Author Topic: CFP 3.0.11.246 RC1 General Feedback/Impressions (Not for Bug Reports)  (Read 55706 times)

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Submit here your feedback, impressions and suggestions about the latest RC.
Please change the subject to describe your post.
« Last Edit: November 08, 2007, 08:26:33 AM by gibran »
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline malbeth

  • Comodo Family Member
  • ***
  • Posts: 54
Re: CFP 3.0.11.246 RC1 General Feedback/Impressions (Not for Bug Reports)
« Reply #1 on: November 08, 2007, 08:03:22 AM »
moved from announcement thread

had notepad open while installing/initially configuring RC1. pasting the notes now. legend: (DD) - design decision, (?) - question, (bug) - guess ;)) Fully updated XP Pro SP2 x86.

(DD) defense+ defaults to 'train with safe' on full options install

(?) explorer.exe not recognized. however, it then somehow gets assigned a custom policy based on 'trusted applications'. considering that any application having file-open dialogue seems to need accessing it in memory, can anyone see a gaping hole?

(DD) 'Image execution control options' defaults to *.exe files instead of built-in 'executables' file group (having changed that manually and having gone through launching one application, I kinda see your point ;) Still, there should be ways to fix it, e.g. having a dynamically updated 'verified libraries' file group. did I mention I miss component control from 2.4?

(DD) 'Trusted applications' are set to ask for running programs, but 'windows system applications' are not. Go figure. Also, why would blindly trust windows system applications, knowing their buggy nature and their being a prime target for hackers?

(DD) 'Installer or Updater' predefined security policy is hard-coded. Hard to imagine more lenient policy than 'windows system', though.

(?) the "*" predefined file group is called 'all executables', while really defining 'all files'

(DD) defining 'executable files' by file name extension is a gaping hole really. Files with other file name extensions could be run in Windows, key feature being internal file format (PE etc.)

(?) some file groups are invisible in 'My Protected Files' list until the 'groups...' button is clicked

(DD) still no way to have all d+ settings for an app/group/policy to be seen on one page. a baker's dozen 'modify' buttons with extra tabs to boot just don't cut it.

(DD) popup dialogues are still poorly readable. making some text bold doesn't quite cut it. perhaps a list-type structure could help.

(DD) although you can create a rule with 'remember my answer', you can't control what exactly the rule contains, e.g. how broad or narrow it is. e.g. would it allow UDP/outgoing UDP/outgoing UDP to IP/Port/Combo? An extra chile popup window, perhaps with bubble-style graphics referencing the parent window, where these could be refined, would be most useful.

(DD) allowing by default to use %windir%\system32-located files for hooking is another security hole

(DD) ports in port sets do not differentiate between protocols

(?) mixing IP and MAC (from different level protocols)

(?) is 'source/destination' notation really better than 'local/remote', given that the former depends on packet direction and the latter doesn't?

(bug?) speaking of which, predefined FTP rule for data requests seems to have source/destination ports mixed up

(?) iexplore.exe is not recognized

Offline rcbblgy

  • Comodo Loves me
  • ****
  • Posts: 130
Re: CFP 3.0.11.246 RC1 General Feedback/Impressions (Not for Bug Reports)
« Reply #2 on: November 08, 2007, 09:27:31 AM »
I wish  the Training Mode could be changed in the final version .
http://forums.comodo.com/cfp_beta_corner/announcement_comodo_firewall_pro_3011246_rc1_released-t14496.0.html;msg100713#msg100713

edit

Thunder5.exe is a p2p program like emule . When it is executed , it will modify one file in system32 folder and modify one or some dll files , I don't know the names of the dll files modified by Thunder5.exe , because Training Mode adds rules with wildcard . After training , CFP will allow the program to modify all files in system32 folder , all dll files and all regitry keys under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects . I have not changed the ruleset  since RC1 was installed .

Thunder5.exe is just an example , it is a trust program and will not do bad things , but if it is untrust program (such as IE) or with a virus , it will be very dangerous . And some people like to watch more things than incipient ruleset ( such as me  (:KWL) ) , they may clear all the incipient ruleset and add "C:\*" even "*" in "My Protected Files" , if "Training Mode" adds rules with wildcard , CFP will allow all programs to modify "C:\*" or "*" , then the rules added by users  will be purpose-less .

I think the "Learn All" level in beta2 is better , it adds rules with concrete file path and key path , I wish Training Mode could be changed back to Learn All .

edit

I don't know how the Train With Safe Mode works , if I use this mode , CFP will give me many alerts about modifying files and registry keys , installing hook and so on , in fact it doesn't train anything . The Clean PC Mode is better , it could learn something , but it doesn't learn which files a program will modify , when a program modify a file , CFP just gives the user an alert , doesn't add rules for that . For registry protection , it is same to Clean PC Mode , it adds rules with wildcard . Maybe the Train with Safe Mode or Clean PC Mode could be changed a little , to make one of them is same to "Learn All" mode in beta2 .

Storm.exe (3.jpg) is just a media player , when it is executed , it just modifys HKLM\SYSTEM\ControlSet010\Services\PerfOS\Performance\Error Count , but Clean PC Mode and Training Mode allow it to modify HKLM\SYSTEM\ControlSet???\Services\* , I am puzzled .

Another problem , the alerts about the registry protection still can differentiate the "create" , "modify" and "delete" operations , all alerts tell you a key will be modified .

edit again

Although Training Mode adds rules with wildcard is more advantageous , it is dangerous . Maybe there is another way to solve the problem , Training Mode could add concreter rules with wildcard . For example , a program modifys a.dll in system32 folder , Training Mode could add rule "C:\windows\system32\*.dll" not "*.dll" or "C:\windows\system32\*" . But I perfer gibran's idea , add a option or another level , to let users choose whether add rules with wildcard .

[attachment deleted by admin]
« Last Edit: November 10, 2007, 09:12:24 AM by rcbblgy »

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Suggestion: CFP Ruleset and Configuration Report
« Reply #3 on: November 08, 2007, 09:57:38 AM »
Hallo,

since we approached Release Candidate Status we cannot expect skilled beta-testers to install V3 anymore.
Comodo has a very active Forum Community and V3 specifically suggest this Forum to ask for Support.

So in order to further improve support requests and troubleshooting V3 should have a Ruleset and Configuration Report.

This way Members don't have to post screenshots and export Logs.

There should be only one place to go to generate a full textual report that list all the rules in a textual or HTML format.
This will shorten mostly all support Topics and will reduce the need to ask for missing or incomplete infos.

It would be easier to post a report containing something like

Quote from: Iexplorer Firewall ruleset
iexplore.exe
ALLOW TCP OUT from IP any to IP any where source PORT is any destination port is 80
ALLOW UDP OUT from IP any to IP any where source PORT is any destination port is 53
BLOCK IP IN/OUT from IP any to IP any


Quote from: Iexplorer D+ruleset
iexplore.exe
DNS client Service ALLOW
Loopback Networking ALLOW
Disk ALLOW
Keyboard ALLOW
Computer Monitor ALLOW
Protected Files and Folders ASK
Protected Files and Folder Allowed List:
   C:\windows\temp\*
Protected Files and Folder Blocked List:
   C:\windows\system32\*

instead of attaching screenshots or writing a ruleset by hand.

Another way to improve support would be the ability to import a textual rule in an application. So if a member doesn't know how
to use the configuration dialogs it will possible to import another member generated ruleset for that app.
« Last Edit: November 08, 2007, 10:09:07 AM by gibran »
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline adric

  • "Start every day with a smile and get it over with."
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 675
  • "I am not young enough to know everything. "
Why are all the Minimize Buttons Greyed Out?
« Reply #4 on: November 08, 2007, 10:29:19 AM »
RC1 does not allow for separately launched windows to be minimized or shown by themselves such as 'Active Connections' or 'View Firewall Events' etc. Minimize is only possible from the main menu or when using log viewer which is a separate program. All windows launched from the main menu should be independent.

Al


Offline adric

  • "Start every day with a smile and get it over with."
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 675
  • "I am not young enough to know everything. "
Sorting Columns
« Reply #5 on: November 08, 2007, 10:37:31 AM »
Moving and sorting columns is not always possible. Strangely enough, some displays like 'MY Pending Files' are sortable. Looks like someone has decided for the user what needs to be sorted and what not :). For consistency sake, please allow sorting when possible and do not restrict it to specific displays.

Al

Offline adric

  • "Start every day with a smile and get it over with."
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 675
  • "I am not young enough to know everything. "
GUI Observations
« Reply #6 on: November 08, 2007, 10:47:58 AM »
Window sizing, column width changes, and window placement settings are not remembered. Improvements in this area are needed.

Al

Offline Searinox

  • Comodo's Hero
  • *****
  • Posts: 545
  • Do you like fire? I'm full of it.
Re: CFP 3.0.11.246 RC1 General Feedback/Impressions (Not for Bug Reports)
« Reply #7 on: November 08, 2007, 11:28:11 AM »
Safe files list no longer exportable/importable. Have they been merged with the configuration option?

Also purging pending files takes longer now.

Offline adric

  • "Start every day with a smile and get it over with."
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 675
  • "I am not young enough to know everything. "
Re: CFP 3.0.11.246 RC1 General Feedback/Impressions (Not for Bug Reports)
« Reply #8 on: November 08, 2007, 11:41:24 AM »

Also purging pending files takes longer now.

Yes, I noticed this slowdown too. Almost seemed instantaneous in the previous version.

Al
« Last Edit: November 08, 2007, 11:43:06 AM by adric »

Offline pykko

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 560
    • Intr-o lume plina de virusi, ai un prieten
Denial of Service feature
« Reply #9 on: November 08, 2007, 01:14:18 PM »
Running nice here, except for the bug I've posted in the bugs section.
But since it is a RC1, shouldn't it contain almost all features? I thought Denial of Service feature which is important I think will be introduced, but nothing. Would it be available soon ?


Offline Surfer56

  • Comodo Member
  • **
  • Posts: 33
    • Google
Re: CFP 3.0.11.246 RC1 General Feedback/Impressions (Not for Bug Reports)
« Reply #10 on: November 08, 2007, 01:32:05 PM »
Hello. Some questions, and, if possible, feature requests :
1) What about statistics for protocols (TCP, UDP, ICMP, IGMP...) like in CPF 2.4 ? (See attachment)
2) Where we can found portscan settings ?
3) Why System idle Process have allow rules ?
4) Request - flu$h DNS records every : hour(s), day(s) because there is critical vulnurables which substituting DNS records.
5) Where settings for loopback and some others, like in CPF 2.4 :
          advanced attack detections and prevention section --> miscellaneous
          miscellaneous section
6) Request - Defence+ must monitor HOSTS file and asks when it changes.
7) Interception trafic from some antiviruses with web-antivirus components (for example Kaspersky).
Betas can't do it, and all trafic goes over System idle Process without asking access to Internet.


Sorry for my English.

[attachment deleted by admin]
« Last Edit: November 08, 2007, 02:21:10 PM by Surfer56 »
A64 3000+ 939 Asus A8N-SLI Deluxe
1024 Mb RAM
x700 256 Mb Pro Sapphire
200Gb ATA-100 Seagate
Win XP SP2 Pro Corporate 32-bit
---
50 cent & 2pac fan =)

Offline adric

  • "Start every day with a smile and get it over with."
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 675
  • "I am not young enough to know everything. "
Re: Denial of Service feature
« Reply #11 on: November 08, 2007, 01:33:43 PM »
Running nice here, except for the bug I've posted in the bugs section.
But since it is a RC1, shouldn't it contain almost all features? I thought Denial of Service feature which is important I think will be introduced, but nothing. Would it be available soon ?



Under Known Issues in the RC1announcement:

- DoS detection is not active yet

Hopefully this won't be the last RC  ;D

Al

Offline dtanderson

  • Newbie
  • *
  • Posts: 8
CFP RC1 and Vista SP1 no go ??
« Reply #12 on: November 08, 2007, 01:54:07 PM »
I installed CFP RC1 on a Vista box with SP1 installed on it.  Vista would hang at logon.  We I booted into safe mode, it booted really slow with each driver load scrolling very slow.  After I remove CFP RC1 everything is good now...

Anyone else try this on Vista SP1?

Offline Coolio10

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 464
Re: CFP 3.0.11.246 RC1 General Feedback/Impressions (Not for Bug Reports)
« Reply #13 on: November 08, 2007, 04:07:23 PM »
I think some people feel comodo went 1 step forward and 2 steps back. In other words it added more features but even more bugs/errors. As i said not my comment but from reading bug reports.
It seemed most people felt comfortable for 3.09 or whatever and 3.010 added bugs such as this what seems big 120 D.P.I issue.
(\__/)
(='.'=)
('')_('')

Giveaway of the Day" style="border: none

Offline Matt_KoRn

  • Newbie
  • *
  • Posts: 1
Re: CFP 3.0.11.246 RC1 General Feedback/Impressions (Not for Bug Reports)
« Reply #14 on: November 08, 2007, 07:22:44 PM »
From my experience...I've tried literlly just about every Antivirus solution out there, Comodo, to me..Seems to really stand out, it's pretty damn good, and I run a gaming machine that needs absolute every resource allocated to the games, yet it also needs protection, and Comodo's peformance and memory footprint, at least on my PC seems VERY small, very minimal impact, it's come along way since early betas in my opinion, and I'm greatful for that, good job Comodo. :)

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek