After Installing Comodo Pro3 Firefox.exe is still Running after Closing [HELP]

Hi All

Running Win XP SP2 Firefox 2 latest version & Thunderbird & Sandboxie. Threatfire Returnil

After installing Comodo Pro 3 this morning I am unable shut firefox down ie when I close it Firefox.exe remains in the process tab of Windows Task Manager. Sometimes there are two firefox.exe showing in task manager. It is also not possible to shut down firefox.exe via task manager.

I had no problems with previous Comodo Firewall version 2.41…

Yes I uninstalled previous version before installing latest version.

No I do Not have Poison Ivy Trojan on board.

If I uninstall Comodo Pro Firewall the problem goes away.

Can anyone help point me in the right direction how to resolve it please

Thank you

Terry

Hi All

Have isolated the problem but I don’t know how to solve it.

I am using KeyScrambler as an extension to Firefox. If I disable it there is no problem. Keyscrambler works fine in Firefox with Comodo 2.4.

KeyScrambler Enabled in CPF 3 stops firefox.exe from shutting down.

Is this CPF configuration problem or a bug. If the former how do I configure it?

I would suggest Defence+ rule for Keyscrambler is needed.
Also Threatfire is not compatible with Defence+.

Hi Shinobiteno

Thanks for your reply

I hardly dare ask this BUT, how do you do Defense+ Rule for Keyscrambler?

I am not that savvy on Firewalls in general and this new Comodo Pro 3 seems very much different. Can you explain in more detail what to do

Thanks

Terry

Hey, no problem. Even Dalai Lama was a noob.

Just a few questions:
Try to right-click on CPF, select “Defence+ security level” and write down here, to what setting it is set.
If its not to disabled, try to set it to disabled and after several seconds start firefox and close it.

In the case problem disappears, youll have to set up a rule for Defence.

Hi Shinobiteno

Thanks again or replying

I slightly jumped the gun. In between your reply I uninstalled Comodo PF3 and then reinstalled it without Defense+. Lo and behold everything is working OK.

So I believe this shows you are correct. I need a rule.

So how do I do a rule for keyscrambler. there is only an install exe but once installed thereis nothing with an exe in the program files. Can you talk me through the process please.

Thanks

Terry

Okay! I personally would STRONGLY recommend for you getting used to Firewall piece and only then explore Defence+.
For Firewall, please see my post here https://forums.comodo.com/cfp_beta_corner/cfp_3010238_beta_general_feedbackimpressions_not_for_bug_reports-t14006.0.html;msg100247#msg100247

Now for Defence+.
Defence runs in the background and is actually a “local, internal” Firewall. It can learn by itself (training mode) or can be configured. Defence is so potent, that it can actually prevent booting, if set up wrong(use Safe mode to disable it).

So, first you can allow some automatical approved apps to work, or you can do everything manually(I prefer it). To set behavior go Advanced->Defence Settings. And see general settings.
Monitor settings set what can D+ protect. To edit trusted vendors navigate Common Tasks->trusted Vendors.

D+ works with individual files, but it allows grouping as well. Go to My Quarantined Files->Groups to set them up!

D+ also allows to group rules(same as firewall), but Ill get back to it later.

D+ allows to protect any file, registry setting or COM interfaces. Normaly, it protects critical system files and comodo app. COM is a windows subsystem that allows distributed, component-based applications. DirectX is COM, for example.

The eye of the storm.
(Go to Image Execution Control)
Image execution is half of the core of D+. Firstly every application should start, before it does something. IEC allows you to select, what things will be watched on as they load into memory.
Default is .exe, but you can add .dll or even group as well. BUT DO NOT DO IT, unless you are ready to face millons of windows and settings. Although, if you are ready, you can control EVERY PART OF OS.

Rules.
(Go to advanced->computer sec- policy, doubleclick any program)
D+ allows setting rules individually or making rule groups (for example “allow all” for trusted).
You can form rule groups here (Advanced->Predefined sec polices).

As for the actual rules (what can be managed),there are two kinds of them->active (access rights) define what process can do, and passive(protection settings) that define what CAN BE DONE to process, i.e protection from outside. Rules are another part of D+ engine.

Active
For win32 apps normal actions include windows messages and computer monitor. For some that use keyboard - keyboard, although keyloggers can do it to. Some advanced programs use Interprocess mem access and hooks. Setting a driver, termination commands,DIRECT access to disk or physical memory can be very dangerous and usually are used by system or hardware-setup software. DNS and loopback refer to network communications, where loopback is talk and DNS- internet address resolution.

Passive
Passive it protection. From being used by other app, triggered, talked to or terminated. Look what settings comodo has, and youll understand it.

One more thing. For every rule group, or for every customized rule, you can add exceptions. Exceptions are automatically made when you press “Allow” and set “remember this” flag on D+ popup.

So, thats how defence+ works, you should also read manual and search for forums(there are a lot of nice people here :slight_smile: ) if you have questions, too! :slight_smile:

Back to the reality.
Thats my solution, although I STILL LEARN DEFENCE+, SO NO WARRANTY.

Install/Start D+. Choose the mode, that suits you (I prefer Paranoid, when everything is set up; and train otherwise :slight_smile: :slight_smile: :slight_smile: ).

Go to Common Tasks->My Quarantined files->group
Add new group. Name it “Firefox group”.
Add files:
:<Documents and Settings><Profile name>\Application Data\Mozilla\Firefox*
:<Program Files>\Mozilla Firefox*
Please browse and replace <> with actual values!

Click Ok and Apply.

go to Advanced->Computer Sec Policy. Press Add, FileGroups, Firefox group.
Now you have to expirement with settings. See my Attachment for things I recommend, but I cannot test em. So you have to find it out yourself! :slight_smile:

Hope my post didn’t make it worse :slight_smile:

[attachment deleted by admin]

Hi Shinobiteno

Thanks for your copious last post. Very much appreciated.

Followed your description to the letter (of how to make a Firefox group)

Then tried it. It did not work. Then I used your attachment to make Process access rights. Exactly as suggested. It did not work.

Then I made several permutations & combinations of these rights. These did not work.

What I have found out though is if I wait long enough circa 5 minutes the Firefox.exe does eventually finish after clicking on End in the Task manager. Its weird its as though its slow strangulation. Works perfectly without Defense+

Do you have any other suggestions please

Thank you

Terry

Training mode?

Hi Coolio

Tried training mode does not make any difference?

Thanks

Terry

Does anyone have KeyScrambler working with Comodo Pro 3?

Terrywood,

I have keyscrambler working on firefox 2009 but I can’t get sandboxie to work. It just refuses to delete the sandbox after closing the browser when I’m done surfing the net. What is your setup to get sandboxie and CPF3 to work together? I’m using xphome. We seem to be running similar software. As an aside, I don’t see how quaratining the firefox group is going to help any as per the advice from shino.

Hi Ahuramazda

I replied to this on your other thread by mistake. Sorry

I have XP home. Suggest you read your other thread for my full reply

Terry

A simple way is to add the Scrambler Folder to your Safelist (Defense+|Common tasks)

Hi Gibran

Thanks
Added Keyscrambler Program Files and Docs Settings/username/Firefox Profile/KeyScrambler to

My own safe files

Still does not work

Terry

Ouch :stuck_out_tongue:

Didn’t it trigger any Defense+ popup at all?

Hi Gibran

No not a bean

Terry

ps I would be a lot happier if I knew someone was actually using K/S with CPF 3 successfully

Hi Gibran

Another point I note that My Own Safe Files is for executables.

Assume that means .exe. In taht case none of the KeyScramble folders has an exe file in it (its an extension to Firefox) It does have a.dll file

Terry

You cann add dll files too.
I guess you should be able to add any protected executable extension.

Dough!!! :frowning:

Hm, that Keyscrambler seems to be a die-hard thing… I don’t use FX and Ks…
I am focused right now at another thing, so its ■■■■ bad I can’t test it.
Bookmarked the thread anyway, and going to return to it in a few days ASAP, to make it work.

BTW you can reset D+ and then try training mode, so D+ shows at least whats done with Keyscrambler.

I’m running Keyscrambler and have made no specific rules for it. D+ is set to ‘train with safe mode.’

XP Home.

When I installed COMODO firewall Pro last night I got the ‘Firefox wouldn’t close.’ I tried everything including Advanced Process Termination by DCS and even that couldn’t close it.

5 minutes or so later Firefox did close. I’ve since rebooted a number of times and have not had a repeat of Firefox freezing in the system tray/event manager.

Edit: I’m talking out my bum!! Just had a look and although Firefox shuts down it’s still in the event viewer.

In Process Explorer I copied the Stack

ntkrnlpa.exe+0x69c02
ntkrnlpa.exe!IoEnumerateRegisteredFiltersList+0xec
ntkrnlpa.exe!PsGetProcessExitTime+0x592
ntkrnlpa.exe!PsGetProcessExitTime+0x992
ntkrnlpa.exe!PsGetProcessExitTime+0xb6d
cmdguard.sys+0x28f5
ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xb14
ntdll.dll!KiFastSystemCallRet
!ExitProcess+0x14
!strerror+0x2b4b
!initterm+0x111
!exit+0x12
!jpeg_fdct_islow+0x27c5f
!RegisterWaitForInputIdle+0x49

Have no clue what it means though! ;D