Author Topic: Bugs to Report  (Read 3237 times)

Offline Scott B.

  • Comodo Family Member
  • ***
  • Posts: 66
Bugs to Report
« on: August 06, 2006, 04:55:49 AM »
Ok, I have been testing quite alot lately, and I have several bugs to report. here they are.

1) All DCC is blocked with mIRC. (I havent tested Gaim or Miranda yet) Incoming and outgoing.

1b) identd is also blocked.

2) Sometimes active connections are not shown in the activity window. This includes svchost, system, and DkService.exe (Diskeeper v9). It appears this happens in conjunction with verification engine, and Launchpad. When those 2 things connect, all other info dissapears.

3) Some hidden processess can bypass the firewall, recently had an unknown trojan (which I've submitted) that completely bypassed the firewall. Another computer had incurred a downloader trojan and was able to kill the firewall process repeatedly, the error givin was unable to initialize graphical interface.

4) why does CPF constantly access HKCU\.gif , HKCR\.gif , HKCR\.gif\Content Type , HKCU\SOFTWARE\Classes\PROTOCOLS\Filter\image/gif etc etc?

5) the Scan For Known Application Wizard can sometimes crash and give wrong results. Fills the list with the same detected module to infinity.

ok, the rest is going on the wish list...













Offline Scott B.

  • Comodo Family Member
  • ***
  • Posts: 66
Re: Bugs to Report
« Reply #1 on: August 06, 2006, 02:05:12 PM »
Another bug, completely blocks all Gene6 incoming ftp traffic. It allows the server and the administrator, but doesn't allow incoming connections.

nothing shows in the connection monitor.

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: Bugs to Report
« Reply #2 on: August 06, 2006, 03:11:54 PM »
Ok, I have been testing quite alot lately, and I have several bugs to report. here they are.

3) Some hidden processess can bypass the firewall, recently had an unknown trojan (which I've submitted) that completely bypassed the firewall. Another computer had incurred a downloader trojan and was able to kill the firewall process repeatedly, the error givin was unable to initialize graphical interface.


What version of CPF r u using? And what is this trojan? How do you know it bypassed the firewall?Please tell us how it happened.

The other ones are cnfiguration problems not bugs. Except the scan for known applications. Can you describe it more accurately for us to reproduce?
Thx,
Egemen
« Last Edit: August 06, 2006, 03:16:15 PM by egemen »

Offline Scott B.

  • Comodo Family Member
  • ***
  • Posts: 66
Re: Bugs to Report
« Reply #3 on: August 07, 2006, 03:42:23 AM »
Current Beta version is the version I'm using of course.

These are not configureation problems... the applications have been set to allow all connections (tcp/udp) . If I set the main traffic control to allow all, it works just fine. These connections do NOT show at all in the application monitor.

So, I don't think this is any misconfig.

There are no alerts for telnet or remote login attempts. And I have these attempts logged by other means (peerguardian). That goes for http connection attempts also. Unfortuneately there is no way to view or log this activity with CPF...

I know the trojan bypasses the firewall becuase I had a log of the connections in peer guardian... it was a downloader trojan, 27k in size. Very nasty one... it downloaded and installed about 30 spywares and a rootkit or 2 which were progressively more difficult to remove. I ended up reformatting the machine to save time.
 


« Last Edit: August 07, 2006, 03:53:43 AM by Scott B. »

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11815
  • Linux is free only if your time is worthless.;-)
Re: Bugs to Report
« Reply #4 on: August 07, 2006, 04:18:41 AM »
That goes for http connection attempts also. Unfortuneately there is no way to view or log this activity with CPF...


If you look at the network monitor rule for ALLOW - IP you can turn on "Enable logging if this rule is fired". This will then record ALL activity against this rule.

Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline Scott B.

  • Comodo Family Member
  • ***
  • Posts: 66
Re: Bugs to Report
« Reply #5 on: August 07, 2006, 03:21:41 PM »
All right thanks, I will turn logging on there and see what find...

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek