Hi,
What are the advantage of the CPF rules are on the registry, and not in encrypt xml file for example?
How do you protect the registry rules?
Regards
Hi,
From version 2.3.4.45 there is an option you can select (on by default) for Comodo to protect its registry keys and folders. These can’t be deleted or altered at all.
If you open CPF>>go to security>>advanced>>select configure under miscellaneous section>>at the bottm you will see the option to protect reg keys and folders.
Mike
Hi Mike,
I know that, but I would like to know the advantage of use the registry instead of an encrypt file.
Regards
Mike, for any reason, couldn’t this be related to the fact that Windows Security Center is not recognizing Comodo in my computer anymore? Some Windows Registry that should be ‘changed’ and it’s being blocker by CPF itself ???
Hi, tech…
As I have posted to others, Windows S C will not always detect even with if you had a previous version that was detected. This happened with my anti-virus, old was detected, new is NOT. But it is functional.
Please look at the link and scroll down as well to tweak firewall…read down a couple of paragraphs,
http://www.pcworld.com/article/id,117422-page,1/article.html
Cheers,
Paul
Hi,
I don’t think this is the case - or wouldn’t everyone have this problem?
I’m not sure, but I think the update next week is set to fix this.
Mike
Hi Mike, I have been through extensive debates with others over this issue, even some professional beings from other sites cannot get WSC to recognize Sygate, Norton (sometimes) and many others. This is in fact a WSC issue and not Comodo. I have proved this to a few already, an exhausting task.
However, Microsoft does not have newer versions of software in their detection system and they need to get that taken care of. JFYI… 
Cheers,
Paul
Ok, thanks for that information Paul.
Mike
Let’s stay on topic
Vampiric, while your queston has not been answered yet, there were no blatant attempts to simply mingle here and degrade your queston and another valid question was asked as well and answered as well, I would think that if that badly off topic, Mike would have in fact put a stop to this as he is a moderator.
Cheers,
Paul
CPF protects its own keys(settings, service keys etc) from malware tampering. Thats why for example, many users fail to import their old settings.
This behavior can be modified with Security->Advanced->Miscellaneous section.
Egemen
I think that the whole problem is the 2º question. Sorry.
So I will make only the 1º question:
What are the advantage of the CPF rules are on the registry, and not in encrypt xml file for example?
It would be slower and redundant. you would need such an encrypted file if the firewall is a network firewall which does not have any control on application behavior activity.
Egemen
I know that the registry is faster than the access to a encrypted file, and if you garantee that the rules are very well protected…
Thanks for the explanation
Hi,
I am running CPF 2.3.5.62. The option to “protect own registry keys and files” is enabled.
I wanted to test this function to ensure that it was working correctly and that CPF was safe from tampering on my system.
Using jv16 Power tools I was able to strip the registry of all entries relation to CPF. All the settings were removed. Upon reboot the firewall had been effectively disabled and I was not protected.
From this it would appear that the self protection is not working effectively. How can I stop this from happening in the future?
Paris
Paris, your results are not what I like to hear but they are surely relevant. This got me thinking about the file protection…
I was able to delete cpf.exe with a “file removal tool.” Equally as bad as your result but that was the result. I double checked the Comodo directory; cpf.exe is gone after a reboot. No functioning firewall, just the remnants in the directory.
To be fair to CPF, when following prompts from the “file removal tool”, I had to allow a service to be stopped.
It should be cmdagent.exe. When stopped, those protections are disabled.
Let us try to use that tool and fix if anything is wrong.
Thx for the feedback,
Egemen
Hi egemen,
CPF was running at the time and the only prompt it gave, and it really doesn’t give any indication as to what is going on, CPF asked if IE has permission to access the net on port 80.
It is normally set as such in the Applications Monitor, but occasionally it forgets the rule or asks when switching between graphic popups on a couple of photoshop sites. So I had no real reason to deny the request or to suspect that something was happening in the background.
I still have the entire backup file jv16 made, if you are interested.
Please don’t misunderstand me, I like CPF, I also like to make sure software is doing what I expect it to do, especially when it comes to security.
Cheers,
Paris
Just to clarify, the first 2 popups were from removal tool tool that said:
Do you want to remove cpf.exe - next?
To remove cpf.exe file successfully you must stop the following processes: CMDAGENT.EXE, CPF.EXE - continue?
Third popup was from Comodo Firewall:
Comodo is going to be closed. If you are uninstalling or upgrading press yes.
I originally thought all 3 popups were from the removal tool when in fact Comodo had the last say on the removal. Obviously, I did not pay attention. I apologize for any confusion. Comodo was in complete control of its’ file protection the entire time.
CPF sure has developed into one of the best firewalls available.
Thanks