Author Topic: 3.0.25.378 Incorrectly Identifies Applications, Resulting in Wrong Rules [Merged]  (Read 78532 times)

Offline Micc

  • Newbie
  • *
  • Posts: 9
Re: CF identify applications wrong (3.0.25.378 XP SP2 x32)
« Reply #15 on: July 03, 2008, 09:17:05 AM »
Have you tried restarting your computer and seeing if the problem persists?

Restarting my laptop doesnt help. The problem occur every day. I use cf since 10.05.08.

I think the problem start after the first time running the application that start the application "C:\Program Files\Connect.exe".

At this moment i have no problems, because i run cf mode: disabled...i hope the bug get fixed soon or i must look for a other fireewall :-(

Offline habanero

  • Newbie
  • *
  • Posts: 20
Re: Wrong App Rule used
« Reply #16 on: July 03, 2008, 11:53:38 PM »
I did post in bug reports at http://forums.comodo.com/bug_reports/application_rules_getting_confused_wrong_rules_applied-t24433.0.html.  Is there anything else I can do?

Habanero

Offline Micc

  • Newbie
  • *
  • Posts: 9
Re: Wrong App Rule used
« Reply #17 on: July 04, 2008, 04:41:48 AM »

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13543
  • Retired - Volunteer Moderator
Re: CF identify applications wrong (3.0.25.378 XP SP2 x32)
« Reply #18 on: July 04, 2008, 04:26:29 PM »
what a strange place for an executable, are you sure the connect.exe is legit and needs to be on you system ? sitting in c:\program files\ ? i've had these "mistakes" before but with different program's not always the same.
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline Micc

  • Newbie
  • *
  • Posts: 9
Re: CF identify applications wrong (3.0.25.378 XP SP2 x32)
« Reply #19 on: July 05, 2008, 07:05:29 AM »
what a strange place for an executable, are you sure the connect.exe is legit and needs to be on you system ? sitting in c:\program files\ ?

Don't worry, me, myself and i moved the app from "C:\Program Files\Router\" to "C:\Program Files\". Just for testing how CF is acting after this action ;)

...and what happen after moving the app? CF dont recognized that i moved the app and always show the same wrong app with the old path! How is it possible that CF identify a wrong app and this app doesnt exist at this path/folder, not really funny for a security apllication like CF!

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13543
  • Retired - Volunteer Moderator
Re: CF identify applications wrong (3.0.25.378 XP SP2 x32)
« Reply #20 on: July 05, 2008, 12:35:05 PM »
Did you try to remove the rules Firewall/D+ for the connect.exe and see what happens after a reboot ?
What kind of application is this, because it looks like some kind of intercepting proxy to sit between you browser/email and the outgoing connection ?! like a virus scanner would do, that way it's just normal behavior to use the process and build the firewall rules based on the app making the call to the socket. if you do a telnet to a web server does it also prompt for connect.exe to connect to that site ? [cmd, telnet www.website.com 80] you should get a blinking cursor on the left top.
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline Micc

  • Newbie
  • *
  • Posts: 9
Re: CF identify applications wrong (3.0.25.378 XP SP2 x32)
« Reply #21 on: July 06, 2008, 05:07:22 AM »
Did you try to remove the rules Firewall/D+ for the connect.exe and see what happens after a reboot ?

Yes, i removed the rules for connect.exe but CF start asking me again for the wrong application. But dont forget, CF dont ask me everytime for this application when i use a application that have defined rules. I dont know what CF makes confused to ask me sometimes for the wrong app..

Quote
What kind of application is this, ...

A tool of my router to reconnect the internet connection.

Quote
[cmd, telnet www.website.com 80]

CF ask me for a outgoing connection of telnet

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13543
  • Retired - Volunteer Moderator
Re: CF identify applications wrong (3.0.25.378 XP SP2 x32)
« Reply #22 on: July 06, 2008, 01:52:15 PM »
That's absolutely true, see also:

https://forums.comodo.com/empty-t24202.0.html
https://forums.comodo.com/empty-t23793.0.html

There is something wrong sometimes (can't reproduce it...) with the recognition of the started program.

But the connect.exe sounded suspicious to me, being known to be used by malware and located in \program files\
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13543
  • Retired - Volunteer Moderator
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

soyabeaner

  • Guest
Re: Application Rules Getting Confused - Wrong Rules Applied
« Reply #24 on: July 06, 2008, 04:06:20 PM »
Maybe a mod can merge these ?

yes.

Offline Micc

  • Newbie
  • *
  • Posts: 9
Re: CF identify applications wrong (3.0.25.378 XP SP2 x32)
« Reply #25 on: July 07, 2008, 09:09:15 AM »
One minute ago i started "MS Internet Hearts" (have rules defined) and CF tell me that the app "avast.setup" want connect to the internet. After closing and restarting Hearts many times everything works correct and CF dont ask for the wrong application...nice bug :(

Offline Jorgosch

  • Comodo Loves me
  • ****
  • Posts: 114
Same problem here... occasionally I start Emule or utorrent and CFP identifies the process as "updater.exe" from my Avira AV Suite.

Offline habanero

  • Newbie
  • *
  • Posts: 20
Any news from the developers about this bug?  It still randomly occurs on both my machines about 1x or 2x a day.  I don't want to try another firewall, as I've really got used to Comodo.

Thanks,

Habanero

Offline gpnx

  • Comodo Member
  • **
  • Posts: 27
Well, i belive this happens because comodo don't use hash values to associated the exe with the policy. I had a post in the feedback forum about that (in little bit different light thou). Let hope the developers get it that just using a filepath do associated exe to policy is not enough.

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Well, i belive this happens because comodo don't use hash values to associated the exe with the policy. I had a post in the feedback forum about that (in little bit different light thou). Let hope the developers get it that just using a filepath do associated exe to policy is not enough.

GPNX!! I bet you haven't read any of this thread, just like you don't read the help other members are trying to give you!.

Read read read read read
Windows 7 x64
AMD FX 8120, 8gb ram, ATI 6870 1gb

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek