This is day 3 with CFP. It’s performance seems to be stablizing, as if it is settling into it’s new home: my laptop. The only thing is it keeps asking for authorization for the same trusted applications over and over again. I appreciate the fact that it is thorough and if an application uses different ways of accessing the web it wants me to know, but I’d like to be able to say to it “whatever ad muncher wants to do is fine with me” so it doesn’t keep asking me. Is there a way to do that? I’m using the most current release.
Same here Sue. I’ve one e-mail client that has asked about 20 times in one evening!
Now, I don’t know if this correct, but what I did was looked at the entries for the app. and they were basically covering the range of TCP and UDP OUT. The bit that meant nothing was the Port.
So, I edited the one that had TCP Out to: Port, Any. This seemed to get rid of most of the alerts and also all of the other entries disappeared.
It’s now: Destination, Any; Port, Any; TCP/UDP Out.
My proxy server (The Proxomitron) is as above but In/Out.
I don’t know if this is A Good Thing™ but I’m sure that there’ll be an Expert along to tell us.
Thank you Peter for the validation!
I will retain your notes in hopes a CFP expert validates the approach. I don’t want to create any opening to be hacked, so need confirmation from them that Comodo will perform reliably with such settings.
One thing that is probably good to get out of the way is knowing what your Alert Frequency Level is set at. The default is Low (i think… i always install with custom selections and the frequency to Medium myself). If the level is jacked “too high” it will prompt you for every different port the application tries to use.
Another possibility is that a new parent has been used to launch the application. If I open IE from my desktop, the parent is Explorer. If I click a link in my e-mail that launches IE, the parent is the e-mail application.
Food for thought… (:AGL)
Well, I did have alerts set to Low but there were hardly any Apps listed.
Set it to High to find out what was connecting and glad I did.
IE, although I don’t use it, is invoked by some apps (Spyware Terminator uses IE for help and other reasons); also svchost.exe and System kept asking - both are now blocked.
Also blocked MSM and Outlook (automatically approved by CFP) and OE.
They’re the reasons for having High - everything works without the system files getting loose.
As for the Parents! What a nuisance. Why the hell do they keep changing? I usually click No and Remember, close the app that’s asked and re-open it, then it works anyway.
You definitely shouldn’t block either System or svchost. These are necessary for most applications running in a Windows XP environment. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started.
The parent check are there to tell you what originally started eg. Outlook or Internet Explorer. If something other than you, your mail client or a link in IE started a new IE session, you would like to know wouldn’t you?
The Comodo Firewall wouldn’t be much better than the Windows Firewall if you allowed all outbound connections. Malicious programs likes to install and masking themselves as a recognizable service, process or application and try to fool you into allowing them Internet access. Now if you removed the parent check in these cases, you’d be allowing all kinds of malicious behavior this way.
usually this wont happen, as you vigilantly look at the warnings being posted. This kinda reminds me of the old story about the “boy Shepard and the Wolf”. Cry wolf enough times and you wont notice the real threat when it hits you.
Keep tuning the CFP, and you’ll pat yourself on the back later for a job well done
I have had a somewhat similar senario. When I open IE from Winword or OE then the rule for IE with Explorer as the parent is somehow erased and I’m left trying to make a new rule then for my original IE. Sometimes the rule I make will not stay and sometimes it will. This is even with registry protection unchecked. The last time it happened I had to import the registry from a saved copy to make the rule stick. I still have not figured out what I am doing wrong here. Possibly you can give me some ideas.
Hi, you need to uncheck your OLE\com alerts if this is what you want. What I think you are getting is OLE automation, some application is using or has modified IE to access the internet. Correct? What happens is, apps on your pc that don’t have their own means of connecting to their server\home\creator, use\modify IE to do so. So even if you block this application, it may change using OLE and come up as a new app to comodo. So truly, CFP is doing it’s job but this app will keep changing by modifying a document. Well, most are safe but still should be watched to exactly what it is that keeps doing this. If all are safe, and you know which app it is, go into component monitor and block the dll of which one it is as well in application monitor. Also as stated, svchost.exe should not be blocked, many other things depend on it and it’s the others that cause svchost to pop up. What I suggest is either the above or figuring out what application is constantly harassing you using IE to do so. Really, and I mean no offense, but many blame the firewall when in reality, it’s doing it’s job, it’s what’s on the pc that is causing all the commotion. I have my alerts to low and leave my OLE alerts on but I am a stickler for detail. I don’t get that many alerts and believe me, I have a ton of installed programs. Anyway, if any of this was mentioned above, I apologize to whoever but I didn’t see it when I read.
Thanks Paul for your great explanation. I found out however that I had a different problem that was affecting CPF. I was going to do a re-install so I uninstalled all of CPF and then found that some of the registry entries were left behind and probably corrupted as they would not delete even in safe mode with administrator rights. I even tried a registry deletion utility that is suppose to get rid of stubborn keys. I did a system restore back to a time when I knew that it was working ok. I had CFP 126.96.36.199 installed then and it was working just fine. After the system restore I updated to 188.8.131.52 and my problem was solved. Thanks again for your help
You are welcome. I would mark this resolved but being i’m not sure Prazim’s issue is solved, I will leave it open for now or until another mod decides it’s resolved.
There is a way but you have to be careful using it and be aware of the implications. In the parameters for the application monitor rule for AdMucher, you can tell it to skip the parent. This will allow the app to run pretty much at will, but it does expose you a bit.
I would NEVER recommend this for a browser or an email app, but other apps MAY be OK, providing that you are confident that they can’t be used by anything malicious.
It’ll work, but do so at your own peril. This may sound bad, but it’s mostly me just covering my own posterior. LOL