Author Topic: CPF 3.0.11.246 RC1 32-Bit Bug Reports  (Read 62396 times)

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #75 on: November 13, 2007, 06:33:27 AM »
Hi,

Do you select install option when that dialog appears? you should select install driver otherwise it will not be able to install the driver.

Egemen
For sure I've tried to install the driver regardless of Windows message.
That is what bothers me... what else can I do?
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Gharkh

  • Guest
D+ mode
« Reply #76 on: November 13, 2007, 06:35:39 AM »
can't tell if that's a bug or not. I just wanted to gave a try to the Def + "paranoid" mode and deleted everything previously recorded in the Computer Security Policy. I then restarted the computer and guess what, although Def+ started to pop up many alerts, which was expected, still many things were automatically learnt. That means that the "paranoid" mode doesn't completely ignore the predefined CFP safe list, for some reasons, or that there's a bug ...
 The benefit of the "paranoid" mode is at least that AVG anti-virus rules being not automatically learnt anymore, you get rid of the issue of rules not being remembered at all and learnt again at each computer restart in "Clean PC" mode (for AVG only in my case).

Programs still being learnt (once for all) in "paranoid" mode are mostly startup programs like ATI Control center etc...HP printer status icon, Windows Defender... I'm running Windows XP Sp2.
« Last Edit: November 13, 2007, 08:45:15 AM by Gharkh »

Offline malbeth

  • Comodo Family Member
  • ***
  • Posts: 54
Re: CFP V3 can't completely pass "AKLT" keylogger test
« Reply #77 on: November 13, 2007, 07:00:07 AM »
When D+ is properly configured to block AKLT.exe, none of the tests get through RC1 under XP Pro SP2.

BUT WHY IN THE NAME OF 9 FRIGGING HELLS RC1 SHIPS WITH AKLT.EXE IN WHITELIST IS BEYOND MORTAL MAN'S REASON

EDIT: above only applies to the aklt.exe version attached to the original post here. Downloaded the latest one from author's site and things are working differently... give me a mo...

EDIT2: ok, so v.2.5 is as of yet unknown to Comodo :P So I got the prompts. I have to admit though that about each and every program I run tries to access screen and keyboard directly. Now only the directx test fails, even though I get a prompt for 'Service Control Manager' and block it. The '*' D+ rule doesn't have any hooking rights included, too.
Also, it seems that D+ returns 'ERROR_SUCCESS' to applications when blocking hooking attempts :P
« Last Edit: November 13, 2007, 07:16:44 AM by malbeth »

Offline SpookyET

  • Newbie
  • *
  • Posts: 18
    • Studio Industry
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #78 on: November 13, 2007, 08:27:46 AM »
 It should not be in the whitelist, but it also should not be in the blacklist. The point of leak tests is to check if the HIPS/Firewall blocks the behaviour of the leaktest program, not the program itself. That way, one knows that if there is malware that uses the same technique, it will be blocked.

Offline ubuntu

  • Comodo Member
  • **
  • Posts: 45
VPN Connection Problem?
« Reply #79 on: November 13, 2007, 08:58:53 AM »
Hello

It's a XP/SP2 box and PPTP VPN Client, It works well  with Comodo 2.4 default ruleset (Allow GRE Outgoing).

When using Comodo V3 RC1, I added a global rule for GRE,but VPN Server returned passward verify errors.:
Allow IP Out Source Any Destinaiton Any IP Details GRE

Firewall Events show me "system Idle Process GRE outgoing is Blocked"
I add a Application rule allow system Idle Process GRE outgoing, and all work fine.

I think it's a bug, a normal user shouldn't need add system Idle Process rules. It's a Pseudo process. :THNK

regards
« Last Edit: November 13, 2007, 09:03:17 AM by ubuntu »
Whereof one cannot speak  thereof one must be silent
Comodo Firewall - The Hackers' Choice

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Firewall rules autolearning Issue
« Reply #80 on: November 13, 2007, 09:14:59 AM »
I have a P4 HT, My system internet browser is Firefox, OS: XP sp2 32bit, AV: Avast Other security: Comodo Memory Guardian 1.6beta

I run V3 Firewall using Train with safe Mode. I use Default Low alert Frequency setting

Here it is the issue.

System process rule is changed by the V3 autolearn. This time System learned an unresrticted Outboud IP rule in respose to a Netbios connection to the intenet >:(
In theory incoming netbios requests should be dropped by my router but obviously something went wrong as my PC attempted this connection and my souter didn't block it  ???

I can still enforce protection using the Global rules but this was totally unespected.

Since it should be trivial please add an otpion to disable autolearning in each Application Network control rule (maybe a D+ equivalent is a good option).
Plus an optional way to disable autolearning using a My pending file list like feature would be a great addition to both firewall and D+.

"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Gharkh

  • Guest
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #81 on: November 13, 2007, 10:06:20 AM »
after I decided to uninstall CFP 3.0 SP1 (under XP SP2), (just to reinstall it and make sure I get the default configuration again), I rebooted, and when launching the setup process I got a crash. That's happened a couple of times before already in the same conditions. Got to reboot again to get the setup run. I couldn't attach the dmp file found in my temp folder as it was locked during the windows alert, and automatically deleted when the alert was closed.

[attachment deleted by admin]

Offline Searinox

  • Comodo's Hero
  • *****
  • Posts: 537
  • Do you like fire? I'm full of it.
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #82 on: November 13, 2007, 10:28:36 AM »
after I decided to uninstall CFP 3.0 SP1 (under XP SP2), (just to reinstall it and make sure I get the default configuration again), I rebooted, and when launching the setup process I got a crash. That's happened a couple of times before already in the same conditions. Got to reboot again to get the setup run. I couldn't attach the dmp file found in my temp folder as it was locked during the windows alert, and automatically deleted when the alert was closed.
In "error report contents", you may select the entire(ctrl+A) text and press ctrl+insert or ctrl+C to copy it. Then once you're back to windows open a notepad and press either shift+insert or ctrl+V to paste it there. Save the text document and upload it to the forums. That way you provide the full report.

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #83 on: November 13, 2007, 10:30:18 AM »
after I decided to uninstall CFP 3.0 SP1 (under XP SP2), (just to reinstall it and make sure I get the default configuration again), I rebooted, and when launching the setup process I got a crash. That's happened a couple of times before already in the same conditions. Got to reboot again to get the setup run. I couldn't attach the dmp file found in my temp folder as it was locked during the windows alert, and automatically deleted when the alert was closed.


please launch drwtsn32.exe and look for the log file path that folder usually contain a log that contain all crash reports.
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Gharkh

  • Guest
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #84 on: November 13, 2007, 10:49:44 AM »
forgot bloody Watson  (:LGH) haven't got the time to reproduce that now, may be another day (:NRD)

Offline Searinox

  • Comodo's Hero
  • *****
  • Posts: 537
  • Do you like fire? I'm full of it.
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #85 on: November 13, 2007, 11:59:46 AM »
I was reading the help on windows update(patch tuesday issues) and I clicked the link to see the description for what they call an "update"(it opens the IE online page on their site). Help froze. I started it again and clicked details again and yes it froze again. I said okay and closed it again and opened FireFox, browsed a little, then I closed it. Seconds later I got the popup asking me to allow HelpPane.exe to access mshtml.dll. TWO popups, one for each incident. It had been an hour and I'm lucky to have even realised what it was referring to after all that time LOL.
« Last Edit: November 13, 2007, 12:01:23 PM by Searinox »

Offline Stylus

  • Newbie
  • *
  • Posts: 23
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #86 on: November 13, 2007, 01:29:56 PM »
after I decided to uninstall CFP 3.0 SP1 (under XP SP2), (just to reinstall it and make sure I get the default configuration again), I rebooted, and when launching the setup process I got a crash. That's happened a couple of times before already in the same conditions. Got to reboot again to get the setup run. I couldn't attach the dmp file found in my temp folder as it was locked during the windows alert, and automatically deleted when the alert was closed.

Hi Gharkh

This was similar to my problem when I tried to run the installation from a drive other than drive C:  If this is what you have done, try copying install file to drive C: and trying again.  Hope this may help.
(See reply 31)

Gharkh

  • Guest
Re: CPF 3.0.11.246 RC1 32-Bit Bug Reports
« Reply #87 on: November 13, 2007, 02:13:31 PM »
Hi Gharkh

This was similar to my problem when I tried to run the installation from a drive other than drive C:  If this is what you have done, try copying install file to drive C: and trying again.  Hope this may help.
(See reply 31)

Hi Stylus,

thanks for the answer. But as it's happened before, some extra-cleaning of temp folders and a reboot solved the problem. Just wanted to add that i didn't reinstall because of a broken installation. Everything run just fine but I just wanted to have a closer look at the default configuration and I didn't have a backup. No big deal. That's what some people (not you Stylus) call messing with the program, lol.

Offline AnotherOne

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 716
Registry problem
« Reply #88 on: November 13, 2007, 07:13:09 PM »
I use AVG antivirus, and it writes to the Eventlog registry key on every bootup.  Now whenever it does that, there is a "Comodo Firewall is Learning" pop-up and a fresh rule is generated for that alert.  This happens every time, and there are two possible sources of this fault.  First, the path that is shown and logged in the rule that is created has a ~ in the path name.  To try to fix the problem, I deleted all the rules relating to this event and added one that included the proper path.  I included the registry access right for the HKLM\System\Control Set 0004\Services\EventLog* key.  On rebooting, the "Learning..." pop-up showed again and a bunch of rules were entered into the "Computer Security Policy" list.  Now either this is due to the ~ in the path name, or it is due to the use of the Administrator hive for writing access/protection/restriction rules for the registry.  As I noted before, I use a different admin account (not the default) to log onto.  If the Administrator hive is the only registry hive referenced in the CFP rules, it will not protect or allow access to any of my registry keys.
What do you mean, my shoes are on the wrong feet???  These are the only feet I've got!

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: Registry problem
« Reply #89 on: November 13, 2007, 07:24:07 PM »
I use AVG antivirus, and it writes to the Eventlog registry key on every bootup.  Now whenever it does that, there is a "Comodo Firewall is Learning" pop-up and a fresh rule is generated for that alert.  This happens every time, and there are two possible sources of this fault.  First, the path that is shown and logged in the rule that is created has a ~ in the path name.  To try to fix the problem, I deleted all the rules relating to this event and added one that included the proper path.  I included the registry access right for the HKLM\System\Control Set 0004\Services\EventLog* key.  On rebooting, the "Learning..." pop-up showed again and a bunch of rules were entered into the "Computer Security Policy" list.  Now either this is due to the ~ in the path name, or it is due to the use of the Administrator hive for writing access/protection/restriction rules for the registry.  As I noted before, I use a different admin account (not the default) to log onto.  If the Administrator hive is the only registry hive referenced in the CFP rules, it will not protect or allow access to any of my registry keys.

This was an issue reported in the previous version. It seem it has not completely disappeared.  :(
I can confirm that with avast I no longer have this issue.

Hi Guys,

No this is related to shortpath name conversions. I believe this should be happening during the booting.

We will try to fix it.

Thx for the feedback,

Egemen
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek