CF 5 custom policy not working for Adobe

So, in this case didn’t help, I’m sorry Velentin

Shold be an idea yes, tks. But when I followed your first suggestion, the CF was popping up with the alerts for Acrobat.exe, acrotray.exe and adobearm.exe, for all I choose to Manage as blocked application and then the updater connect to the server anyway, most probably through svchost.exe.

In your last suggestion it is possible (why don’t try?), but I really don’t konw how, I’m sorry

try to see if reinstalltion of CIS helps.

and the program in CIS —> Defense+ —> Defense+ Settings —> Execution control Settings —> Detect shellcode injections (i.e. Buffer overflow protection) —> Exclusions —> Add —> Browse…

Defense+ > Computer Security Policy > Trusted Software Vendors and there you scroll to Adobe (check if there are not double entries for Adobe in the list).

Maybe you should report your issue in the bug report section.

Boris

Tks Boris, but with Def+ disable that workaround doesn’t work, and if I eneable Def+ it’s OK because is setted correctly when it was in Paranoid mode.
I absolutely don’t think to report in the bug section, I did one time under suggestion and I was kicked off like a… shut up Andy…
So, if one of the staff value this thread to be moved in another section it’s ok for me, but I’ll not have any initiative

Tks Valentin, but to uninstal and reinstall CIS is not wanted, this issue is more than 6 months old, with different CIS versions and different adobe ones, so I’m quite sure I reboot two times for nothing and I have to do a ghost for nothing (my experience tell me that this kind of software is dangerous inside, because goes in deep into the OS, like antivirus software, Nero Burning, ecc…) .

For the rest, if I’m not wrong, if I add Adobe to the Exclusions, I think that adobe will be excluded from detecting shellcode injections… if there is an Inclusion list ok…

will it work in safe mode (the firewall that would be)?

May be you can look for a question by my not too old and posted here. Well there was no real answer to it but I think I figured some of the problems myself and this is described there.

It was similar to your problem that in default settings by CIS all stuff that really wants to can! connect to the internet.

What helped was to set Defense+ into Paranoid Mode and to tell it that it treats unknown stuff as
“Check Boxes
Treat unrecognized files as – This has five options and the unrecognized files will be run as per the option
selected.”

See here:
http://help.comodo.com/topic-72-1-170-1710-Execution-Control-Settings.html

Then you go to:
http://help.comodo.com/topic-72-1-170-1733-Defense+-Rules.html#Access_Rights

and make sure that Defense+ asks you for DNS access.

Then I would also make sure that you constrain svchost.exe. Look for safe rules for svchost.exe here or at wildersecurity…

May be you can alter svchost.exe ‘protection settings’ so you are told when something wants to surf by svchost.exe :slight_smile:

At least with these settings I could get some more control over stuff that went into the internet by svchost.exe and by ‘interprocess’ via ‘default browser’ while CIS/Defense+ optimal settings were up.

Yes, after I did those settings in Paranoid mode, also lowering the Def+ level (except to disable) everything works fine.

@diverxl
Tks a lot for your time, I’ll have a look, now I’m out of order due to win 7 sp1 install problems.

Tks to all !

if nothing helps I suggest you reinstall Abode and erase the application from CIS.

I am truly sorry that you have a hard time. If I were you I would explode.

Regards,
Valentin N

Tks a lot Valentin for you support, but it’s not so hard. I’ll keep Def+ on Clean PC and I’ll teach Comodo for all.

What instead make me angry is when Comodo doesn’t remember my answer, and everytime I have to make the same choices (I did another post for that, it was about System alert - https://forums.comodo.com/firewall-help-cis/cf-45-vs-system-asking-to-comunicate-at-every-boot-t62340.0.html - , but the apps not remembered are more and more!)

That’s a problem I have been experiencing a few times and of what I have understood it’s a bug that hasn’t been fixed.

Regards,
Valentin N

Sure mate, but when you have a bug in the version 4, then the same in the version 4.1, then 4.3, then 5.0 and, after 10 months, the same bug is still present in the version 5.3, I think there is something wrong, but the source of “bad things” are not born in the program by itself, you know what I mean :wink:

Maybe the programmers love to test constantly the users patience… I really don’t know and I’ll never understand why, but it’s free so I have just to shut up

I don’t think we should shut up just because it’s free. It’s up to them if they listen to us and try to fix it :slight_smile: I am not saying they don’t but more can be done especially because this is how they want to make commercial for comodo which I find very innovative and kind.

I have noticed that this happens when CIS crashes. Shall we continue through PM? I don’t want to make to many offtopic posts :slight_smile:

Regards,
Valentin N

I should be agree with you. And for PM tks for your idea, but I think we don’t have to discuss anymore about this.
If you want can answer to the topic I linked before, and here we stop with OT :wink: