Author Topic: D+ Rules disappeared - 3.0.25 x32 - Vista SP1 (UAC).  (Read 17597 times)

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: D+ Rules disappeared - 3.0.25 x32 - Vista SP1 (UAC).
« Reply #15 on: June 24, 2008, 10:43:00 AM »
Well the configuration handling isn't exactly optimal, even Microsoft discourages the use of registry for this case (large key/value numbers and frequent modifications) and rewriting the whole keytree just because one single option changed...  ???, well looking at the format of the stored data I understand why they do this, but it's far from optimal. Storing settings in a simple database would be probably better and a lot faster (at least when writing/editing a rule, but reading probably too).

Thanks for  the comment khagaroth. However this will not help finding the real cause behind this issue.
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13543
  • Retired - Volunteer Moderator
Re: D+ Rules disappeared - 3.0.25 x32 - Vista SP1 (UAC).
« Reply #16 on: June 24, 2008, 03:01:40 PM »
I managed to reproduce it (after making a nice backup  :SMLR).

Situation:
I run IEPrivacykeeper http://www.unhsolutions.net/IE-Privacy-Keeper/index.html to cleanup some stuff on shutdown, i removed a few d+ entries from this tool so it will pop up at system shutdown.

I shutdown my system with a shortcut to C:\Windows\System32\shutdown.exe /s /t 00

The pop up appears asking me to allow IEPrivacykeeper Interprocess memory access to another application... i wait a few seconds and press APPLY with Remember.

The system shuts down normally without any abnormal message.

I start my system again and after login i get pop up's i normally don't have so i check the d+ policy.
Almost empty only some 20 entries.

I fire regedit and take a look at the registry key:
[HKEY_LOCAL_MACHINE\System\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy]
"Num"=dword:00000021 (33 decimal).

My backup file however shows:
[HKEY_LOCAL_MACHINE\System\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy]
"Num"=dword:000000eb (235 decimal).

i made some screenshots and put a sysinternals procmon on cfp and clicked right mouse on the cfp, exit.
Shutting down cfp takes over 2 minutes with heavy cpu load.

(0) shows the corrupted policy.
(1) shows the registry still knows 232 rules (starts at 0).
(2) shows heavy cpu load on "exit".
(3) shows the registry after shutdown now knows only 34 rules.
(4) contains a partial procmon pml file of the cfp shutdown.






[attachment deleted by admin]

[attachment deleted by admin]
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: D+ Rules disappeared - 3.0.25 x32 - Vista SP1 (UAC).
« Reply #17 on: June 24, 2008, 04:32:30 PM »
I managed to reproduce it (after making a nice backup  :SMLR).

I was off-track then :'( The time to close CFP you reported is way too long and according to my hypothesis should have been enough to lose part of your ruleset on each reboot.

But is this the same issue or a new related one? Do you remember if the other times you lost your ruleset you replied on an alert upon shudown?

On my PC  (XP sp3 32bit) I was not able to replicate the issue you described in your latest post nor my hypothesis.
CFP is set to safe mode.
I lowered WaitToKillAppTimeout to 3 sec and HungAppTimeout to 500 milliseconds (exiting CFP usually require up to 10 seconds here).
I used ultradefrag to reproduce the issue you described.
I removed ultradefrag rules and I run it. I keep a D+ alert for ultradefrag on screen and used shutdown.exe /s /t 00 to reboot.
During rebooting I clicked few times the OK button of D+ alert (it was marked to remember as well).

I tried this three times but my ruleset was unaffected.
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13543
  • Retired - Volunteer Moderator
Re: D+ Rules disappeared - 3.0.25 x32 - Vista SP1 (UAC).
« Reply #18 on: June 24, 2008, 04:45:19 PM »
Hello gibran,

A "normal" cfp exit takes 20 seconds with cpu load 50% (dual core, one core flatout).
I'm not absolutely sure but i think both times i "Applied" a pop up on shutdown.

How many rules does your D+ contain ? and as i stated before, i have "manualy" sorted the rules.
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: D+ Rules disappeared - 3.0.25 x32 - Vista SP1 (UAC).
« Reply #19 on: June 24, 2008, 05:30:43 PM »
Hello gibran,

A "normal" cfp exit takes 20 seconds with cpu load 50% (dual core, one core flatout).
I'm not absolutely sure but i think both times i "Applied" a pop up on shutdown.

How many rules does your D+ contain ? and as i stated before, i have "manualy" sorted the rules.


Around 130 D+ rules. I rearranged some rules too but I left the default ones on top (eg when i did thaose test after reboot I found ultradfrag rule on top).
Rearranging rules should be fine now but previously devs explicitely prevented manual sorting of D+ rules.
IIRC this was to force the application of the *(all application) rule before other rules.

Now some new rules are placed at the top of the D+ Computer security policy list so I guess it doesn't matter anymore

[attachment deleted by admin]
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13543
  • Retired - Volunteer Moderator
Re: D+ Rules disappeared - 3.0.25 x32 - Vista SP1 (UAC).
« Reply #20 on: June 24, 2008, 05:41:21 PM »
Mine looks like this

[attachment deleted by admin]
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: D+ Rules disappeared - 3.0.25 x32 - Vista SP1 (UAC).
« Reply #21 on: June 24, 2008, 05:51:36 PM »
Mine looks like this

Hey how comes that the all aplication rule is exactly at the bottom ? ;D

Well I guess I'll try that too it won't hurt... ( though I hate to reboot :'( )

EDIT: No luck I rebooted twice with all aplication rule at the bottom while confirming Ultradefrag D+ alert.
« Last Edit: June 24, 2008, 06:01:02 PM by gibran »
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline JJasper

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1655
Re: D+ Rules disappeared - 3.0.25 x32 - Vista SP1 (UAC).
« Reply #22 on: June 24, 2008, 07:33:35 PM »
Hey how comes that the all aplication rule is exactly at the bottom ? ;D


You just drag it there

John

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek