Adobe gets through firewall despite block rule

The problem:
AdobeUpdater.exe connects to the Internet and starts downloading updates, although this exe is explicitly blocked in the network security policy. This seemed to work for the last months and if I check the log, it was blocked seven days ago and before, but today it just started downloading every time I use the Adobe Reader.

System: WinXP Sp2
FW version: 3.0.18.309, Custom Policy Mode

This also happened with an early 3.0 version, where I had to reinstall comodo in order to get it blocked again.

After using the search, only one thread mentioned some white list in the old 2.4 version of comodo.

Is there still a hidden (I cannot find any option) white list in 3.0?

Anyway even a white list would not explain such behavior; so why does an application suddenly get through the firewall after it was always blocked for months? I did not install any programs in the last days or changed any options in comodo.

It is whitelisted. Just uncheck auto update in Adobe. Also get rid of Adobe and use Foxit Reader. Its a million times faster.

Foxit reader is the way to go… but shouldn’t it ask whether it shud be able to connect to the internet even if its on the whitelist?? the whitelist only works as long as u have set firewall to train with safe mode??

Try removing all rules first in firewall and D+ then reboot. Rules for Adobe that is.

@Vettetech
Can I see/modify the whitelist in 3.0?

The whitelist does still not explain why the rules are suddenly ignored, although nothing has changed.

@StarryKnight
As I said, comodo asked months ago what to do. I blocked adobe and it worked fine until today. (Same happened with older comodo version, see first post.) I had always Custom Policy Mode.

Since version 8 of the adobe reader, it does not seem to be possible to deactivate the update permanently.

@Foxit remarks
You are of course right, but I have to use the ■■■■■■ Microsoft/Adobe stuff to avoid compatibility issues with my business documents. Can’t risk any errors here.

Edit: I just checked it again… Adobe is now blocked although I did not change/restart, just posted here and was afk in the meantime… this is now really odd. And yes, Adobe definitely downloaded stuff an hour ago, checked it also with Tcpview.

You should be able to shut the auto update off. Go into services.msc and disable it.

Thanks for your efforts Vettetech, but I don’t care about the auto update. I would like to know why a program could suddenly get past comodo.
Despite the program name, I have no other info. A bug report would be therefore pointless. Should I look for a specific issue if this happens again, so that it gets fixed?

Did anyone else experience similar leaks?

What are your rules for the Adobe Reader? Try blocking outbound TCP for it. CFP seems to vary in its understanding of how rules are inherited and may not block adobeupdater unless you execute it from Explorer. Why it would change from time to time is beyond me. ???

It was always the standard: block / IP / out / any