Author Topic: D+ odd behaviour when enabled at startup (3.0.25.378 x32)  (Read 4056 times)

Offline nomads voice

  • Comodo Member
  • **
  • Posts: 40
D+ odd behaviour when enabled at startup (3.0.25.378 x32)
« on: July 11, 2008, 07:35:59 AM »
Hey there,

since other forums do not bring any solution I suggest a bug.

When D+ ist enabled at startup it seems to trouble itself...

1. Active Process List only shows PID 0 but nothing else, new processes are added but not removed when they exit
2. switchting modes causes CFP's freezing
3. it keeps blocking Hook of "%windir%\system32\MSCTF.dll" while being instructed to allow this (other Hook rules work fine, however)
4. it keeps blocking things (Protected Files and Registry Keys) without any rule forcing this - and there are no log-entries regarding those events
5. rules that should come up with a dialog (Ask) do not prompt anything

When D+ is disabled at startup and then is enabled manually:
Active Process List works fine
no freezing when switching modes

I will go into further testing with the MSCTF.dll and File/Registry guard. Since I need external tools to track these, please be patient.

Edit:
there were no previous versions of CFP installed. Reinstall did not help.

regards, tom
______________________________________________________________________________
CFP 3.0.25.378 x32, Win XP Home 2002 SP2, Avast Home 4.8.1201 (at time of this post)
FW: custom mode, advanced settings changed
D+: clean mode, advanced settings changed
Intel Pentium M x86.6.13 - 1.6GHz
« Last Edit: July 11, 2008, 07:43:31 AM by nomads voice »
Drive defensively. Buy a tank.

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: D+ odd behaviour when enabled at startup (3.0.25.378 x32)
« Reply #1 on: July 11, 2008, 07:43:06 AM »
Hey Normad,

1)Does it work with default settings?
2)Are you running as an administrator?
Windows 7 x64
AMD FX 8120, 8gb ram, ATI 6870 1gb

Offline nomads voice

  • Comodo Member
  • **
  • Posts: 40
Re: D+ odd behaviour when enabled at startup (3.0.25.378 x32)
« Reply #2 on: July 11, 2008, 07:45:47 AM »
Hey Normad,

1)Does it work with default settings?
2)Are you running as an administrator?


Hey Kyle...

1.
I guess not. I kept the default settings remaining, just added more rules since the default setup is to vulnerable for my purposes.
Edit: I do not trust digitally signed vendors as this is too insecure for my environment. I cannot even enable this option for testing purposes - too dangerous, since I mustn't trust Microsoft applications.

2.
yes, administrator.

Thanks.
« Last Edit: July 11, 2008, 07:48:29 AM by nomads voice »
Drive defensively. Buy a tank.

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: D+ odd behaviour when enabled at startup (3.0.25.378 x32)
« Reply #3 on: July 11, 2008, 07:52:39 AM »
You could try the process of elimination.. Deleting certain rules until you find the one that is conflicting.. and modify it.
That's the only thing I can think of, Someone else may be able to help you. Though I do think the problem is within the rules because it worked on default.

If you find the rule that is causing Freezes  and start up difficulty's it might be a good Idea to post which rule caused this so that Someone from comodo might be able to fix, or not allow the user to create such a rule.

Kyle
Windows 7 x64
AMD FX 8120, 8gb ram, ATI 6870 1gb

Offline nomads voice

  • Comodo Member
  • **
  • Posts: 40
Re: D+ odd behaviour when enabled at startup (3.0.25.378 x32)
« Reply #4 on: July 11, 2008, 08:01:10 AM »
You could try the process of elimination.. Deleting certain rules until you find the one that is conflicting.. and modify it.
That's the only thing I can think of, Someone else may be able to help you. Though I do think the problem is within the rules because it worked on default.

If you find the rule that is causing Freezes  and start up difficulty's it might be a good Idea to post which rule caused this so that Someone from comodo might be able to fix, or not allow the user to create such a rule.

Kyle

I cannot confirm that it would have worked with default rules since I cannot run them due to security issues.

I don't agree on your theory about a rule causing this, however:
why would D+ freeze when switching modes?
why would D+ block things it shouldn't, and
why does it "forget" to log things?
why is the Active Process List not working?

These are things which have nothing in common with any rule. They are program related.
Of course I didn't change any rule regarding CFP itself, so it shouldn't keep disturbing itself, I guess.
Drive defensively. Buy a tank.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek