Author Topic: Policies aren't being applied to programs run from network (V3.0.14 - .25 X32)  (Read 18257 times)

Offline MrBrian

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 494
Firewall and Defense+ policies aren't being applied to any executables run from a network.  In my case, the network location is a FAT32-based share using the Shared Folders feature in a VMWare virtual machine.  Perhaps the issue happens on any executables run from any network location?  Can anybody else give feedback on whether this is the case?

Version: V3.0.14.276
CPU: 32 bit
OS: Win XP SP2
Other security programs running: Returnil, NOD32
Defense+ Security Level: Train with Safe Mode
Firewall Security Level: Custom Policy Mode
« Last Edit: July 12, 2008, 07:11:10 PM by MrBrian »

Offline MrBrian

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 494
This is a follow-up on my own post.  When I discovered this issue, I was using a program not on the Comodo whitelist.  Be sure, if you're testing this issue, to use a program not on the Comodo whitelist.  One such program is the leaktest available at http://www.grc.com/lt/leaktest.htm.

Offline MrBrian

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 494
Issue still exists in v3.0.16.295

Offline MrBrian

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 494
Issue still exists in v3.0.18.309.

Offline MrBrian

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 494
Issue still exists in v3.0.20.320.

Offline vignesh

  • Comodo Member
  • **
  • Posts: 44
Defense+ and firewall both blocked the Exe while adding the application thru Running process and given Isolated\Blocked application privilege... I mean to say that- its using Device name(File path) for the Network Exe's..  ??? Am i Right??


« Last Edit: March 26, 2008, 07:37:20 AM by hiddenstar »
Regards,
Vicky.

Offline MrBrian

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 494
Defense+ and firewall both blocked the Exe while adding the application thru Running process and given Isolated\Blocked application privilege... I mean to say that- its using Device name(File path) for the Network Exe's..  ??? Am i Right??

This happens using the shared folders feature of VMware.  It's a mapped drive.  CFP will never give any alerts for a program run from this mapped drive.

Offline vignesh

  • Comodo Member
  • **
  • Posts: 44
Hi,
   I have attached the snapshot of the alert and the UNC path rule for the network exe's. Please verify this.

OS:Win XP x32 SP2
CFP:3.0.20.320

Thanks,
Vicky.

[attachment deleted by admin]
Regards,
Vicky.

Offline MrBrian

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 494
Thank you hiddenstar for your testing :)  It appears that in your case CFP is working correctly.  However, in my case I am using a mapped drive, not a UNC path.  I gave the following command at the command prompt: 'fsutil fsinfo drivetype s:' (without quotes) and received the answer: 'S: - Remote/Network Drive'.  Volume S is the volume with the problematic behavior.

Offline MrBrian

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 494
Issue still exists in v3.0.21.329.

Offline MrBrian

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 494
Issue still exists in v3.0.22.349.

Offline MrBrian

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 494
Please provide more info about your environment (e. g. guest os, VMWare version).
If you uninstall Returnil and NOD32 (and other security apps except CFP) does it make any difference?

Thank you for responding :).

Host OS - Windows XP2 with all patches
Guest OS - Windows XP2 with all patches
VMWare Workstation v5.5.6
Returnil not installed in the virtual machine.
I didn't try to uninstall NOD32 in virtual machine but perhaps I will soon, just to rule it out as a possibility.

Offline sovereignty68

  • Comodo Member
  • **
  • Posts: 39
It works for me. Even the executable is in Safe list, I still get the alert.....

Offline SS26

  • Comodo's Hero
  • *****
  • Posts: 1925
MrBrian,
NP. Hopefully developers will provide some feedback.

Offline SS26

  • Comodo's Hero
  • *****
  • Posts: 1925
It works for me. Even the executable is in Safe list, I still get the alert.....
What are your system details? Do you also use latest CFP on VMWare on Win XP SP2 x32 host and guest?

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek