Version 2.4.18.184
win Xp sp2 home
Spyware sweeper 5.3 w/AV
Installed CFP and net connectivity worked fine; including firefox–the browser now not connecting to net (I lowered the settings to firewall off and then poof firefox works fine so I have connectivity; also seamonkey works just fine.)
This firefox app denial behavior happened when I denyed firefox (security message said an OLE request by Openoffice to access the net through explorer.exe) ; I did NOT check remember. It seemed from the security message explanation I was trying to prevent ONLY Openoffice from getting net access. After this firefox wont get net access. BTW open office or explorer.exe is not in the application control rules.
I looked to try lower the restrictions for firefox but the restrictions were all set to allow!
In any event why isnt there another temporary request coming up to allow since I did not check to remember?!
So I removed the firefox entry in the application monitor; then try firefox. Comodo does not ask about firefox but just still blocks.
So I add firefox to comodo application monitor manually TCP/UDP+IN AND OUT+ANY PORT/IP. Firefox still doesnt work. Allow all activities; still doesnt work.
Turn off component monitor; still firefox does not work.
turn off application monitor; NOW firefox works.
CONCLUSION: application monitor does not work right?
Another/same ODD message: APP seamonkey.exe “trying to connect to the internet” to tcp 80 and under “security considerations” it says openoffice soffice.bin is trying to link to through OLE to explorer.exe. Under the log of this event it says that parent application is c:/WINDOWS/explorer.exe. This is quite confusing. Is explorer.exe a parent of the application seamonkey? (Seamonkey is not even set as default internet browser.) Does openoffice use explorer.exe to link to seamonkey to access net? And yet another messages states that soffice.bin was trying to access net though OLE through seamonkey; I allowed so i could post this message.
BTW, I am an advanced novice and have decent familiarity with networking and firewalls. I have used Zone Alarm in the past and it seems to be more intuitive and has always worked but the free version has not tested well. If this was zone alarm it would have asked if openoffice should be allowed not firefox or seamonkey. Also if I feel compelled to allow anything that asks for net access–even openoffice–out of fear of denial then a firewall is not useful. Unless I just allow everything I can just unplug the network cable to have the same effect as CFP? I must say after 120 minutes of troubleshooting and searching for an answer on these forums I do not have enough lifetimes to test out non-beta beta software; please level with me is this firewall still in the guinea pig stage?
I shut down firefox, clicked always yes to allow, and now it works–so it definitely was a bug. The “special messages” are now saying that firefox “an invisible application” wants to connect to the internet. What does invisible in this context mean; seems odd firefox is considered invisible. I am finding these “special messages” odd in the popups. In addition firefox in application control has 4 entires, three have the parent path of firefox.exe, 1 has the parent path of c:\windows\explorer.exe (similar to my message above noted). Is this normal? Perhaps the whole concept of parent path needs clarification. If I the operator of the firewall am unclear about this whole implementation of the parent path then I wont know when to permit or deny properly. Perhaps there needs to be an advanced tutorial on the subject of “to permit or not permit–that is the question” as well as a detailed explanation of these “special messages.”
G’Day OneEarth and welcome to the forums
Did that myself last night (accidently hit the deny button), this requires the browser to be restarted.
I have 6 firefox entries with different parents. All known safe programs.
It sounds like you’ve experienced an alert for Application Behavior Analysis; probably a COM/OLE Automation alert. These are a separate issue from Application Monitor.
I realize they are confusing. Here’s the basic premise: In Windows, applications communicate and share resources behind the scenes on a regular basis. No cause for concern. If one of the applications is connected to the internet, then both are; in a way. CFP monitors these things, because this type of stuff is utilized by malware as a means to get out of your computer, and connect to the net… this is true even after an application is closed.
Once version 3 comes out, these alerts will be greatly reduced, due to the huge safelist it will be using (if both apps are in the safelist, you won’t get the alert).
In the meantime, if you recognize both, it’s generally safe to Allow. If you Deny, CFP deems that you are compromised, and will block both applications for that session. Typically closing the browser and reopening will be sufficient. In the case of an OLE Automation alert, that doesn’t usually work for me; a reboot is far more effective to clear the memory. If you Allow (without remember), it will also be for that session only.
To quote Comodo, “it’s not a bug, it’s a feature.”
Thanks. Gee I never realized I should have been grateful for all those “features” in Microsoft products over the years. (:LGH)
I still think a good centralized wiki for CFP would be helpful; I cant tell you how frustrating it can be to try to find help for complex problems on boards that dont fit into narrow search terms.
One could do a version of the mac/pc commerical for comodo I guess. Allow or deny. . .
I guess the challenge is to design a firewall that someone with basic knowledge and an IQ of 100 could operate effectively; one reason I skipped the jetico v1 product. I guess late at night my IQ is definitely not much over 100. (:LGH)
Creating a secure, but user-friendly firewall is definitely a challenge, I think. They’re trying.
I don’t think I’ve seen any other FW create the kind of security CFP does; probably why so many folks are confused.
Don’t worry about the IQ issue; there are those claiming far higher, than have been stymied by CFP! It’s very different. FWIW, the ABA alerts (especially OLE) used to be highly invasive. Based on user feedback, they made a lot of changes to the way CFP monitors and reports such things, and toned it down a lot. V3 should be even better. Per the dev team, if we get such an alert with v3, it’s either malware, or a very obscure application.
BTW, the search feature used to be better. A major site upgrade earlier this year, uh, “broke” it; it hasn’t been the same since. Hopefully there will be a fix soon. Unfortunately, Comodo is at the mercy of the forum software company’s dev team on that…