wow! I tested on my testing laptop. And the nextday, i put it on my working laptop. nice job! (L)
Here goes my first post so forgive me if I mis-handle protocol…
I am using the beta for several days with all settings at full-on industrial strength. So far – no evident bugs. Surprisingly small footprint. Stable.
My only Wish-List item so far is that the icon in the system tray would change its appearance (turn red or something) when I switch firewall mode to “Block all.”
{I’m on broadband (always-connected), so I use “Block all” whenever I will be away from my computer for a while.}
That’s a good one anyway if you block you connection too long there will be issues with DHPC renew.
I would like a block all “untrusted” or better a configurable one ;D
BTW since we are now approaching a RC status it would be a good thing to add some kind of Rules Reporting Tool in order to have a human readable representation of V3 Configuration. This would greatly help troubleshooting. (B)
A good option would be a purge button at least for “Run an executable” as explorer.exe list can become quite crowded.
Another option would be a textual log file to log “Block all unknown requests if the application is closed” actions in case V3 Log is inactive during startup.
Another addition would be a right click option to create a rule from a log entry. This will ease rule management in few cases.
Agreed, that would make everything easier if you have lots of files.
Ragwing
EDIT:
Another suggesion:
If you have Ad-Aware 2007, you’ll have an Ad-Aware service(aawservice.exe). I don’t know how it works, but if you terminate it thru task manager, it’ll restart itself.
Is it possible to add this to CPF3 in case a malware succeed to terminate CPF3?
Ragwing
There is no self protection for people without defence+ activated. Should have its own protection without defence+ needed in the next version.
I believe this is an option in Services.msc which can be turned on to auto restart a service. I noticed COMODO does not use this method and I am assuming it is because nothing can close COMODO. I do not see how it could hurt to enable it though, so maybe this is a good idea? Here is a screen shot of the settings in Services.msc (type that in start/run):
[attachment deleted by admin]
I’ve had firewall&d+ in ‘train with safe mode’ for a few days now, and noticed that it appears to have a built-in safe applications list that’s hidden from view. This manifests in seemingly random applications being automatically granted rights. At least I get that small notification in lower right corner. I can’t figure how v3.0.10 classifies apps as safe/not, certainly many auto-safe ones lacked digital signatures of any kind.
If my guess of a hidden trust list is correct, I’m certain that such list absolutely must be made visible and editable from the very start. We do already have the option to change automatic rules assignment afterwards, but the damage might well be done on the very first run.
Yeah, that seems like the option, and it wouldn’t be to hard for Comodo to set that as default.
Also, Comodo can easily be terminated if you don’t use Defense+, which is why I thought this would be a good idea.
Ragwing
There is a whitelist but I bet It doesn’t contain any name in it. So there is no way to do that other than adding an option to confirm autolearn on each app
I don’t think so, deactivating D+ should be meant for people who got another hips.
A list but no names? This is confusing. Still, surely Comodo doesn’t want to dictate its users which applications are allowed what?
Anyway, I’ve just went through a horrible sequence. I ran Acrobat, and it decided to check for updates. So I received a warning that said, “Acrobat is safe, but it wants to launch an unknown AdobeUpdater.exe, is it OK?” I chose Allow, and the next thing I saw was a series of auto-learn notifications for the still, presumably, unknown Updater app. At least I only meant to allow the Updater to be launched by Acrobat… Now worst of all, some moments after Updater was auto allowed, among other things, to contact DNS service, I got a popup asking whether I’d like to allow the ‘safe’ Acrobat to contact the DNS service itself?.. This makes me really interested in all this “safe/trusted” concept and its implementation
EDIT: silly me, actually the popup was saying that Updater is safe while its would-be parent is not, so most part of previous rant is moot irrelevant.
EDIT2: there you go, non-native language
If you want to control all apps without using the whitelist you should switch to “Paranoid Mode” which asks you for every permission and it is not possible to add something to the safe list.
The whitelist is a db of safe app signatures (like the one used by some AV) and it is constantly updated. Anyway it is not possible to add a new app the same day it is released though you can send files to Comodo for analysis.
BTW there is a trusted vendor option which allow you to mark all Digitally signed application from specific vendors to trusted.
