The rules are decided at any time CF ask me for anything, that’s the reason why I choose “Custom Policy” and nothing else.
In the application rules it was already classified as blocked for all incoming and outgoing request, and that’s was not enough, today I got this gift (and there was nothing in the event log about that).
Since I know Adobe I have always locked all their applications, but with CF seems to be unuseful
Same story, also with CF 5.3.176757.1236 and Adobe Acrobat X no change.
AdobeARM.exe is locked in the firewall in all way, but if in adobe I choose to check for updates, adobeARM is executed and comunicate like I don’t have any firewall installed.
Also adding that exe file manually, either as a process nor single file, in the CF it result as locked file, but it comunicate with adobe server without any problem.
Nice to see adobe instead an hacker f******g CF so extremely easily!!
PS: The proactive defense doesn’t report anything about that, for proactive nothing is happening, wonderful
Installed Adobe Acrobat X Pro also on my desktop PC, yes, I have disabled the automatic updates, but I did a test anyway:
Opened the program, went to Help/Check for updates, Comodo alert pop up, I choose to manage as blocked application, and the updater run and show me updates avaiable!!!
So, which workaround Adobe have to bypass Comodo firewall like it doesn’t exist???
Yes mate, it was unticked from the first installation of CF
Now I removed svchost.exe from Firewall/Network Security Policies/Application Rules, starting the Adobe Update from the Help menu and I was waiting a CF popup for svchost, but it didn’t happen, the updater connect with the Adobe server and show me the updates avaiable.
Now I removed also System Applications from Firewall/Network Security Policies/Application Rules (that setting was a CF default from the begbinning), and as soon as I started the Updater a CF pop up alert show me that svchost want to comunicate. Just blocking that request the updater fail, wonderful! But there is something more behind!!! The updater doesn’t try to connect directly to an Adobe server! It goes through my preferred DNS first, so the result of the previous Block Request is that I can’t surf on internet anymore!!!
You have no more connection because you block svchost.exe. If you have ticked remember my answer, surely removing the block rule just made will reestablish the connection. If it is not the case, disconnect from you router, reconnect and you’ll normaly receive a new popup for svchost.exe.
As for adobe updater, if Def+ is not yet in parano mode, please try it and remove from Def+ all the rules related to Adobe. Doing so will tell CIS that Adobe is not an application fully trusted.
Hello Valentin and tks a lot for your answer. Don’t be sorry, nothing is perfect in this world, myself included.
About your suggestion I think there should be something to do before to set CF in training mode, because just set it as suggested Adobe updater works anyway.
Maybe I have to cancel something from Firewall/Network Security Policies/Application Rules before to go in training mode?
Tks in advance
Hello Boris and tks a lot for your answer. For the connection no problem, just deleting the block rule everything goes back to normal, tks.
The Def+ is disable on this PC due to a lot of kind of work and experiments and more everyday, when I had Def+ enable I had to answer to hundreds Comodo popups per day (and it was setted to Clean PC), and that was not accettable anymore after the Def+ was enable for few days.
I’ll try to do it as per your suggestion anyway, also if I have already an idea about the results.
Infact, I do it right now with Def+ in Paranoid mode, I can block any adobe comunication preserving the surfing ability on the web.
But as I already mentioned before, I can’t live in this condition! 60 seconds in Paranoid mode make me crazy, you can not do a single mouse click without a Comodo popup. On the other way, of course, setting the Def+ to disable the choices made in Paranoid mode are no more active, but keeping in Clean PC yes.
So, at this point I think your reply will be somthing like I have to live with Def+ active if I want to keep my target, otherwise I don’t have to blame if something is not like I would. And you’re right mate. I’ll try to survive to the Def+ popups, otherwise I can try also to block the execution defintly for the involved applications using programs like Tweaknow Windows Secrets (crossing my fingers)
A last idea. If you remove Adobe from the Trusted Vendors List, CIS won’t recognize it (untill the next update of the list) and normally the FW must popup for the updater. And as you have rather not use Def+, CIS won’t restore its confidence in Adobe trough the cloud sscanning.