Why does BoClean change its executable name every version step? It is annoying that I always have to tell CPF that now there is a “new” trusted application.
It would be easier if CPF just had to detect that BoClean has changed and that the existing rules should apply now also for the updated version. Am I the only one that is annoyed by that?
I cant see how it should be different…
if you download a new version of another program you would need to give that program access to the internet to…
if we not needed to give the new version access, what if you then get malware that use a program to get access to the internet, and the firewall just thinks “hey its just a new version, so i wont ask”
and then suddenly your computer is a part of a bot-network, or something else.
If you dont want a firewall that ask then you should get another firewall…
and you could probably just in your firewall edit BOC423.EXE to BOC424.EXE and skip parent check, and allow all activities for this application. Then i dont think you have to allow new things for BOC424.EXE
But i like it ask, thats why i love this firewall. every little change in a program, and i have to allow it, before it can connect to the internet…
Perhaps I didn’t make myself clear: Exactly that BOC423.EXE vs. BOC424.EXE is my problem: If it was named only BOC4.EXE CPF would (after an update) only tell me: “BOC4.EXE has changed, do you want to allow it?”. Then I can answer “yes” and CPF knows that I know about the change in BOC4.EXE and keeps the rules for BOC4.EXE as it was before.
However, when the new file is named BOC424.EXE I can’t tell CPF “this is the same as BOC423.EXE”, I (and CPF) would have to treat it as an entirely new program (going to the application monitor dialog and all that), which it isn’t: It’s just a new program file for the exact same behaviour than before.
I hope my issue is clearer now.
Perhaps someone else does?
Or is this renaming intentional? What benefits does it have?
All my fault … we’ve been doing that for years now since despite providing version information on the right click tab for the program, folks don’t know what version they have when a new one comes along. By integrating the version number into the filename itself, makes it easy to spot. Sorry for the inconvenience there with the firewall, but we do want to make sure that a new version gets noticed. I believe, based on what I read elsewhere, that this has been sent along to the CPF folks as well for review …
Thank you for your answer. If BoClean could talk to CPF and do things automatically, I wouldn’t mind the filename. But I fear that this could introduce a new attac vector for malware targeting CPF.
Well, let’s see what time brings…
If you open the alpha of CFP V3 and look at the static “Tip of the Day” in the bottom right hand corner, it says “Did you know you can use wildcard characters when defining file names?” Going by that, we should be able to define a policy for BOC*.EXE.
Guess they were listening.
Personally, I don’t plan to use wildcards for application rules, as I feel it is far too loose. Using the above example, would malware called BOC_QWERTYUIOP.EXE get treated with the same priveleges are BOC424.EXE?
I would much rather get an alert, whether it was generated by an update to an existing appliaction or by a new version with a slightly different name. It’s not like we update the file version every other day. Just MHO.
Hope this helps,