CFP BETA - Questions about how it works[CLOSED]

I just installed the new beta and it looks good but I have a couple of quick questions:

  1. If you choose not to activate Defence+ on install can you enable it later or will you have to reinstall?

  2. Global rules do not list the allow all outgoing and block rules which previous betas defaulted to. Even after running Stealth ports wizard the only global rule is to block ICMP echo requests.

Feel free to move this post to a more apropriate thread when the 3.0.10 threads are started.

1 - You can always activate it later by using Defense+ Settings. No need to reinstall.
2 - Yes. TCP/UDP stealthing is now handled application wise. Global rules should be used for blocking other protocols or configuring according to some other advanced scenarios like file/printer sharing in a LAN etc.


Thanks for the info, Egemen.

It did seem somewhat redundant to have to put in rules for incoming connections in application and global rules for the previous versions.

When I activate image execution control I can get notified when a program launches another. But I also get notified if a program is trying to run for the first tim, which I don’t want. How can I get one without the other?


Anyone know why I get so many entries in Defense+ - Advanced - Computer Security Policy all for one item. I counted 35 entries for BOClean and as far as I can figure they are all identical. If I take them out and make BOC a trusted application it just puts them all back. I expect every app that I open gives me a new entry.



It must be to do with what resources it accesses. If boclean accesses more than one file which it probably does as it is scanning all the time, it will have more entries for changing maybe registry+service =2 entries.

Install Question: Can I install v3.0 beta over version 2 or do I need to do an uninstall (in safe mode) and then install v3?

You’ll need to uninstall CPF 2.4 to install CPF 3 BETA.


Do these extra entries include this in there path ~1

If something was trying run ‘for the first time’ as you say, you don’t care to know? What if it was a brand new bouncing baby keylogger or porn dialing, home page hijaking trojan like the one I had to clean up at work the other day (I’m the IT AV person for a 3000 user division of a multi-national company). You should be glad that the AV software informs you that something new is running, since it may not always be something you installed yourself and know about. It’s nice to know.

Hello Dennis2

Do these extra entries include this in there path ~1\ Dennis

Yes they do. Is that significant?


Yes I’am afraid so mine are C:\PROGRA~1(file name) four each time you boot up on XP.
I have three entries for AVG 7.5 Antivirus all three are processes running in system I hope they sort this problem out in the next release.
At twelve entries each time I boot I got fed up of deleting them so start with a clean install each beta.
It might be something to do with this post by Egemen?

Known Issues
2 - Detection of the DoS attacks has not been activated yet


Hi Guys,

No this is related to shortpath name conversions. I believe this should be happening during the booting.

We will try to fix it.

Thx for the feedback,


Hi Guys,

No this is related to shortpath name conversions. I believe this should be happening during the booting.

We will try to fix it.

Thx for the feedback,


Thanks egemen

This is a very nice firewall. Thank You


Thank you for posting Egemen
It would be nice to have it fixed but it is not a big problem after I have started all my app’s I just leave the entries collect at the bottom of the list.
Many Thanks

Can anyone explain me what does this do exactly :
“Protect the Arp cache”
“Block Gratuitous arp frames” ?

Thanks ^^

Here is a page with some info on Arp.


I do not see a policy for ‘Installer or Updater’ in the Predefined Security Policies section. When selecting a predefined policy, you are given five choices to chose from. Only four of the those choices are listed in the Predefined Security Policies.

On some alerts, when selecting “Treat this application as”, I only see three choices instead of the five predefined ones. Why is that?


[attachment deleted by admin]

Improvement … :-\ I’m not really sure about that : for instance in the 2.4 version I have the possiblity to EASILY

  1. allow
  2. Block
  3. ask

every application with one click on the app’s name

In the version 3.0 I am not even able to find back the module for doing so … and when I do click on a name it’s telling me that in order to edit the setting I have to go to the “predefined” …

Dear friends : this is way too difficult for the common user or layman (Like me)
In my humble opinion there should be something like a button which gives me access to this module. And also the possibility to edit the settings BY ONE CLICK … :frowning:

This way is more easy. You can still edit those setting for apps marked as treat as Custom.
The other grayed entries are predefined settings and you need to modify them in another section.
If you use the custom settings you can still copy a predefined ruleset and change it the way you like.