: 8
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #122 on: November 17, 2007, 05:44:58 AM »
Hi,
Actually, I did have the firewall set to "train with safe mode" (and I double checked this), as you'll see from my original post.  :)
I've since tried using "Custom Policy Mode", and now Windows reports that LeakTest.exe is not a valid Win32 application... unless I disable the Proactive Defence.  ??? Then LeakTest.exe runs, and penetrates the firewall, even though it's been set as a "blocked application".
It all still seems a little unusual to me, but if that's how Proactive Defence works (IE: by making Windows declare the blocked application "not a valid Win32 application"), well, that's still doing the job I suppose.
But it definitely didn't block it when I originally had the firewall and proactive defence in "train with safe mode" before I made my last post.
(I hope I haven't missed something really obvious.  88) I don't think so.)
Kind regards,
Roger V.  ;D

"The journey of a thousand miles begins with a broken fan belt and a flat tyre." (anon.)

Offline Searinox

  • Comodo's Hero
  • *****
  • Posts: 537
  • Do you like fire? I'm full of it.
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #123 on: November 17, 2007, 08:00:00 AM »
I am having a bug that has struck only twice so far. When I click on the "export" or "import" buttons nothing happens, the window does not appear. Shutting down CFP does not solve the problem. Closing explorer.exe does not do it either. All other programs are able to pop up folder browsing windows. A restart is required. :(
« Last Edit: November 17, 2007, 09:39:51 AM by Searinox »

Offline snusa

  • Newbie
  • *
  • Posts: 13
Re: CPF 3.0.11.246 RC1 Application ERROR TERMINATES FIREWALL
« Reply #124 on: November 17, 2007, 11:16:34 AM »
Here's the snippet of the crash.  (Vistsa Ultimate)

I was logged in as std user, and switched (logged on) to an Admin account.
I did this because there was a pending temporary file (in the admin ie temp. directory) I tried to move into a safe file.  (was a large MS download file for office 2007.)  When I went to try and move it, it indicated it could not and that it already appeared to be listed in the approved list.  (Which it was not.)  I assumed I needed to  log on as admin to move it...

I after logging on as an admin, I still received same error, so I ran purge under admin.  System purged the item in the list because it apparently was not actually there in the first place.  (Don't know why CPF3 thought it was?)

Anyways... After logging of the admin account and switching back to the standard account..... BLAMMMO.....  Here is the error returned when CPF3 RC1 terminated....

Forgot to mention hardware info...

System: Lenovo t61p core2-duo w/2gig ram... New & clean.
Using ESET Nod32 v3 AV.  (Seems to work great with CFW3)
Vista Ultimate - Ho-Hum.....

[attachment deleted by admin]
« Last Edit: November 18, 2007, 10:33:36 AM by snusa »

Offline JJasper

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1655
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #125 on: November 17, 2007, 11:29:38 AM »
Greetings,
I'm still new to this firewall, but when I tried Gibson Research leaktest.exe it managed to penetrate the firewall's defences, even though I'd specifically defined it as a "blocked application" and said "no" to any requests the firewall alerted me to.
This doesn't sound right to me.
Both the firewall and proactive defence are set to "training with safe mode".
Kind regards,
Roger V.
(XP Home with SP2 and all security patches, PIII processor with 448MB ram; NOD32 antivirus version 3 installed; IE7 web browser.)

Hello rogerval

Here is what happened to me with GRC's Leak test.  I had it downloaded in my program files and when I installed CFP RC1 it learned all my programs and verified that they were all safe.  Therefore when I tested with Leak Test, it bypassed the firewall. 

Be sure that if you have Leak Test downloaded that you change its rule to block in network security policy.

John

Offline rogerval

  • Newbie
  • *
  • Posts: 8
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #126 on: November 17, 2007, 03:40:05 PM »
Hello rogerval

Here is what happened to me with GRC's Leak test.  I had it downloaded in my program files and when I installed CFP RC1 it learned all my programs and verified that they were all safe.  Therefore when I tested with Leak Test, it bypassed the firewall. 

Be sure that if you have Leak Test downloaded that you change its rule to block in network security policy.

John

Hi John,
Actually, I did have a rule for LeakTest.exe in network security policy, and it was and still is set to block and log all requests.  :)
Here's what happened when I tried LeakTest again this morning:
Firstly, CFP warned me that Explorer was trying to run LeakTest, so I let it run. (Otherwise, how could I run the test?)
Then, when I clicked on the "Test for leaks" button, I got a message saying: "leaktest.exe is trying to access ctrmon.exe in memory. What would you like to do?" and I responded with "block this request".
Then I clicked on the CFP window OK button, and clicked on the leaktest "test for leaks" button again.
This brought up a message from leaktest saying "firewall penetrated".
At no point was there a message "leaktest.exe is trying to access the internet" or anything like that, which is the kind of message I'd get from an opposition firewall. (Ok, I'll fess up, I've been using ZA for a long time.  ;) )
So, why does Leaktest manage to sneak out the back door?  ???
Kind regards,
Roger V.   :)
"The journey of a thousand miles begins with a broken fan belt and a flat tyre." (anon.)

Offline Searinox

  • Comodo's Hero
  • *****
  • Posts: 537
  • Do you like fire? I'm full of it.
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #127 on: November 17, 2007, 04:04:21 PM »
Someone should bring this discussion to the attention of the devs who are thinking of releasing CFP 3 within 3 days...

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #128 on: November 17, 2007, 04:06:54 PM »
Hi John,
Actually, I did have a rule for LeakTest.exe in network security policy, and it was and still is set to block and log all requests.  :)
Here's what happened when I tried LeakTest again this morning:
Firstly, CFP warned me that Explorer was trying to run LeakTest, so I let it run. (Otherwise, how could I run the test?)
Then, when I clicked on the "Test for leaks" button, I got a message saying: "leaktest.exe is trying to access ctrmon.exe in memory. What would you like to do?" and I responded with "block this request".
Then I clicked on the CFP window OK button, and clicked on the leaktest "test for leaks" button again.
This brought up a message from leaktest saying "firewall penetrated".
At no point was there a message "leaktest.exe is trying to access the internet" or anything like that, which is the kind of message I'd get from an opposition firewall. (Ok, I'll fess up, I've been using ZA for a long time.  ;) )
So, why does Leaktest manage to sneak out the back door?  ???
Kind regards,
Roger V.   :)

Please delete the old rule and create a new one ysing V3 Alerts.
I managed to pass the tests everytime
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline JJasper

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1655
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #129 on: November 17, 2007, 04:12:51 PM »
Please delete the old rule and create a new one ysing V3 Alerts.
I managed to pass the tests everytime

That's good advice.  I have been trying to duplicate your results and mine have been passing everytime as well.

John

Offline Sutebe

  • Newbie
  • *
  • Posts: 9
Comodo Blocking Windows Update
« Reply #130 on: November 17, 2007, 06:01:13 PM »
hello, comodo is definitely blocking windows update from isntalling my definition update from windows defender. Its weird because it worked for another update seconds ago, however now It wont let me install at all. I know its comodo because as Windows Update says "Installing blah blah" the number of comodo blocked attempts goes up by about 60. Is there any information as to why it would be doing this? It does it in install mode as well as normal mode.

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: Comodo Blocking Windows Update
« Reply #131 on: November 17, 2007, 06:40:50 PM »
hello, comodo is definitely blocking windows update from isntalling my definition update from windows defender. Its weird because it worked for another update seconds ago, however now It wont let me install at all. I know its comodo because as Windows Update says "Installing blah blah" the number of comodo blocked attempts goes up by about 60. Is there any information as to why it would be doing this? It does it in install mode as well as normal mode.
please export you D+  log and post it here.
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline Sutebe

  • Newbie
  • *
  • Posts: 9
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #132 on: November 17, 2007, 07:04:29 PM »
im not sure how to do that sorry. I just wound up uninstalling it for the time being, I'm just going to wait for the non RC version of it to be released and hope to not have any problems with that. It kept blocking svchost... it also seemed slightly touchy on the file validation thing. everytime I installed soemthing I had to validate a ton of files, half of which were already in my safe files list so I had to click ok at the "this file is already in your safe applications" dialog over a hundred times O.o

here is the info for your own records:
    * Affected Software information - Windows update
    * Operating System information - Windows Vista Home Premium
    * Actively-running security and utility applications - AVG Anti Virus(comodo also prevents this listing in windows security center as my active anti virus) AVG Anti Spyware, IOBit SmartDefrag
    * Specific symptoms of the bug, and steps you can take to reproduce it. - While attempting to install a Windows defender definitions update the update fails and i get error code  80070005 (access denied/permissions error). Any further attempts to "install again" also failed
    * Specific steps you have taken in attempt to resolve it. - Uninstalled COMODO until  final version
« Last Edit: November 17, 2007, 07:19:13 PM by Sutebe »

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #133 on: November 17, 2007, 07:09:25 PM »
im not sure how to do that sorry. I just wound up uninstalling it for the time being, I'm just going to wait for the non RC version of it to be released and hope to not have any problems with that. It kept blocking svchost... it also seemed slightly touchy on the file validation thing. everytime I installed soemthing I had to validate a ton of files, half of which were already in my safe files list so I had to click ok at the "this file is already in your safe applications" dialog over a hundred times O.o

It seems you hadd issues with the install mode.
But the other part I guess you are refferring to My pending list.
If so you had to click the All? column header to select all new files in one time. Moving one file at time to the safelist. No one will evere want to do that :o
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline Sutebe

  • Newbie
  • *
  • Posts: 9
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #134 on: November 17, 2007, 07:12:03 PM »
Correct it was the my pending list... also I updated my post above per your request.

And no, I used the All header, however for alot of the entries it said something to th effect of cannot move to trusted list, entry already exists, or something to that effect, and it would pop that up for 80% of the items in the pending list, which i find VERY odd because if they were already in the trusted list why would my "administrative authorization" be needed?

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek