New user of Comodo Firewall, just installed version 2.3.6.81, replacing Sygate Personal Firewall on my WinXP Pro sp2 system.
I’m getting some weird (to me, anyway) data on the alert popups. See the attached image for an example. It’s the “Security considerations” I’m asking about.
Agent has already been given permission to always use the connection. Yet, seemingly randomly, out of the blue, in a later automatic mail check I got the below alert. And this isn’t the only example. It did the same thing earlier only with “CTWave32.exe” listed in the “Security Considerations” section - that program was open, I was editing a wav file in it. Agent and CTWave have nothing to do with each other.
I also got something similar loading Firefox (version 2.01).
It looks to me like Comodo doesn’t really know what applications are related to what, and what is calling what.
This is a known issue, and the dev team are working on it. I asked this the other day, see here: https://forums.comodo.com/index.php/topic,5274.0.html. Read that and then follow kail’s link to egemen’s post. That should give you what you need.
On FireFox. You will notice that FF is wanting to act as a server, as far as i know this is normal in version 2, however, you will also notice that the IP where it is acting as a server is only localhost, therefore there is nothing to worry about because apps on your system use that all the time to communicate to each other. When you get a message relating to FireFox, click remember, and then allow. You shouldn’t get any more then.
Thanks, it helps somewhat to understand what’s going on. But not why Comodo thinks that two unrelated apps that just happen to be running at the same time are trying to talk to one another. Unless that’s the bug?
On FireFox. You will notice that FF is wanting to act as a server, as far as i know this is normal in version 2, however, you will also notice that the IP where it is acting as a server is only localhost, therefore there is nothing to worry about because apps on your system use that all the time to communicate to each other. When you get a message relating to FireFox, click remember, and then allow. You shouldn't get any more then.
Maybe I shouldn't have mentioned Firefox.... :) I mentioned it not because I had a specific question about it and Comodo, but as another example of the misplaced "Security considerations" of something unrelated being tagged as trying to use it.
Thanks, it helps somewhat to understand what's going on. But not why Comodo thinks that two unrelated apps that just happen to be running at the same time are trying to talk to one another. Unless that's the bug?
Yep, sure is. As egemen said, you don't need to worry if you know the app, its only if you don't that you should deny.
Maybe I shouldn't have mentioned Firefox.... :) I mentioned it not because I had a specific question about it and Comodo, but as another example of the misplaced "Security considerations" of something unrelated being tagged as trying to use it.
oops, sorry :-[ I thought, since you said similar, that you meant the server thing. But at least now you won’t wonder whats going on if you see that popup
That’s well and good, but unfortunately, I still get the security alerts. I’ve already reduced the alert level/frequency from “Medium” to “Low” and turning them off is not an option (for me, even if it is technically an option in the software).
The fix for this cannot come too soon. Depending on how annoying this gets, I may wind up abandoning CPF in favor of something else, like Jetico or Kerio.
Lets hope it doesn’t come to that. Jetico is apparently very difficult to configure if you don’t know a lot about security and protocols. Plus, it seems their website says the last update was 3 years ago to a beta which doesn’t appear to of been released.
It does however score well in the leak tests, however, its just not quite as good as Comodo though (R)
It has. Not by itself, though. Something I hadn’t mentioned here yet was that a couple hours after installing CPF, my system was brought to its knees, twice. CPU pegged at 100%. The first time I was able to regain control, the second time I was not and my system blue-screened with a “STOP” error. CPF was the only change to my system.
I asked for help elsewhere, and was referenced to a couple threads back here which essentially said to make sure that svchost.dll has permission and to disable the dll cross-checking. The first was already done, and I did the second.
Yesterday, my system was again brought to its knees twice. First time I was able to regain control by killing the explorer.exe process and then rebooting, the second time I couldn’t kill or shut down anything, the only control that worked was the power button on the face of my computer case. IMO, this is a fatal flaw and even if it can be configured around, I shouldn’t have to.
Jetico is apparently very difficult to configure if you don't know a lot about security and protocols.
Jetico was installed and removed within an hour. It's even worse than CPF when it comes to which application was actually trying to use the connection, I had to allow everything in order for anything to work.
I’m now giving Sunbelt/Kerio Personal Firewall a trial.
And for the record, in case I neglected to do this before, while my system isn’t cutting-edge, it’s no slouch: WinXP Pro SP2, Asus A8N series mainboard, Athlon64 3500+ CPU (2.2GHtz), 1024MB DDR RAM, MSI/nVidia GeForce 7300GS PCI Express video w/dual monitors. AV is Avast!, real-time on-access scanning is disabled, I do spot-scans of anything I download instead.
If you have the time and are willing, it would be very helpful if you could provide the exact STOP code/error message that was given, and possibly your minidump file as well. This will give the Comodo folks information as to what specifically has happened.
In addition, there may already be a solution for it, of which you’re not aware.
I understand if you have given up hope for CPF, and just decided to move on. Sad, but I understand nonetheless. If on the other hand you are willing/able to help, that would be great.
By the very nature of the error, there are no logs. And all I was able to capture by eye of the BSOD was the fact that it was a “STOP” error, I was unable to note down the complete error code sequence before the system restarted itself.
I understand you could not read the stop error. If you locate c:\windows\minidump, the BSOD should have created an analysis of the crash.
There have been some known issues with users of daemon tools or alcohol 120%, triggered by an interaction with CPF; they have been resolved with current beta testing.
It may be that, or another issue; the minidump file (Windows, not CPF) would hold the key. Provided, of course, that you have Windows set to record the dump file…
what other security software do you have installed? According to this memory dump, the Windows kernel(ntkrnlpa.exe) itself crashed. This is not CPF.
I recommend a full memory fault checking with the tool you can find at http://oca.microsoft.com/en/windiag.asp
No other firewall was installed, if that’s what you mean. I had already uninstalled Sygate and rebooted before I installed CPF.
Antivirus is Avast!, real-time scanning off, web and IM scanning are on. The problems may have manifested when clicking on a link in my mail client to launch Firefox.
The WinGPG distribution of GPG is installed with shell integration enabled, but the main UI is off by default, as it interferes with my OSDs, I only launch its main UI when I want/need to de/encrypt messages or if I need to access the keyring (very rare).
AdAware SE and Spybot S&D are both installed, with no real-time scanning on either, they are used on-demand only.
I recommend a full memory fault checking with the tool you can find at http://oca.microsoft.com/en/windiag.asp
I don't think I have any such problems, but I will download and test. If nothing else, this is another diagnostic tool for me to recommend to others in my job... :)
