Author Topic: CFP v3.0.7.208 Beta Survival Guide. Known workarounds.  (Read 3945 times)

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
CFP v3.0.7.208 Beta Survival Guide. Known workarounds.
« on: August 20, 2007, 08:00:34 AM »
CFP v3.0.7.208 Beta

There are few major bugs that could mess with your CPF installation:
I'll summarize there along with the known workarounds.
  • CPF lose existing rules
    Use the configuration management wizard (Miscellaneous Section) to backup your rules before shutdown. Don't overwrite previous backups, in addition you may import the last backup and give it a different name just in case (it won't hurt to have two rulesets).
    The configuration management wizard Could be used to switch to the other ruleset anytime. So Is a good thing to clone the main ruleset before shutdown and make it active. The next reboot if some rules are missing in the cloned ruleset activete the previous one or use a previous backup.
  • Reversed IPs
    Every even CPF startup some IP get reversed (CPF not working). Just close it from the tray and run it again. Don't bother to create new rules. If you don't want to check if IP are reversed just Edit the Firewall rules for Svchost and System to include your source IP. This way when IP get reversed you will not see the CPF connection animation in action.
  • Things to avoid:
    Fast user switching and Limited User Accounts seem to cause problems
    View active connection will crash when one app open more than 32 connections. Use Cports
  • Shutdown takes a long time
    Look for csrss.exe in defense+ make it trusted and eventually grant it permission to close cpf.exe.
    It won't hurt to make all Microsoft windows components such as userinit.exe, sethc.exe, control.exe, wscntfy.exe, mmc.exe, cisvc.exe, wuauclt.exe, wmiprvse.exe, wmiadap.exe, alg.exe, csrss.exe, svchost.exe, winlogon.exe, services.exe, ctfmon.exe, helpsvc.exe, helpctr.exe, your antivirus and other security softwares Trusted in Defense+. You can then start to limit Defense+ privileges for these apps if your system run stable. Make sure to change permission for one executable every few reboots.
  • BSOD before Logon
    Login using the Safeboot mode in windows and set Defense+ to learn all. Disable Image Execution Control and reboot.
  • Cannot Install after uninstall
    If you previously uninstalled CPF V3 and now you are unable to install it again because the install reports that it is already installed then download BFU and let it run the script (comodocleaner.bfu) in the attached archive. This uninstaller should work also for non-english windows installations (at least those using Latin alphabet).


[attachment deleted by admin]
« Last Edit: August 21, 2007, 06:41:25 AM by gibran »
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26225
Re: CFP v3.0.7.208 Beta Survival Guide. Known workarounds.
« Reply #1 on: August 21, 2007, 08:48:36 PM »
 :BNC :BNC :BNC I bow deeply in humility.... Thanks much...

Offline Dennis2

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 9663
Re: CFP v3.0.7.208 Beta Survival Guide. Known workarounds.
« Reply #2 on: August 22, 2007, 08:56:17 AM »
Thanks for this info.
 I though I was alright regarding my defense rules had them for 8 days without any loss but I had overwritten my backup so when I restored it nothing in defense.
I thought of exporting the policy key in the registry to backup my defence rules?
I lost them when installed/uninstalled a program which I was trying or it could have been system restore?
Many Thanks
Dennis
Moderator: Aims Forum a friendly place. Any concerns? Please PM me and/or review the Forum Policy 2012Updated.
System: Centos 7.9 x64, APF, HTTPS Everywhere, ABP, NoScript
 Fedora 33 x64, APF, HTTPS Everywhere, ABP

gaby

  • Guest
Re: CFP v3.0.7.208 Beta Survival Guide. Known workarounds.
« Reply #3 on: August 23, 2007, 02:01:26 PM »
CFP v3.0.7.208 Beta

  • Reversed IPs
    Every even CPF startup some IP get reversed (CPF not working). Just close it from the tray and run it again. Don't bother to create new rules. If you don't want to check if IP are reversed just Edit the Firewall rules for Svchost and System to include your source IP. This way when IP get reversed you will not see the CPF connection animation in action.

Hi Gibran, sorry I cannot completely agree with you – reversed or not, CPF works for me...
more, when including individual IP's to applications, those get reversed as well.


CFP v3.0.7.208 Beta
  • Shutdown takes a long time
    Look for csrss.exe in defense+ make it trusted and eventually grant it permission to close cpf.exe.
    It won't hurt to make all Microsoft windows components such as .............., alg.exe, , svchost.exe, winlogon.exe, services.exe, .....

Don't know about the other ones you've mentioned - but Beta just saved my humble skin today: one of my co-workers gently removed windows FW to print some of his crap on my computer. I've worked about one hour on it before Beta warned me of a completely suspicious activity.
I'll rather avoid “ alg, svchost, winlogon, services” to be on any safelist.

Thanks again Comodo – I've survived another day, because of You.

Gaby
 (S)

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: CFP v3.0.7.208 Beta Survival Guide. Known workarounds.
« Reply #4 on: August 23, 2007, 03:16:48 PM »
Sorry gaby,
sometimes I don't bother about agreeements.

Like it is stated on the beta download page the beta is intended for a test machine for a testing purpose. This imply that the tester has full control on his machine and that he will know when he willingly disabled CPF protection.

The listed workarounds are tailored around common betatester ruleset to apply to most testers.

Anyway since this topic is about known workarounds, if something doesn't apply to your specific needs is a good thing to post if you are willing to add more details. So feel free to edit your posts.

reversed or not, CPF works for me...
more, when including individual IP's to applications, those get reversed as well.
IP reversal is a known bug. Some users gets duplicated rules because of this or they have no connection if they used IPs in some fundamental rules. The point is not that ip get reversed or that CPF may work in some cases. That workaround is meant to limit the number of revesed ip.


Don't know about the other ones you've mentioned - but Beta just saved my humble skin today: one of my co-workers gently removed windows FW to print some of his crap on my computer. I've worked about one hour on it before Beta warned me of a completely suspicious activity.
I'll rather avoid “ alg, svchost, winlogon, services” to be on any safelist.
Those components are MS digitally signed executables. They won't do any harm by themselves if CFP is let properly run.

CPF registry and file protection defauld ruleset will guard many key parts of windows, like the list of installed services and MS executables. Anyway marking such files to be trusted doesn't still allow some privileges (look a the defence+ trusted policy) but these files are key windows components and could benefit from a wider permission. Is still possible to finetune their Defense+ ruleset in a troubleshooting fashion.

If a suspicious activity was running on your pc please provide additional info like:
  • type of activity
  • affected executable/directory/registry key/other meaningful info
  • what defense+ component alerted you
  • executable/process causing the alert

Sometimes you don't need to agree but you only have to share you personal experiences in a way that will be useful to other people as well. (CNY)
« Last Edit: August 23, 2007, 03:34:39 PM by gibran »
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek