Author Topic: CPF 3.0.11.246 RC1 32-Bit Bug Reports  (Read 59853 times)

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #15 on: November 08, 2007, 12:17:59 PM »
This is the fifth beta (now RC1) I'm trying and no success  :THNK
The problem is always the network driver

I'm attaching the diagnostics report. What makes me think is:

[inspect]
Key=No
[Incompatible Software]: No

1. Probably the registry key, for any reason, isn't being able to register. Can anybody guide me how to create it? Seems that I don't have incompatible software.

2. Why the driver is not being detected as signed? (see first picture).

C'mon programmers, this is the 5th release and the same errors continue here... I want Comodo  :THNK

[attachment deleted by admin]
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Memory access errors caused by cfpupdat.exe and cfpsbmit.exe
« Reply #16 on: November 08, 2007, 12:26:48 PM »
I usually receive 3 errors in a row running cfpupdat.exe or cfpsbmit.exe when I attempt a connection using start or submit buttons
I have a P4 HT, My system internet browser is Firefox, OS: XP sp2 32bit, AV: Avast
Since this is very annoying I looked for more info using Dependency Walker

The issue is related to RASAPI32.DLL (Base Address 0x76ea0000)

Using Dependency Walker profiling function I got no error but I noticed that RASAPI32.DLL is loaded only when i press the start or submit buttons...

I guess that something prevents RASAPI32.DLL from loading when Dependency Walker is not used to launch cfpupdat.exe or cfpsbmit.exe

  • The instruction at "0x76ea3cd9" referenced memory at "0x76ea3cd9". That memory could not be "written"(translated)
  • The instruction at "0x76eaa773" referenced memory at "0x76eaa773". That memory could not be "written"(translated)
  • The instruction at "0x76ea32a5" referenced memory at "0x76ea32a5". That memory could not be "written"(translated)



« Last Edit: November 08, 2007, 12:32:45 PM by gibran »
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline pykko

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 558
    • Intr-o lume plina de virusi, ai un prieten
Re: Directx Keylogger Vulnerability
« Reply #17 on: November 08, 2007, 01:12:03 PM »
Keylogger test still a problem in RC1.

Ref: Here

Al

This happens here too. :(
Running on AMD Athlon 1000 MHz
Windows XP SP2
Antivirus: Avira AntiVir Security Suite (without firewall)

Offline icecube1010

  • Comodo Family Member
  • ***
  • Posts: 90
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #18 on: November 08, 2007, 01:49:07 PM »
Hi Comodo

Pretty serious problem encountered here.  Started with the last Beta and is in this current RC1.
The install goes fine without a hitch, after the re-boot cmdagent.exe sits at 100% cpu for a very long time over 10mins.  CPU, fans etc screaming at me to stop this process.  Defense + was showing all the processes it was learning but the computer was unusable.
 
I'm sorry that I didn't report this sooner but here are the specs:

HP laptop
Win XP SP2
CPU Type   Mobile DualCore Intel Core Duo T2400, 1833 MHz (11 x 167)
System Memory   1015 MB  (DDR2-533 DDR2 SDRAM)

Comodo BoCLean 4.25
Avira AntiVir PE Classic

With the other Beta's, I never had this sort of problem.  Let me know if you need anything else.  If you need a log of some sort, I would need to re-boot into safe mode and get that file over to you guys.

Thanks
Al 




Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #19 on: November 08, 2007, 02:19:46 PM »
Hi Comodo

Pretty serious problem encountered here.  Started with the last Beta and is in this current RC1.
The install goes fine without a hitch, after the re-boot cmdagent.exe sits at 100% cpu for a very long time over 10mins.  CPU, fans etc screaming at me to stop this process.  Defense + was showing all the processes it was learning but the computer was unusable.
 

Please uninstall BOclean and report if it solve that issue.
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
RST packets blocked in V3 Log
« Reply #20 on: November 08, 2007, 02:47:28 PM »
I have a P4 HT, My system internet browser is Firefox, OS: XP sp2 32bit, AV: Avast

Log enties for System idle process and ashwebSv blocking inbound tcp traffic from Port 80.
blocked IP included traffic from Comodo, opera, and avast owned IPs.

I have no global rule to allow http inbound traffic.

Wireshark Traffic analysis showed that these are RST packets and some of them are not blocked (no log entry)

Does this mean that V3 is actually blocking RST Packets?
« Last Edit: November 08, 2007, 02:50:56 PM by gibran »
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Ftp Client Policy "Allow Incoming FTP-DATA Requests" rule error
« Reply #21 on: November 08, 2007, 03:02:39 PM »
Ftp Client Policy "Allow Incoming FTP-DATA Requests" rule is incorrect.

The rule is ALLOW TCP IN From Destination Port 20 BUT it should be ALLOW TCP IN From Source Port 20 In order to Allow Active FTP transfers.

Passive Ftp needs only the Outgoing Only predefined ruleset.
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline icecube1010

  • Comodo Family Member
  • ***
  • Posts: 90
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #22 on: November 08, 2007, 03:19:23 PM »
Hi Gibran

thanks for responding so quickly.  No, it didn't make a difference if BOClean was installed or not.  I had tried to install it with just Avira AntiVi PE first and the cmdagent.exe was at 100%.  I then uninstalled it and installed BOClean.  I re-installed and the cmdagent.exe was at 100%.  I had the same problem with the previous Beta.  One thing I forgot to mention.  I running a wrapper program that simulates a Vista look over the XP shell.  Its called Bricopack Vista. 