Adobe, Microsoft, Mozilla and other makers of Window certified apps can be added to that list.
Other than this there is no need to be confused.
If you really trust an app you can allow it.
If you are confused simply don’t use it or accept the risk.
That’s all.
A computer cannot decide by itself nor it is possible to implement an artificial intelligence to accomplish this task.
If you are really concerned about security asking for a simplification is pointless.
A legit program can still harm your pc. Malwares are not using some esoteric voodoo function, instead they use the same
plain windows functions in an unauthorized way without asking permissions.
D+ simply ask you that. It is still possible to disable nearly all D+ function and use only some parts of it but this should be
an use choice.
It’s up to the user to willingly remove some protection so that any program can access those functions without an alert.
Funny how I always seem to express just the opposite of what I want to 
Let me try again. I see that there’s a list of applications which are believed by Comodo to be safe. I see that I can’t see and I can’t edit this list. I think that a list of pre-checked and pre-approved applications can be helpful. However, I have an issue with the current implementation. Specifically, I would like to be able to see and edit the Comodo-created safe list, before it gets applied by the program. The list is a simplification to make life easier. What I ask for is not a simplification, it’s an extra option.
I do get your point that I should perhaps be using Paranoid mode, not Training with Safe. I admit I misjudged the functionality of Safe list, which happened because I did see the list of trusted signatures and thought that it was the source of the Safe list. At least I was right to not post this to the bug report forum
From what I heard the safelist accouts for 300000 applications :o Adding names to each entry in that list will be a time consuming task and wil make that list even bigger.
I’ve not tested this myself but you can try to stick with train safe and add some safelisted app to “My pending list” (actually all apps you don’t want to be automatically learned).
How to test this:
Look for a safelisted app that got a learned Custom rule.
Delete that rule.
Add that app to My pending list.
Start that app and report if that app will learn again.
If this doesn’t work it could be either filed as a bug or added to the feedback as a request.
300k apps??? Supposing they use MD5 to identify executables, that’ll be 4.5MB for hashes alone…
Again, once the app got to the editable fw/d+ rules list, it has been allowed the action at least once, which is at least one too many times for the ‘total user control’ approach I preach here. So the final answer apparently is that I should be using paranoid mode ;))
Actually you can add as many files/subfolder you would like before the learning mode triggers in.
That was only to test if this way you can ovverride the whitelisted apps.
The purpose to edit the list was to exclude some software so you can add those in My pending list.
Those app are not assumed to be safe but I’ve not tested if this ovverrides the builtin whitelist or not.
Give it a try.
Well, if you insist
I started the test by adding Updater to pending files, rules and all. It got added all right. Next, I deleted the rules. Next, I saw the rules recreate with the app remaining on the pending list.
Now for the issue that I’m discussing here, I’d be better off just modifying the automatically created rules by hand, which I just tried as well and which works. Once again, if there are visible rules to modify, then the application has been let through at least once. So if CFP3 design stays the way it is until release (and with the 300k effort it would seem it will), then the documentation will need those 300k mentioned in big red flashing text in the section describing ‘Training with Safe Mode’.
Another funny thing is that I tried online lookup for the Updater from the Pending list, and it returned unknown. This apparently means that the hidden safelist was a part of the download of CFP3 Beta…
If it was unknown it shouldn’t be in the whitelist :o
The whitelist is installed along with V3. IIRC the safelist adds at least 10mb to the installer.
Using Train Safe there are two way to trigger an autolearn, on is the whitelist the other is movig the files from My pending list to My Own safe files list.
It would be possible to add an option to D+ settings in order to ask confirmation before learning new rules for safe apps.
Infact the run an executable alert could be used to alert that the new apps will be automatically learned and the use could have an option to disable autolearn for that app.
As it is now the run an executable alert permits to change the permission of the parent app which is quite pointless and should be disabled as it could cause confusion.
Anyway My pending list sould be able to override the whitelist please report this in the bugreporting topics.
I find that in spite of having the firewall in installation mode there are too many red alerts. I experienced this while updating firefox and netscape. Most of these were related to updater.exe modifying certain files. While installing/updating a software this is the basic thing which happens. There should be some way out of this.
The learned in the forum may comment.
(:AGY)