I’m REALLY hoping that someone can help me out with this. I’m going to make this post as short as possible, as I will probably need to feed back more info on the basis of advice received here.
We just got a new laptop (Dell), shipped with a month trial of AV software suite (McAfee). Prior to this trial expiring, I downloaded the following freeware installation files in preparation:
So, after McAfee expired, I installed the freeware. So far, so good, no problems or issues apparent. After this security software installation, I installed several other programmes. Again, no probs.
Then… my other half bought a new MP3 player and installed software shipped with it. He didn’t understand what the Comodo interface was asking him and seemingly chose a few wrong responses.
Now, we have a serious prob with our lovely new laptop. When logged in as the main user (administrator), we can’t run any software programmes, nor can the programmes that Vista launches automatically be launched. (When in safe mode, we have a bit more flexibility about launching programmes, as long as we right-click and run as administrator.) I should also point out that the spyware and AV we use were updated the day before all this happened and run - no probs highlighted.
So, I would like some help for getting back to how we were a few days ago PLEEEEEASE!!!
My thoughts on this so far are:
undoing ‘rules’/blocks - I need to know what to look for and how to do this…
Doing a system restore (from date prior to problems occurring)
Uninstalling CFP 3.0 and hoping this removes rules seemingly causing probs.
Reinstalling OS from scratch
many thanks and eternal gratefulness,
Re. techie details, they are as follows:
We have CF3.0 installed (I downloaded it about 2-3 weeks ago)
Internet connection type – broadband, 2MB
Operating system – Windows Vista Home Premium ver 6.0.6000 build 6000
logging-in to OS as Admin (primary user account)
Other real-time security applications installed (Avira antivirus, Spybot spyware, Windows Defender spyware, Windows Security Centre)
Security related applications which have been removed/disabled before installing CFP – none specifically disabled. McAfee ‘ran out’ prior to installation.
Security related application which have been removed/disabled after installing CFP – as above.
Detail the problem, such as which applications are running when you have the problem – the problem is that NO applications can be run!
Please inform us if you have created any custom rules – no custom rules defined specifically. ‘Always follow’ rules probably/possibly generated via the CF interface during installation of MP3 software.
Sounds like you blocked something in D+. BTW are you sure Mcaffe is completely gone? Go into safe mode and try a system restore before you installed your MP3 player software. Also in safe mode you can open up Comodo and go to D+\Advanced\Computer Security Policy and look through the list of what you blocked. If there is something blocked the simply right click on it and edit it to trusted. Also you do not to install any software that comes with your MP3 player. Windows Media Player does it all and so does Winamp which is my choice. Never ever reinstall your OS. Thats the last thing you want to do.
Hi Vettetech, Shin-ganda, thanks for the quick replies.
I’m in the middle of trying the first option (modifying rules/policies in Defender+)… But, as a new user of both Comodo and Vista, and a not particularly techie person, I’m having a little trouble assessing what labels to put on things.
Firstly, I’m not sure when to remove things. For example, if it’s an exe shipped with Windows, e.g. Notepad.exe, do I put this as a Trusted application, or do I remove it from the list? If it’s a system file, do I list it as such (i.e. System), or again do I remove it and just let the PC get on with things, and approve the process if/when required?
With respect to system files, if I should be defining them as such, how do I know if it is one or not? For example, is %windir%\explorer.exe a system file? Or is it a trusted application? What about %windir%\system32\rundll32.exe???
err, i don’t know about system file or anything myself (:TNG)
i think, CFP3 works perfectly even if you use out of the box setting,so we don’t need to change anything in defense+
except if you accidentally chose the wrong rule.
when an unwhitelisted app execute itself, Defense+ pop up window will automatically asking: do you want to treat this app as:
trusted ==> for trusted application (ofcourse ;D )
installer/updater ==> when you’re updating/installing something
So, what you’re suggesting is, if I’m unsure what to define, then I should just use ‘Remove’ from the Defense+/advanced/computer security policy/ and if I need to ‘approve’ a process, I’ll just get asked by the software in the normal course of events?
errr how should i say it, from my experience (:NRD)
there are plenty of rules listed by default on defense+, we should never change it. ( :o scary scary :o )
when a new application is trying to execute, there will be CFP pop up window asking if you want to allow/block (or treat as…).
and from my experience (again) ;D, if i’m not sure about something, i’ll just BLOCK it without ticking REMEMBER and see what happen. (if you don’t tick “remember”,there will be no rule created regarding the app)
and yes, if you’re not sure about the rules that has been created (accidentally ticked “remember”), you can remove the rule and let CFP ask you about it when it’s running again ( it requires reboot to take effect sometimes)
Excuse me shin but I think your wrong in a way. Both my pc’s are 100% clean. I know every action my pc is making and why I am getting a D+ alert. If your pc is CLEAN then every program in it is also. I have “remember” ticked and most of my programs are allowed. If you know what the program is then click allow. Dont worry about what to make it cause you can always edit it. Unless your installing something new that you have no idea what it is the maybe block it cause it may be spyware. If your installing something then use install mode and make that program an installer. If you just clicked update on a program and got a D+ alert then make that an updater. The default if you just click allow is custom. I never get alerts on either of my pc’s cause I have had Comodo installed for awhile now. If you recieve a D+ alert take time and read it fully. Most likely if your pc is clean so is the program causing the alert. This is only the case when you first are using Comodo for a week or so.