I used Comodo Firewall for some weeks now.
Today I recovered that the “firefox” entry in the “application control rules” has vanished.
(A new game installed “Sudoku Imperial”) was able to connect to the internet through firefox without CF asking about that. That strucked me and I got suspicious…
After I put that program manually in the list (block) I saw that the firefox entry was gone. There were two “empty” entries in “application control rules”.I tried to delete both, but one always remained.
After that I could not go online with firefox. After logoff and login I was asked again what Comodo Firewll should do with “firefox”.
I allowed firefox (again).
I’ve attached a screenshot to this posting showing this empty entry that could not be deleted.
The program name is empty and it always says “allow”.
I could not delete this entry - deleting it just makes nothing - or change it to “ask” or “block” cause the Firefall says “please select a valid application name”
Now everytime I restart firefox the Comodo Firewall has forgotten the settings
I always tick the “Remember my answer for this application” and allow firefox “to act as a server” and “connect to the net”, but CF always forgets that. And firefox never appears in “application control rules”.
I even tried to manually put firefox in the “application control rules”, but that won’t work either.
At the beginning of using CF firefox always appeared there.
That sure sounds suspicious to me; it would have my hackles raised if that happened on my machine. The fact that it happened right in conjunction with the installation of software, plus the “requirement” of having to allow all activities for FF in order to keep the rule… Doesn’t look good.
Have you gotten any popup warnings from CFP, regarding changes to FF or anything? Did you have to reboot after installing Sudoku Imperial? Have there been any other changes to your system, or any indications of trouble?
I’d also watch the Activity/Connections tab, and use a free tool like TCPView to resolve those connections, to know what is connecting, and to where. With TCPView (and other similar tools) you can terminate individual connections, if you determine that it’s something you don’t want.
But Maybe the reason was when I installed SeaMonkey. Maybe these two thwart each other?
Have you submitted a ticket to Support? http://support.comodo.com/ I would do that, to rule out other errors/problems.
I did it just now. I tell the forum what will result there. Maybe I ask a security forum (the german forum at http://www.digital-inn.de - board “Viren und Trojaner”) as well.
Have you gotten any popup warnings from CFP, regarding changes to FF or anything?
Did you have to reboot after installing Sudoku Imperial?
Have there been any other changes to your system, or any indications of trouble?
Yes as I mentioned above the trouble with firefox and NoScript.
I'd also watch the Activity/Connections tab, and use a free tool like TCPView to resolve those connections, to know what is connecting, and to where. With TCPView (and other similar tools) you can terminate individual connections, if you determine that it's something you don't want.
TCPView only says: Firefox, svchost, the avguard (Avira Antivirus) and “System:4”
ActivePorts finds a process “Unknown”:
“Local Adress: ‘PC-Name’:18350
Remote Adress: localhost:1261”
But that’s not really a remote address, istn’t it.
I don’t know why seamonkey and firefox would conflict, but it is computer software, so I guess anything is possible.
Keep an eye on the IP connections listed for firefox; do a DNS/WHOis lookup on them if needed, to resolve the address. If it’s not something you’re actively connecting to (or one of your FF addons), you can always terminate that connection using TCP View.
Yes, localhost is not “remote” in the idea of being another computer. Normally these will be “system” or “svchost” connections; something used by Windows, rather than “unknown.”
Do keep us posted on the response from Comodo Support, and any security forum you join.