Any other ideas?

thanks
Al

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #23 on: November 08, 2007, 03:57:07 PM »
Hi Gibran

thanks for responding so quickly.  No, it didn't make a difference if BOClean was installed or not.  I had tried to install it with just Avira AntiVi PE first and the cmdagent.exe was at 100%.  I then uninstalled it and installed BOClean.  I re-installed and the cmdagent.exe was at 100%.  I had the same problem with the previous Beta.  One thing I forgot to mention.  I running a wrapper program that simulates a Vista look over the XP shell.  Its called Bricopack Vista. 

Any other ideas?

thanks
Al

There were compatibility issues reported with BOC.
Another tester had a 100% loading issue with NOD and solved it adding all V3 files to the exclude list but if I remember correctly it was an issue on Nod side.
There is no solution other than uninstalling possibly conflicting softwares to find the culprit. Then Devs can use this info to find a solution.

You can disable all startup apps using MSconfig (leave only CPF.exe) and see if there are any changes.
If this works you can enable those apps until you find the culprit.
Another thing you can test is adding your AV files  to truted apps.
« Last Edit: November 08, 2007, 04:02:50 PM by gibran »
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #24 on: November 08, 2007, 04:57:39 PM »
This is the fifth beta (now RC1) I'm trying and no success  :THNK
The problem is always the network driver

I'm attaching the diagnostics report. What makes me think is:

[inspect]
Key=No
[Incompatible Software]: No

1. Probably the registry key, for any reason, isn't being able to register. Can anybody guide me how to create it? Seems that I don't have incompatible software.

2. Why the driver is not being detected as signed? (see first picture).

C'mon programmers, this is the 5th release and the same errors continue here... I want Comodo  :THNK

Hi,

Do you select install option when that dialog appears? you should select install driver otherwise it will not be able to install the driver.

Egemen

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: Directx Keylogger Vulnerability
« Reply #25 on: November 08, 2007, 05:02:10 PM »
This happens here too. :(
Running on AMD Athlon 1000 MHz
Windows XP SP2
Antivirus: Avira AntiVir Security Suite (without firewall)

Hi Guys,

Yes this happens with the introduction of the experimental default policy which allows all the applications to set hooks if the hooks are in windows system32 directory.

To fix the issue temporarily : Open Computer Policy

Double Click on "All Applications"

Click on Access Rights

Click on Modify button of Windows/Winevent Hooks

In Allowed Hooks window, you will see the entry %windir%\system32\*.dll

Just change it to %windir%\system32\msctf.dll

And press apply untill all the dialogs are closed.

Restart your PC and then it should be detected.

We will modify the default policy to deal with these issues with the next RC.
Thx for the feedback,

Egemen

Select

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #26 on: November 08, 2007, 05:03:50 PM »
Thank you all for the testing. We will fix the bugs you clearly identified in the previous messages.

E

Offline AnotherOne

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 716
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #27 on: November 08, 2007, 08:03:22 PM »
WinXP MCSE SP2 & updates; BOclean, Firefox, Thunderbird (no other anti-malware currently) on an AMD 3800 X2 in an HP a1520n with a ATI All-in-wonder 2006 video card.  The Defense+ window of the interface has a problem:  the "Browse" button in the "My Protected Files:Add" dialog does not give me a directory listing.  It only gives me the contents of my Desktop.  I cannot browse to the directory of files that I want to add to this list.  The same is true for "My Own Safe Files" and "Advanced>Image Execution Control>Files to Check>Add:Browse".  The other entries give me a file listing that I can use to select files from.  This was noted in the last beta also, but only a day or so before this RC1 version came out.
« Last Edit: November 08, 2007, 08:06:04 PM by AnotherOne »
What do you mean, my shoes are on the wrong feet???  These are the only feet I've got!

Offline AnotherOne

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 716
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #28 on: November 09, 2007, 12:35:35 AM »
Just found what looks like a serious deficiency.  I wanted to protect a key under HKLM\Security\Secrets that has embedded nulls.  I opened the "My Protected Registry" dialog and went to Add:Registry Keys and navigated to the HKLM\Security key and guess what - there are no sub-keys listed.  It seems that the registry hive used is only the default Administrator profile hive.  I don't use that log-on normally for admin rights, so the registry keys that I normally invoke on bootup are not covered in the Protected Registry keys portion.  I believe that it is possible to combine hive keys in a unified registry for editing and that needs doing.  I was really intending to test whether the protection could be applied to keys with embedded nulls - which are difficult for some programs to read, but this is a more basic problem.
What do you mean, my shoes are on the wrong feet???  These are the only feet I've got!

Offline JJasper

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1655
"Firewall Events" not showing up until "more" is clicked.
« Reply #29 on: November 09, 2007, 01:09:12 AM »
Hello

Computer information
XP Pentium D 3GHz 1Gb Ram
Operating System information (OS version and Service Packs)
XP Home SP2
Actively-running security and utility applications
CAVS, CFP, BOC, CMG  - No conflicts
Specific symptoms of the bug, and steps you can take to reproduce it.

When I go to "View firewall events" there is nothing listed until I go to "more".  There under "today" are the events I should be seeing on the first page.

Specific steps you have taken to try to resolve it.
None

Installation went perfectly along with uninstall of 3.0.10.  Very quiet after initial D+ learning.  Solid and low on resources.

Thanks Comodo Team

John

« Last Edit: November 09, 2007, 01:11:18 AM by JJasper »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek