I don’t want acrobat reader go out to Internet, so I’ve defined the following:
one ruleset (let’s call it “allblocked”) that blocks everything (tcp, udp, in, out,any adddress or port)
one application rule for “AcroRd32.exe” with a custom rule set, which is “allblocked”
firewall is in mode “Custom ruleset”
However, every time I open a pdf document CIS asks me what to do: allow, block, treat as.
If I choose “block” it adds the pdf file I was trying to open as an “application rule”, so I have to block every document I open.
I may open thousands of pdf documents, do not want one rule for each one.
What I want is blocking the executable file (“AcroRd32.exe”) for any documents it opens.
Are you opening these PDF files from a removable media such as external HDD or usb drive? If so then it’s because a bug exists where CIS will treat every PDF as it’s own application as you have noticed so that when you answer an alert with remember my answer selected, a rule is created specifically for that PDF. If you copy or move the PDF files to the local disk then your block rule will take affect for adobe reader.
Going to “Tasks” → “FIrewall tasks” → "Block application " and adding the “AcroRd32.exe” file.
This action creates an application rule called “Block and Log All Requests”
(I am using “safe mode”)
I seems not to work with a rule created by me, in theory the same as the one created by comodo. (a bug?)
@futuretech
Unfortunately, it happens to me with all sort of pdf files irrespective their location, also HDD pdf files.