I've seen issues on this board before w/JNLP startup. Something pertaining to the splash screen. The suggestion has been made to disable the JNLP splach at startup via -Xnosplash.
Check out this link where the problem is discussed:http://www.shankh.com/2008/12/14/java-web-start-jnlp-splash-recv-failed/
The JNLP protocol, defined with an XML schema, specifies how to launch Java Web Start applications. JNLP consists of a set of rules defining how exactly to implement the launching mechanism. JNLP files include information such as the location of the jar package file and the name of the main class for the application, in addition to any other parameters for the program. A properly configured browser passes JNLP files to a Java Runtime Environment (JRE) which in turn downloads the application onto the user's machine and starts executing it. Frankly I don't believe this to be a CIS prollem, nor do I have any prollems w/splash screen at startup; my D+ setting is 'paranoid', firewall 'custom' (alerts: high), conifig: proactive. Unfortunately for virtually every
reference to this issue on the internet: Comodo is implicated.
All support threads concerning this problem on the internet suggest making javaws.exe a trusted app. However, that's not universally efficacious (nor do I have javaws.exe configured as trusted). I suspect something is timing out in the JNLP streaming class - generating the popup - because of a delay in CIS alert (it almost smells like a race condition).
Given the first link you provided I'm inferring you have the JDK installed. In that case, the Java environment vars are important for proper JDK functioning. Secondly, you need to ensure that only one version of JRE is installed. A version of JRE is packaged w/the JDK installer (unless you have the JDK stand-alone version - or don't install the JRE embedded in the JDK installer). And unless you're paying attention, a version of JRE may already be installed when installing the JDK. That may
be a source of problems here. You may try doing a clean install of the most current JRE.
Below are important Java environment vars:
JAVA - %PROGRAMFILES%\Java\jre6
JAVA_DB - E:\Java_DB
CLASSPATH - %JAVA_DB%\lib\derby.jar
the first two are referenced below (if you don't set them properly, there'll be double slashes for the Java paths shown in cmd: 'set'):
Path - .;%windir%;%SYSROOT32%;%SYSROOT32%\Wbem;%JAVA%\bin\;%JAVA_DB%\bin\
(ensure that implementation specific path's for your system are appended to the above string - delimited with ';')
With regards to %Java_DB%, the JDK installs a version of Derby, i.e., the Java DB, silently
into the default JRE install folder, i.e., %JAVA%. Unless you need
the latest version of Derby, the default one should be gutenuff. However, it doesn't need to be there
; I just moved it (and changed the env var accordingly). Although you may never do anything with Java DB, just be aware its already there if you've installed the JDK.
For CIS, I've found that javaws.exe, javaw.exe & deploy.jar require the following rule:
Allow TCP out from in [local_0] to [local_127] src port any dest port any (where local_0 & _127 are loopback addresses: 0.0.0.0 & 127.0.0.1 respectively).
Moreover, CIS will prompt you for connection to IP address by both javaws.exe & deploy.jar that are particular to any arbitrary JNLP. You can choose to make specific allow rules, or allow manually when the alert pops up.
Furthermore, the shortcut that gets created for these JNLP's points to folders that live in the Java temp folder. You can maintain that in the Start, settings, Control Panel, Java console. Something you periodically want to do when JRE updates occure so as to ensure the java quick start is disabled.
BTW: thanks for those links. Excellent resources to have for canibalizing code.