CF 5 custom policy not working for Adobe

Hi, also this time with this version happen the same story:

CF 5 didn’t ask me anything for adobe updater and I found in the systray the adobe icon telling me there are updates for my software.

That’s really unbelievable!! >:(

I wrote about the same issue months ago (https://forums.comodo.com/orphanedresolvedoutdated-issues-cis/cf-41150349920-bloked-app-not-blocked-t58720.0.html;msg411287#msg411287) where I didn’t get any answer

Now with CF 5 the story is back. I have to manually block all files involved, and at this point I’m not sure it will works.

What Adobe exe files have to f**k CF so easy???

May be there is a policy for the Adobe updater in Network Security Policy → Application Rules that would.

The rules are decided at any time CF ask me for anything, that’s the reason why I choose “Custom Policy” and nothing else.

In the application rules it was already classified as blocked for all incoming and outgoing request, and that’s was not enough, today I got this gift (and there was nothing in the event log about that).

Since I know Adobe I have always locked all their applications, but with CF seems to be unuseful

Same story, also with CF 5.3.176757.1236 and Adobe Acrobat X no change.
AdobeARM.exe is locked in the firewall in all way, but if in adobe I choose to check for updates, adobeARM is executed and comunicate like I don’t have any firewall installed.

Also adding that exe file manually, either as a process nor single file, in the CF it result as locked file, but it comunicate with adobe server without any problem.

Nice to see adobe instead an hacker f******g CF so extremely easily!!

PS: The proactive defense doesn’t report anything about that, for proactive nothing is happening, wonderful

I don’t have this issue with Adobe. XP SP3; proctive config; FW custom policy mode; Def+ parano.

I didn’t made any rule for adobe in Def+; I receive alerts when I launch Adobe.

Same no rule for adobe in FW

In Adobe, I’ve disabled automatic updates

Each time I launch adobe or check manually for updates, I receive an alert from FW.

Boris

Depend on which adobe version you have, with my previous version 8.2.6 and this one now the issue is always present, also CF changed from the last time, but meybe non for leaking issue.

Adobe Reader X, version 10.0.1

With each new version of CIS, Comodo tries to make it more user friendly for beginners and finaly you have to tighten your rules at the max. to make it react like it used in older versions.

Ok, so if you open adobe, in help menu choose to check for updates and you’ll see that it’s works (not comodo)

I’m sorry but I don’t understand what you mean.

Maybe because you have Adobe Reader X while I have Adobe Acrobat X Pro, that’s the reason

Installed Adobe Acrobat X Pro also on my desktop PC, yes, I have disabled the automatic updates, but I did a test anyway:
Opened the program, went to Help/Check for updates, Comodo alert pop up, I choose to manage as blocked application, and the updater run and show me updates avaiable!!!

So, which workaround Adobe have to bypass Comodo firewall like it doesn’t exist???

May be it is accessing svchost.exe. Try monitoring for that activity.

Tks a lot for your answer.
I started “Active connection” feature and I ask to Adobe to chk for updates and the only one adding to existing ones has an IP that correspond to Akamai Technologies.

So I’m really don’t understand how I can get more info, if you’ll be so kind to give me more instructions, you’ll make me more than happy, tks 88)

Have you unticked “Create rules for safe application” in FW Behavior Settings > General Settings?

Yes mate, it was unticked from the first installation of CF

Now I removed svchost.exe from Firewall/Network Security Policies/Application Rules, starting the Adobe Update from the Help menu and I was waiting a CF popup for svchost, but it didn’t happen, the updater connect with the Adobe server and show me the updates avaiable.

Now I removed also System Applications from Firewall/Network Security Policies/Application Rules (that setting was a CF default from the begbinning), and as soon as I started the Updater a CF pop up alert show me that svchost want to comunicate. Just blocking that request the updater fail, wonderful! But there is something more behind!!!
The updater doesn’t try to connect directly to an Adobe server! It goes through my preferred DNS first, so the result of the previous Block Request is that I can’t surf on internet anymore!!!

This is a nightmare… :-[

try to put CF in training mode for a few minutes but not more than 10 min.

I am truly sorry to hear that you have problems :frowning:

Regards,
Valentin N

I understand you live this like a nightmare.

You have no more connection because you block svchost.exe. If you have ticked remember my answer, surely removing the block rule just made will reestablish the connection. If it is not the case, disconnect from you router, reconnect and you’ll normaly receive a new popup for svchost.exe.

As for adobe updater, if Def+ is not yet in parano mode, please try it and remove from Def+ all the rules related to Adobe. Doing so will tell CIS that Adobe is not an application fully trusted.

Hope your problem would be solved.

Boris

Hello Valentin and tks a lot for your answer. Don’t be sorry, nothing is perfect in this world, myself included.
About your suggestion I think there should be something to do before to set CF in training mode, because just set it as suggested Adobe updater works anyway.
Maybe I have to cancel something from Firewall/Network Security Policies/Application Rules before to go in training mode?
Tks in advance

Hello Boris and tks a lot for your answer. For the connection no problem, just deleting the block rule everything goes back to normal, tks.
The Def+ is disable on this PC due to a lot of kind of work and experiments and more everyday, when I had Def+ enable I had to answer to hundreds Comodo popups per day (and it was setted to Clean PC), and that was not accettable anymore after the Def+ was enable for few days.

I’ll try to do it as per your suggestion anyway, also if I have already an idea about the results.
Infact, I do it right now with Def+ in Paranoid mode, I can block any adobe comunication preserving the surfing ability on the web.
But as I already mentioned before, I can’t live in this condition! 60 seconds in Paranoid mode make me crazy, you can not do a single mouse click without a Comodo popup. On the other way, of course, setting the Def+ to disable the choices made in Paranoid mode are no more active, but keeping in Clean PC yes.

So, at this point I think your reply will be somthing like I have to live with Def+ active if I want to keep my target, otherwise I don’t have to blame if something is not like I would. And you’re right mate. I’ll try to survive to the Def+ popups, otherwise I can try also to block the execution defintly for the involved applications using programs like Tweaknow Windows Secrets (crossing my fingers)

Tks to all for your time!!

you don’t need to do anything just but it training mode and see if that help :slight_smile:

Regards,
Valentin N

Hi Andy,

A last idea. If you remove Adobe from the Trusted Vendors List, CIS won’t recognize it (untill the next update of the list) and normally the FW must popup for the updater. And as you have rather not use Def+, CIS won’t restore its confidence in Adobe trough the cloud sscanning.

Boris