I installed it the other day and ran an application wizard. it then told me to restart the firewall so all i did was x out and start it double click on the icon again. I then found no new applications to assign rules. Also, it doesn’t seem to care that I’m opening the application ad aware se personal 1.06 r1 or asking for an update of it.
Hey, lizard777, welcome to the forum!
I shall attempt to answer your questions here…
Restarting the firewall is not accomplished by clicking the “x” and reopening the application window. How to restart the firewall:
Right-click the CPF icon in your system tray; at the very bottom of the context menu you will see “Exit.” Click on “Exit.” It will warn you that Comodo will not be protecting your computer, and ask if you are sure you want to continue. Select “Yes.” This shuts down CPF.
Now click Start/All Programs/Comodo/Firewall/Comodo Firewall. This will restart CPF. That will activate the results of your scan for known applications.
I do not know for certain, but AdAware SE may be a “safe” application, already certified by CPF’s program. Any program in CPF’s safelist (comes from Comodo this way, not something you have to input) will be allowed as long it is doing a straight, authorized connection to the internet (not OLE Automation, or some other unauthorized connection type). You can change this by going to (in the CPF application) Security/Advanced/Miscellaneous, and unchecking “Do not show any alerts for the applications certified by Comodo” (this will be the second box from the top, under Firewall Alerts).
You also want to make sure that on the main window of CPF, that your security level is set to “Custom” rather than “Allow All.” Apparently some super-clicking (especially around the tray icon) can cause us users to inadvertantly change the slider…
See what happens once you “officially” restart CPF.
Hope this helps. Any more questions, please ask.
thanks. it worked.Although, it has found a VERY limited amount of applications on my computer. it has only found cpfupdat.exe, firefox.exe, iexplore.exe, and msimn.exe. I have many other applications. Why did it not find them. Also, when the new apps are put in are they supposed to ask you what you want to do or do you just do it yourself
Good, I’m glad that worked. I don’t have all the details, so I don’t know what CPF looks for. I do know it only searches thru “Program Files” and “Windows” for pre-determined programs/applications (it has been suggested that for future versions, it search for all internet-capable programs). So what shows up on each person’s computer will probably vary to some degree.
Here’s what you’ll typically see happen. Let’s say you have Acrobat Reader installed on your machine. You open it, and you allow it to update (or it does it automatically…). It’s not on the list. CPF will provide you a popup (as long as your “Alerts” are enabled - Security/Advanced/Miscellaneous, top check-box) that AcroRd32.exe is attempting to connect to the internet using *.exe (probably firefox.exe or explorer.exe). You know this is supposed to happen, and you want to Allow it to happen. On that same popup window, in the lower-left corner, is a little check-box for “remember…” if it is selected, that will create a rule for that application to be allowed or denied (depending on your response) - which you can later edit as you like. If it is not selected, CPF will allow or deny it for that instance only.
Thus, in our example, if you know that AcroRd32.exe will need to periodically update, but you don’t want it to have free rein to do as it pleases, you can uncheck the “remember” box. Then it’s only allowed for each instance you let it connect. Alternately, you can “remember” and “allow” then edit the rule for CPF to Ask you each time. (Security/Application Monitor/click & “Edit”, under the “General” tab, change “Action” from Allow to Ask.)
If you have Application Behavior Analysis (ABA) enabled (Security/Advanced/Application Behavior Analysis), CPF will keep track of material changes to your applications. We’ll keep using Acrobat Reader for our example. Let’s say you have a rule to always Allow AcroRd32.exe to connect using firefox.exe. Now you update Reader from v7.0 to 7.1. If this changes AcroRd32.exe (even tho the name is the same), CPF will trigger an alert that the program has changed, do you want to allow or deny. If you get a virus/trojan that integrates itself onto AcroRd32.exe and tries to use that to connect to the internet, CPF will alert you that a change has occurred. If AcroRd32.exe tries to connect using explorer.exe (rather than firefox.exe), CPF alerts you. If AcroRd32.exe, well the list goes on (all based on ABA).
It’s part of what makes CPF such a strong firewall. Most firewalls, if they monitor and recognize that a program has changed, may provide an alert, simply telling you that the app is connecting; they don’t tell you how it’s connecting, or what has changed. You think, “well of course, didn’t I tell you that before” and you allow it. When CPF does it, it’s because something has changed, and you need to make sure you want to continue to allow it.
There is another thing to keep in mind regarding this firewall…
Network Monitor (aka, Network Control Rules) controls how your computer is allowed to interact with the internet, and vice versa.
Application Monitor (aka, Application Rules) controls how each application is allowed to connect to the internet within the boundaries defined by the Network Rules.
Component Monitor (aka, Component Rules) controls how the individual components that make up an Application are allowed to connect thru the application, in the context of the Network Rules. (this is a very large list, in alphabetical order)
So you can actually control an application’s connection down to the component level. For example, I use Firefox, and have FirePhish installed as an extension. FirePhish.dll then becomes a component of Firefox. If I decide I don’t want it to connect, I can go into Component Monitor, find FirePhish.dll, and change the “Allow” to “Block.” Firefox will still connect, but FirePhish will not. This could be handy if I suspected it was infected somehow, and couldn’t remove it/didn’t know how/etc, but I didn’t want it connecting until I could resolve the issue. I can block it.
I’ll leave it at that for now, before I make your head explode…