Author Topic: Rules/safelisted apps that is worth having in the next V3 version[CLOSED]  (Read 5576 times)

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Please post here predefined rules, port sets, safelisted apps you wish added to the next V3 version.
« Last Edit: August 27, 2007, 08:14:41 PM by gibran »
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Superantispyware
« Reply #1 on: August 18, 2007, 07:43:39 AM »
Can Comodo finally have Superantispyware trusted in the firewall and whitelisted on Defense+, even with Comodo firewall 2 versions, I'll do a scan of my computer for trusted programs etc. and Superantispyware would still get asked for connections through the firewall even after sending a bunch of "send to Comodo for analysis" alot of times. And can SAS be whitelisted on Defense+ soon, so I can stop seeing a thousand Defense+ pop-ups for SAS, I hope this will get done on the next beta release or on the final release, great job Comodo you're one of a kind! (:WIN)
« Last Edit: August 18, 2007, 07:51:30 AM by gibran »
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
windows\system32\csrss.exe
« Reply #2 on: August 18, 2007, 07:50:30 AM »
I found this in the Defense + events:
Application: ..\windows\system32\csrss.exe
Action: Terminate Process
Target: AND THIS IS THE FUN PART!! c:\archivos de programa\comodo\firewall\cfp.exe

DOES THIS MEAN THAT CSRSS.EXE IS TRYING TO TERMINATE COMODO?? what the hell is wrong with this???
It's a brand new install of windows, not even a week old.....

By the way: csrss.exe is the main executable for the Microsoft Client/Server Runtime Server Subsystem. This process manages most graphical commands in Windows. This program is important for the stable and secure running of your computer and should not be terminated.
Scan Your PC including csrss.exe to Detect any Security Threat (source: Process Library)

So.. if csrss.exe is so important and crucial, and my system IS CLEAN what the hell does that log mean???
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline Ragwing

  • Comodo's Hero
  • *****
  • Posts: 3497
Re: Rules/safelisted apps that is worth having in the next V3 version.
« Reply #3 on: August 18, 2007, 08:01:28 AM »
I think svchost.exe and System should be added as many ask why they access Internet, and if they deny one of them, the computer might not function as it should.

So here's my list for firewall safelist:
svchost.exe - Port 53, 67, 68, 80, 123 and 443 Parent services.exe
System - Port 137, 138 and 139. Parent System
aawservices.exe - Ad-aware 2007 - Parent services.exe
ashMaiSv.exe - Avast! Antivirus Mail Scanner - Parent services.xe
ashWebSv.exe - Avast! Antivirus Web Scanner - Parent services.exe
avast.setup - Avast! Antivirus Update
Firefox - Firefox web browser - Parent explorer.exe
Internet Explorer - Microsoft Internet Explorer - Parent explorer.exe
msnmsgr.exe - Windows Live Messenger - Parent explorer.exe
SpybotSD.exe - Spybot - Search & Destroy - Parent explorer.exe
spywareblaster.exe - SpywareBlaster - Parent explorer.exe

I use CPF 2.4, so don't know what Defense+ rules they would need, and for all application except svchost.exe and System, I use TCP/UDP In/Out, all ports.
Also, I'd like to see the whitelist database getting updated about once a month, since programs will update, and then CPF won't recognize them.


Ragwing
« Last Edit: August 18, 2007, 11:53:07 AM by Ragwing »

Offline Hergest

  • Newbie
  • *
  • Posts: 19
HP Printer driver blocked
« Reply #4 on: August 20, 2007, 07:15:20 PM »
I have an HP Printer connected on my LAN via TCP/IP.  I found that I could not print anything because the System process was blocking incoming traffic from the printers' local IP address.

I added a rule to the System process to allow IP In/Out from my LAN, after which I think the system spawned some other processes to handle the printing/spooling.

Does this sound normal?  If so, perhaps the System process should come auto-configured to allow incoming requests?

Comodo Firewall Pro Beta 3.0.7.208 32bit
WinXP Pro SP2.
« Last Edit: August 22, 2007, 05:12:50 PM by Hergest »

Offline Typo

  • Comodo Member
  • **
  • Posts: 45
    • http://pdehq.hyperphp.com/
Re: Rules/safelisted apps that is worth having in the next V3 version.
« Reply #5 on: August 23, 2007, 01:07:37 PM »
ashMaiSv.exe - Avast! Antivirus Mail Scanner - Parent services.xe
ashWebSv.exe - Avast! Antivirus Web Scanner - Parent services.exe
avast.setup - Avast! Antivirus Update

I would like also see Avast added to automatic safelist... Also Windows and Microsoft Update, Windows Defender, MSN Messenger, GOM Player, WinAmp...

Offline xiuhcoatl

  • Unaffiliated Forum Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 911
Re: HP Printer driver blocked
« Reply #6 on: August 24, 2007, 05:26:11 PM »
 I believe this is normal but I think when you create a trusted zone it should automaticaly create an alowall in under system or it should be created in learn all mode I also had to manually create the first rule to allow in from my trusted zone.

After I got this working I limited this rule to
Allow TCP or UDP In from Zone:[LAN] to Zone:[LAN] S. port PSet:[FPS]Any D. Port PSet:[FPS]
FPS ports is a port set [135-139,455,0]  I am not sure I need port 455 with my particular network set up however if you have bet bios over tcp disabled you might.  I had to enable port 0 as I was seeing traffic from my WS to Remote PCs that i was trying to conect to and it would not connect. As soon as I added port 0 It was up.

The port 0 trafic is not showing in my loggs after it is working and I log everthing in and out.

OD

I have an HP Printer connected on my LAN via TCP/IP.  I found that I could not print anything because the System process was blocking incoming traffic from the printers' local IP address.

I added a rule to the System process to allow IP In/Out from my LAN, after which I think the system spawned some other processes to handle the printing/spooling.

Does this sound normal?  If so, perhaps the System process should come auto-configured to allow incoming requests?

Comodo Firewall Pro Beta 3.0.7.208 32bit
WinXP Pro SP2.

When things go wrong, and they usually will,and your daily road, seems all uphill, when machines are down,and tempers high, when you try to smile, but can only cry,and you really feel you'd like to quit, don't run to me I don't give a sh*t.
(A semi retired systems analyst's credo)

Offline r-eyes

  • Newbie
  • *
  • Posts: 2
Re: Rules/safelisted apps that is worth having in the next V3 version.
« Reply #7 on: August 25, 2007, 09:23:37 AM »
Opera
And ftp and telnet  ports should be in ports list .

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26225
Re: Rules/safelisted apps that is worth having in the next V3 version.
« Reply #8 on: August 26, 2007, 07:32:01 AM »
Opera
And ftp and telnet  ports should be in ports list .

I agree on Opera. Opera has besides a web browser an email/newgroup client, IRC client and rss feeds. So, it will need permissions for the ports related to that activities.

Offline Chappy

  • Comodo Family Member
  • ***
  • Posts: 66
Re: Rules/safelisted apps that is worth having in the next V3 version.
« Reply #9 on: August 26, 2007, 10:35:40 PM »

You could "Literally" end up with many 100's of 1000's of programs on a Whitelist or SafeList, and quite possibly into the millions, so a thread like this can easily be overwhelmed with requests...in theory of course.
I like the idea of allowing users to build their own personal WhiteList from installed programs on their machines. If they feel that everything on their machine is safe, then that's great for them, but a list built from a thread like this can easily be corrupted with programs that less "diligent" users may consider Safe, but which in reality are not. It's too daunting a task for anyone to minitor every Windows program out there, so some less than savoury programs could make it into a safelist such as could be built from a thread as this .
Also, what "I" consider a Safe program, may be too strictly enforced for others, and vice-versa, so again I think the best way to do this is to scan a users system and then offer a list of ALL Non-Windows programs found for the user to pick from. This also offers a way for a user to recognize something they weren't aware was installed possibly, and allows them to remove it if needed

What I think a default WhiteList from Comodo should look like is a listing of all known Windows and System critical programs (services and processes are actually small programs), and all known safe Security programs (AV, AntiMalware, Firewall..etc), and the user build their own personal safelist from that point on. With so many different programs available for every little thing anyone can possibly do on a Windows machine, I think that's the Prudent way to go personally.
I'd like to hear what others think too...do you think it's possible to actually Build a useful SafeList of programs? It literally would have to be updated pretty much daily to be of any good, and requires that someone literally check out every single entry for validity. Then us users have to trust that someone is actually Doing just that, and that their version of what makes a "Safe" program is the same as our own is.
I think it would soon become so unwieldy as to make it a nuisance instead of a feature so I think it has to be limited to a certain degree, to the types of programs that almost EVERY User will have installed, and then let the user themselves decide what other multitude of smaller programs they wish to add onto a personal safelist.

Dave

Offline disinter1

  • Comodo Loves me
  • ****
  • Posts: 133
Re: Rules/safelisted apps that is worth having in the next V3 version.
« Reply #10 on: August 26, 2007, 11:27:34 PM »
Thanks for adding my superantispyware request, I hope that is taken care of soon. Anyways can you please add lexmark printers and etc., Comodo beta 1 messed me up a few times durning printing alot of important things, thank you.  (:KWL)
« Last Edit: August 26, 2007, 11:40:25 PM by disinter1 »

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: Rules/safelisted apps that is worth having in the next V3 version.
« Reply #11 on: August 27, 2007, 08:14:05 PM »
You're Late. Please read Help Us Nurturing the Safelist

Topic Locked.
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek