Author Topic: 2.4.2.102-Prompted for already created application rules  (Read 1857 times)

Offline cprtech

  • Comodo Loves me
  • ****
  • Posts: 145
2.4.2.102-Prompted for already created application rules
« on: December 02, 2006, 10:30:55 AM »
I have noticed this once with this release and at least three times with 2.4.2.96. For example, I have a Network rule:

Allow, TCP, Out, Destination ip Any, Destination Port 80,81,82,8080,443,554, Source ip My machine's ip range, Source Port 1024-5000

Anyways, I have a rule for Admuncher.exe, parent app explore.exe, that matches the above Network rule.

I got an alert for it, same parent app, trying to access destination port 80, ip xx.xx.xx.xx so I allowed it and chose Remember. Checking my Application rules and comparing it to the first rule reveals that there is nothing different about them and that I should not have been prompted to create one. The checksum did not change on Admuncher.exe either. This has happened as well with iexplore.exe. I'm certain this is a bug. Has anyone else noticed this?

Offline AOwL

  • Comodo SuperHero
  • Comodo's Hero
  • *****
  • Posts: 2349
  • Comodo Firewall Pro - Be safe, use protection...
    • NordicNatureMedia
Re: 2.4.2.102-Prompted for already created application rules
« Reply #1 on: December 02, 2006, 11:42:49 AM »
I have noticed that I sometimes get a log entry that say that it has blocked a port that I have open in network monitor.
Once I tried to open the network rule and just click ok, and then the rule worked again... :o

Offline cprtech

  • Comodo Loves me
  • ****
  • Posts: 145
Re: 2.4.2.102-Prompted for already created application rules
« Reply #2 on: December 02, 2006, 03:06:41 PM »
I have noticed that I sometimes get a log entry that say that it has blocked a port that I have open in network monitor.
Once I tried to open the network rule and just click ok, and then the rule worked again... :o

Yes, there are strange things going on. I also had deleted an application rule for outlook.exe, because I had forgotten the exact alert message, so I wanted to recreate the alert to look at it again. So after deleting the rule I re-opened Outlook expecting to get an alert for network access, but there was none; Outlook was able to check for mail without any application rule set for it, so I restarted Comodo and tried again. Still no alert on the second try. It was finally on the third try, I was alerted to Outlook's attempt to check for mail  ???

AKAIK, an alert should be triggered for any application attempting network access for the first time after it had its rule deleted, without having to restart Comodo or reboot.

Offline AOwL

  • Comodo SuperHero
  • Comodo's Hero
  • *****
  • Posts: 2349
  • Comodo Firewall Pro - Be safe, use protection...
    • NordicNatureMedia
Re: 2.4.2.102-Prompted for already created application rules
« Reply #3 on: December 02, 2006, 03:16:51 PM »
Yes, CF needs to be a little more fine tuned... ;)
I hope they fix all the "small" issues before putting HIPS in... :)

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek