Author Topic: 3.0.25.378 Incorrectly Identifies Applications, Resulting in Wrong Rules [Merged]  (Read 73574 times)

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11636
  • Linux is free only if your time is worthless.;-)
Read read read read read

He is! He is! He is! He is! He is!

Please remember, forums members are allowed to express their opinion, even where it is opposed to the consensus. All software can be made better and the process of improvement starts with evaluation and examination.

Just because someone doesn't see your viewpoint, doesn't make them wrong. Doesn't make them right, either.  ;)

Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
He is! He is! He is! He is! He is!

Please remember, forums members are allowed to express their opinion, even where it is opposed to the consensus. All software can be made better and the process of improvement starts with evaluation and examination.

Just because someone doesn't see your viewpoint, doesn't make them wrong. Doesn't make them right, either.  ;)

Ewen :-)


Hello Ewen! He has a similar topic which other members and my self are trying to explain to him. That's what i was referring too
Windows 7 x64
AMD FX 8120, 8gb ram, ATI 6870 1gb

Offline gpnx

  • Comodo Member
  • **
  • Posts: 27
Hello Ewen! He has a similar topic which other members and my self are trying to explain to him. That's what i was referring too

I was posed here because i thought these issues maybe related.

I was trying to help you guys improve COMODO because i like it (it reminds me of Tiny Firewall which is the BEST firewall. period).  If there is tiny firewall for vista i would not bother you with my sugestions , but there is none.. :( I would suggest the comodo develdopers to take a look at how the tiny firewall 6.xx.xx works (they have multiple hash per exe, you can assign multiple group of policies to exe, etc...)

As i pointed in the other threads, you NEED/HAVE TO make sure (via hash, crc or w/e) that the executable that uses a given policy (firewall, defence,...) is the one that the policy was made for.  I pointed couple of examples (and the simplest one is the install mode, the other are diff kind of bugs, leaks, usage scenarios, driver installs etc..) in which this simple "file path" executable->policy assosiation of yours can be a point of weakness because you really only on the "defense file modification rules and the user response" to keep the exe->rule policy integrity intact.

The security products are used mostly by user who don't know or don't want to bother with too much security details. For example (in case comodo is not in install mode), you may say the comodo notified you for some exe accessing explorer/driver/etc.... AS I USER THIS MEANS NOTHING FOR ME. It would been more meangfull if i see (after i install something for example) that i get a message from comodo saying: THE EXECUTABLE IEXPLORER/FIREFOX got modified... do you want it to PROCEED as BEFORE? Now, currently comodo can't do that because you really on simple file path to associated exe -> policy. Thats why i suggested hash, etc and got nearly "flamed" by the "patrons".
thanks
« Last Edit: July 25, 2008, 06:00:07 PM by gpnx »

Offline Micc

  • Newbie
  • *
  • Posts: 9
Quote
As i pointed in the other threads, you NEED/HAVE TO make sure (via hash...) that the executable that uses a given policy is the one that the policy was made for.

Full Ack!

I can't believe that cpf don't use any hash values to identify a application. Before i come to CPF i used Tiny Firewall and later Sygate PF. Both are really good and fast but too old for new windows versions. i hope some developer read this thread and make the necessary changes...

Offline WTH

  • Newbie
  • *
  • Posts: 24
If that bug gets fixed I will buy it! Promise :)

However this error makes the FW completely unreliable. Is there are safe Workaround for it at the moment?

Offline Micc

  • Newbie
  • *
  • Posts: 9
Quote
If that bug gets fixed...

Forget it, they dont care about this bug. The last posts are months ago and no statement from the developers. Nice company policy...

Quote
Is there are safe Workaround for it at the moment?

just uninstall comodo and use a other firewall software...

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Guys,

This bug is related to Avast email scanning and CFP conflicting with each other. It is already being investigated.

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13541
  • Retired - Volunteer Moderator
I'm sorry Egemen, but i'm no longer running Avast since i have installed CIS Beta1.
Complete uninstall, nothing left (maybe some hidden stuff in the registry but no drivers/services etc).
And i still have this problem once in a while.
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
I'm sorry Egemen, but i'm no longer running Avast since i have installed CIS Beta1.
Complete uninstall, nothing left (maybe some hidden stuff in the registry but no drivers/services etc).
And i still have this problem once in a while.

Then there is something else conflicting. Can you please give me a screenshots of all the loaded drivers in your system? Also a screesnshot of all of the processes?
Proces Explorer can be used for this.

Thx

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13541
  • Retired - Volunteer Moderator
I've send you the details, please let me know if you need more details.
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline Searinox

  • Comodo's Hero
  • *****
  • Posts: 537
  • Do you like fire? I'm full of it.
Seriously it's avast? I don't have avast, I have Symantec Corporate 10.2 and NOD32. It's a very rare occurrence(had two in 6 months) but sometimes what happens after disabling and enabling the firewall a few times I get completly off queries. For example Firefox opens and I get a query to allow a completly different exe which was already allowed. Obviously even if I confirm the app will not connect. If closed and ran again it might or might not work. The most obvious case was a week ago when I was running LiveUpdate and it asked me to allow an installer package COMPLETLY unreated that I had run half an hour ago. The problem persists until the GUI is shutdown and re-launched.

Offline WTH

  • Newbie
  • *
  • Posts: 24
Some processes:

AVG (antivirussoftware from grisoft)
Spampal
Intel raid manager
nvidia controls
miranda
sound effects manager
sandboxie

How to identify when software is conflicting? If you say its visible in process explorer please provide some more info on how we can check? Still I don't really understand what is the conflict there.

Thanks for the reply though :)

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13541
  • Retired - Volunteer Moderator
This bug should be fixed in CIS RC2.
You could install (with or without AV) this version and see if it works ?

Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline Searinox

  • Comodo's Hero
  • *****
  • Posts: 537
  • Do you like fire? I'm full of it.
Won't there be a separate fix release for the standalone firewall too?

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13541
  • Retired - Volunteer Moderator
As far as i understood there is no "standalone" version, the "new" firewall is part of CIS where you can decide not to install the AV part so you will have CFP 3.5.x

Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek