Author Topic: Comodo Firewall: Loads too late to provide boot-time protection  (Read 7297 times)

Offline VanguardLH

  • Comodo Loves me
  • ****
  • Posts: 192
Please see my existing discussion at:

http://forums.comodo.com/empty-t20715.0.html

From looking at some nasty pests and when they load, it appears they start before Comodo's firewall is even considered to start during Windows startup.  That is, and as examples, programs listed in the BootExecute and WinLogon event registry keys are loaded before CFP is started.  That means there is a window of opportunity in malware (or even with goodware but which you want to restrict network connects or access rights) to run before CFP could block it.  The firewall can't block the connect because the firewall hasn't even started loading yet (although I mention a possible technique in the other thread to kill networking until the firewall has fully loaded).  The HIPS function cannot restrict access rights to the program because CFP hasn't been loaded yet.

I've used other firewalls that had an option to disable networking until the firewall program got loaded; i.e., they provided boot-time protection.  CFP doesn't seem that have that level of protection or it is not documented.  For HIPS, CFP cannot restrict access rights to anything until it loads, and since CFP loads as an NT service then it loads too late to control boot-time programs.
Comodo Firewall 5.10.228257.2253
Windows XP Pro SP-3
(last updated: 05/13/2012)

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11703
  • Linux is free only if your time is worthless.;-)
Re: Comodo Firewall: Loads too late to provide boot-time protection
« Reply #1 on: March 12, 2008, 05:27:28 PM »
inspect.sys and cmdguard.sys are loaded as kernel level drivers to provide boot time protection.
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline VanguardLH

  • Comodo Loves me
  • ****
  • Posts: 192
Re: Comodo Firewall: Loads too late to provide boot-time protection
« Reply #2 on: March 12, 2008, 05:51:37 PM »
Thanks for that information.  Nice to know that CFP is protecting starting from boot-time (when the drivers load at the start of Windows load).  Thanks again.
Comodo Firewall 5.10.228257.2253
Windows XP Pro SP-3
(last updated: 05/13/2012)

Offline Madhav

  • Newbie
  • *
  • Posts: 1
windows wont boot in normal mode with comodo
« Reply #3 on: October 13, 2009, 09:36:12 AM »
Thanks for that information.  Nice to know that CFP is protecting starting from boot-time (when the drivers load at the start of Windows load).  Thanks again.
I was using comodo i feel its good ..but i reinstalled OS n so comodo..but windows wont boot in normal mode with comodo..When i uninstal comodo in safe mode n reboot in normal mode windows boots normally..

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13543
  • Retired - Volunteer Moderator
Re: Comodo Firewall: Loads too late to provide boot-time protection
« Reply #4 on: October 13, 2009, 10:00:32 AM »
Hi Madhav,

Can you please post your OS details.
Windows version, language, 32/64bit, OEM version ?
ANY other security software installed no matter if it's on-demand or real-time
Can you explain a bit more about the "won't boot, what are the symptoms how far does it boot ?

Are you using CIS 3.12 as installer ? and are you using the English language version ?
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek