Author Topic: Vulnerability in CPF all versions.  (Read 2791 times)

Offline Scott B.

  • Comodo Family Member
  • ***
  • Posts: 66
Vulnerability in CPF all versions.
« on: November 27, 2006, 07:34:31 PM »
Just wanted to let you know. I installed VMware, and it installs virtual LAN's... and well, it appears the firewall doesn't detect them at all. (So a VM can bypass it?)

I hooked up another machine with 2 physical lan cards, and it recognizes one, and not the the other allowing free traffic.

Just thought I would bring that to your attention. :>


Offline mrm1

  • Comodo Family Member
  • ***
  • Posts: 57
Re: Vulnerability in CPF all versions.
« Reply #1 on: November 28, 2006, 03:07:32 AM »
Are you sure that VMware is not one of CPFs trusted applications.

It's Free. Forever. No Catch. No Kidding.

Offline Scott B.

  • Comodo Family Member
  • ***
  • Posts: 66
Re: Vulnerability in CPF all versions.
« Reply #2 on: November 28, 2006, 02:16:08 PM »
I am not allowing any connects to the net without a popup. I'm beta testing :)

btw, the installer error if you choose pro, hit next, and then back... the installer exits without letting you setup the firewall.

I have some screen shots now of my other problem which has been since beta 2.2... sometimes the firewall doesn't show connections, and that REALLY bothers me. so I attach some screen shots of CPF directly after booting and letting everything load up.

hope this issue gets solved, as I've been posting about it now for several months... so here is some proof if you don't beleive me :>


[attachment deleted by admin]

Offline AOwL

  • Comodo SuperHero
  • Comodo's Hero
  • *****
  • Posts: 2349
  • Comodo Firewall Pro - Be safe, use protection...
    • NordicNatureMedia
Re: Vulnerability in CPF all versions.
« Reply #3 on: November 29, 2006, 11:14:45 AM »
Do you have default rules in network monitor?
You said something about the installer exciting before you could set the firewall.

If I were you I would uninstall the firewall just to be sure.
Do a registry clean with Easycleaner or similar.
Install with "auto".
Reboot your PC
Do the "scan for known aplications". (security/tasks)
Do the "Define a new trusted network". (security/tasks)
If you want to have popups for everything, so you can set your firewall "tight", and also get popups for "trusted apps", you have to go to security/advanced/misc and uncheck "do not show alerts for apps certified by Comodo", and you should also raise the "alert frequency level" slider to the top.

Please post back when you have done these steps.

Offline pandlouk

  • I love Comodo
  • Comodo's Hero
  • *****
  • Posts: 2240
  • Retired Mod
Re: Vulnerability in CPF all versions.
« Reply #4 on: November 29, 2006, 11:25:28 AM »
I use VMWare all the time and the CFW detects the IPs of all the virtual interfaces.

Offline Scott B.

  • Comodo Family Member
  • ***
  • Posts: 66
Re: Vulnerability in CPF all versions.
« Reply #5 on: November 29, 2006, 10:35:26 PM »
Aowl: I uninstalled after the back arrow thing, and cleaned (I use Registry workshop to back my reg)  and re-installed. I did that right then and did not wait until now :)

I have scanned for known applications.

I use the slider already for the "tightness" of the firewall and I have it set to medium.

I'm preety familiar with the firewall now, been using it for many months.

I did not however define a trusted zone, and will do so and test for some days and see if that was my issue, thanks! :)

My further settings are like so.

In application behaviour analysis, I have all options checked.
In advanced attack detection and prevention buffer overflow detection is set to medium.
 Intrusion detection values are default and in misc I have all options checked.
In Miscellaneous menu, I have enable Alerts, and skip loopback connection checked.
Alert Frequency is set to medium, and protect own reg keys is checked.

thanks for help.

On a side note I noticed a post in another area about Nod32 causing some conflict, I am also using Nod32 2.7 (current version) and it has some new anti-stealth feature, possibly the 2 programs are conflicting in some way.

I'm due for a reinstall soon aswell, so I I will try everything again on a fresh install and see how that goes.



 



Offline AOwL

  • Comodo SuperHero
  • Comodo's Hero
  • *****
  • Posts: 2349
  • Comodo Firewall Pro - Be safe, use protection...
    • NordicNatureMedia
Re: Vulnerability in CPF all versions.
« Reply #6 on: November 30, 2006, 12:10:05 PM »
Ok, just let us know how it goes.
I have NOD32 2.5, and I can't find any conflict's, but the newer version might conflict in some way.

Offline pandlouk

  • I love Comodo
  • Comodo's Hero
  • *****
  • Posts: 2240
  • Retired Mod
Re: Vulnerability in CPF all versions.
« Reply #7 on: November 30, 2006, 07:51:17 PM »
I use NOD32 2.7 and works fine with CFW ;D

Offline Scott B.

  • Comodo Family Member
  • ***
  • Posts: 66
Re: Vulnerability in CPF all versions.
« Reply #8 on: November 30, 2006, 10:06:00 PM »
Ok, I have rebooted a few times now, and cold started once or twice. And I still get the blank connections screen.

Defining a trusted zone did however solve some problems I was having with updating my ip and some other minor things.

However, I do notice a couple of things aswell I still have issues with.

I don't get any popup when I receive an ident query. I still use IRC, I wouldn't allow the ident anyways, but would be nice to see a popup for this.

I get alot of bogon requests from a specific IP, I have blocked the ip in network rules, but the request comes through after a reboot, it only blocks the ip the first time I set it. Will attach a screenshot of PeerGuardian blocking this connection. (and no, it's not the isp's dns, already contacted them about it and this ip does not belong to thier domain.) I also get this on fresh clean install, so I have determined that it is not a malware present on my system.

as for Nod32 2.7, it now contains "anti-stealth" technology (rootkit detection), and I think that nod32 and the firewall both scanning each other at bootup causes a bit of a resource issue, although nothing major.

on a side note, when I use GMER or some other process explorer, I notice a process called "-----------------------" and I am curious if this is related to comodo firewall. the process tends to reside on 0x01000000 in memory.





[attachment deleted by admin]

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek