I have been using Comodo for quite some time now. This morning, however, when I started my PC, Comodo started asking me for every application whether I wanted to grant Internet access! So I looked at the Network Security Policy / Application Rules list: It was empty! All my rules where suddenly gone! (I did a checkdisk on the partition: it is fine).
I don’t know how this can happen. I remember that Comodo froze at some point yesterday, but anyway, it doesn’t matter.
The question is:
a) How do I get the rules back? I have a backup of my whole system, so which file are the rules saved in and how can I resture them?
b) To prevent this for the future: Is there a way to export/import rules?
Edit by EricJH: removed the all caps from the subject
Thank god I also have a recent registry backup. Could you let me know which registry keys I need to import?
Also, I have another question: I wrote earlier that I now get asked again for every application that wants to connect to the Internet. EVERY application? No, I already found two that sneaked their way into the Application Rules List (with “allow from any Ip to any Ip…”), even though I never got asked: FlashFXP and Babylon 5.
I tried it several times with FlashFXP: Even when I remove the entry from the applications list, then restart FlashFXP and connect to an ftp server with it, I don’t get asked whether I want to allow it or now. FlashFXP just connects. And afterward there is an entry in the Application Rules List allowing FlashFXP to connect from anywhere to anywhere.
The “learning” is probably because your security level is set back to safe-mode…
I think it would be wise to boot in Safe-Mode, CIS configuration is stored in:
“HKLM\System\Software\Comodo\Firewall Pro”
“Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to re-install Windows to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.”
Did you change your CIS configuration yesterday? It could just be a change of configuration. Try this… Right Click CIS-Configuration
Change the configuraiton i.e. if it is in proactive security to internet security. Had you ever switched from one configuration to another, you will have that backup of that configuration in CIS (defense+ & network security).
If you change the configuration, in CIS, the ‘present rules’ are ought to go. But, the catch is, if you use internet security configuration for sometime and then proactive security for some time, the backups of them will return when you switch again next time. (I am not quite sure about proactive though).
Please do check this to ensure this is not the case with you.
[at]Ronny: You were right, I also think that the hanging of Comodo destroyed the registry values. I did not change the configuration, I’m always at “Comodo Internet Security - Updated - Updated”
Since CIS stores its rules in the registry System Restore would work as well. Notice that system restore works better from the installation DVD’s of Vista or Win 7, when using one of them, then when started from within Windows.
Should I understand that when I switch configurations I am also changing from one set of rules to another.
Should I now understand that upon initial installation there are no user defined permission rules,
and when the Firewall configuration is exported and then imported as Install/uninstalll this latest configuration has the same zero set of rules,
and consequently if the Firewall Configuration is normally used and actions “remembered” and permissive rules created they only apply to the Firewall configuration,
and as soon as I switch to Install/Uninstall I get back to the original default of full protection ?
Does this also mean that since I expect to normally use Proactive (or possibly Internet) Configuration,
then anything network/firewall related that I permit in Proactive will not affect the Firewall configuration rules,
and in consequence could I then install using Firewall configuration instead of using the Install/uninstalll configuration, which I guess I would no longer need to create.
Alan you totally confused me but this is how I understand things.
Each configuration option of CIS stores it’s own set of rules. If you run in Internet Security mode for a while and then switch to Proactive (or any other config), there will have to be a whole new set of rules created. If you then go back to the original config option, all the rules created while in it will be restored.
Feel free to correct me if I’m wrong. I don’t consider myself an expert.
You have concisely stated the concept I was trying to express.
A concept that is new to me and I just wanted to be sure I was not wrongly understanding something out of context. Thank you.
EricJH
I was tempted to bump my post, but some forums frown upon bumping as a sign of impatience so I refrained.
Thank you for your advice.
I will return to my original post soon, but right now the wife wants me to take her shopping, and this is a non-mask-able interrupt that must be serviced ! !
but this is how I understand things.