CFP RC1 General Feedback/Impressions (Not for Bug Reports)

Submit here your feedback, impressions and suggestions about the latest RC.
Please change the subject to describe your post.

moved from announcement thread

had notepad open while installing/initially configuring RC1. pasting the notes now. legend: (DD) - design decision, (?) - question, (bug) - guess ;)) Fully updated XP Pro SP2 x86.

(DD) defense+ defaults to ‘train with safe’ on full options install

(?) explorer.exe not recognized. however, it then somehow gets assigned a custom policy based on ‘trusted applications’. considering that any application having file-open dialogue seems to need accessing it in memory, can anyone see a gaping hole?

(DD) ‘Image execution control options’ defaults to *.exe files instead of built-in ‘executables’ file group (having changed that manually and having gone through launching one application, I kinda see your point :wink: Still, there should be ways to fix it, e.g. having a dynamically updated ‘verified libraries’ file group. did I mention I miss component control from 2.4?

(DD) ‘Trusted applications’ are set to ask for running programs, but ‘windows system applications’ are not. Go figure. Also, why would blindly trust windows system applications, knowing their buggy nature and their being a prime target for hackers?

(DD) ‘Installer or Updater’ predefined security policy is hard-coded. Hard to imagine more lenient policy than ‘windows system’, though.

(?) the “*” predefined file group is called ‘all executables’, while really defining ‘all files’

(DD) defining ‘executable files’ by file name extension is a gaping hole really. Files with other file name extensions could be run in Windows, key feature being internal file format (PE etc.)

(?) some file groups are invisible in ‘My Protected Files’ list until the ‘groups…’ button is clicked

(DD) still no way to have all d+ settings for an app/group/policy to be seen on one page. a baker’s dozen ‘modify’ buttons with extra tabs to boot just don’t cut it.

(DD) popup dialogues are still poorly readable. making some text bold doesn’t quite cut it. perhaps a list-type structure could help.

(DD) although you can create a rule with ‘remember my answer’, you can’t control what exactly the rule contains, e.g. how broad or narrow it is. e.g. would it allow UDP/outgoing UDP/outgoing UDP to IP/Port/Combo? An extra chile popup window, perhaps with bubble-style graphics referencing the parent window, where these could be refined, would be most useful.

(DD) allowing by default to use %windir%\system32-located files for hooking is another security hole

(DD) ports in port sets do not differentiate between protocols

(?) mixing IP and MAC (from different level protocols)

(?) is ‘source/destination’ notation really better than ‘local/remote’, given that the former depends on packet direction and the latter doesn’t?

(bug?) speaking of which, predefined FTP rule for data requests seems to have source/destination ports mixed up

(?) iexplore.exe is not recognized

I wish the Training Mode could be changed in the final version .;msg100713#msg100713


Thunder5.exe is a p2p program like emule . When it is executed , it will modify one file in system32 folder and modify one or some dll files , I don’t know the names of the dll files modified by Thunder5.exe , because Training Mode adds rules with wildcard . After training , CFP will allow the program to modify all files in system32 folder , all dll files and all regitry keys under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects . I have not changed the ruleset since RC1 was installed .

Thunder5.exe is just an example , it is a trust program and will not do bad things , but if it is untrust program (such as IE) or with a virus , it will be very dangerous . And some people like to watch more things than incipient ruleset ( such as me (:KWL) ) , they may clear all the incipient ruleset and add “C:*” even “" in “My Protected Files” , if “Training Mode” adds rules with wildcard , CFP will allow all programs to modify “C:*” or "” , then the rules added by users will be purpose-less .

I think the “Learn All” level in beta2 is better , it adds rules with concrete file path and key path , I wish Training Mode could be changed back to Learn All .


I don’t know how the Train With Safe Mode works , if I use this mode , CFP will give me many alerts about modifying files and registry keys , installing hook and so on , in fact it doesn’t train anything . The Clean PC Mode is better , it could learn something , but it doesn’t learn which files a program will modify , when a program modify a file , CFP just gives the user an alert , doesn’t add rules for that . For registry protection , it is same to Clean PC Mode , it adds rules with wildcard . Maybe the Train with Safe Mode or Clean PC Mode could be changed a little , to make one of them is same to “Learn All” mode in beta2 .

Storm.exe (3.jpg) is just a media player , when it is executed , it just modifys HKLM\SYSTEM\ControlSet010\Services\PerfOS\Performance\Error Count , but Clean PC Mode and Training Mode allow it to modify HKLM\SYSTEM\ControlSet???\Services* , I am puzzled .

Another problem , the alerts about the registry protection still can differentiate the “create” , “modify” and “delete” operations , all alerts tell you a key will be modified .

edit again

Although Training Mode adds rules with wildcard is more advantageous , it is dangerous . Maybe there is another way to solve the problem , Training Mode could add concreter rules with wildcard . For example , a program modifys a.dll in system32 folder , Training Mode could add rule “C:\windows\system32*.dll” not “*.dll” or “C:\windows\system32*” . But I perfer gibran’s idea , add a option or another level , to let users choose whether add rules with wildcard .

[attachment deleted by admin]


since we approached Release Candidate Status we cannot expect skilled beta-testers to install V3 anymore.
Comodo has a very active Forum Community and V3 specifically suggest this Forum to ask for Support.

So in order to further improve support requests and troubleshooting V3 should have a Ruleset and Configuration Report.

This way Members don’t have to post screenshots and export Logs.

There should be only one place to go to generate a full textual report that list all the rules in a textual or HTML format.
This will shorten mostly all support Topics and will reduce the need to ask for missing or incomplete infos.

It would be easier to post a report containing something like

[b]iexplore.exe [/b] ALLOW TCP OUT from IP any to IP any where source PORT is any destination port is 80 ALLOW UDP OUT from IP any to IP any where source PORT is any destination port is 53 BLOCK IP IN/OUT from IP any to IP any
[b]iexplore.exe [/b] DNS client Service ALLOW Loopback Networking ALLOW Disk ALLOW Keyboard ALLOW Computer Monitor ALLOW Protected Files and Folders ASK [i]Protected Files and Folder Allowed List:[/i] C:\windows\temp\* [i]Protected Files and Folder Blocked List:[/i] C:\windows\system32\*
instead of attaching screenshots or writing a ruleset by hand.

Another way to improve support would be the ability to import a textual rule in an application. So if a member doesn’t know how
to use the configuration dialogs it will possible to import another member generated ruleset for that app.

RC1 does not allow for separately launched windows to be minimized or shown by themselves such as ‘Active Connections’ or ‘View Firewall Events’ etc. Minimize is only possible from the main menu or when using log viewer which is a separate program. All windows launched from the main menu should be independent.


Moving and sorting columns is not always possible. Strangely enough, some displays like ‘MY Pending Files’ are sortable. Looks like someone has decided for the user what needs to be sorted and what not :). For consistency sake, please allow sorting when possible and do not restrict it to specific displays.


Window sizing, column width changes, and window placement settings are not remembered. Improvements in this area are needed.


Safe files list no longer exportable/importable. Have they been merged with the configuration option?

Also purging pending files takes longer now.

Yes, I noticed this slowdown too. Almost seemed instantaneous in the previous version.


Running nice here, except for the bug I’ve posted in the bugs section.
But since it is a RC1, shouldn’t it contain almost all features? I thought Denial of Service feature which is important I think will be introduced, but nothing. Would it be available soon ?

Hello. Some questions, and, if possible, feature requests :

  1. What about statistics for protocols (TCP, UDP, ICMP, IGMP…) like in CPF 2.4 ? (See attachment)
  2. Where we can found portscan settings ?
  3. Why System idle Process have allow rules ?
  4. Request - flu$h DNS records every : hour(s), day(s) because there is critical vulnurables which substituting DNS records.
  5. Where settings for loopback and some others, like in CPF 2.4 :
    advanced attack detections and prevention section → miscellaneous
    miscellaneous section
  6. Request - Defence+ must monitor HOSTS file and asks when it changes.
  7. Interception trafic from some antiviruses with web-antivirus components (for example Kaspersky).
    Betas can’t do it, and all trafic goes over System idle Process without asking access to Internet.

Sorry for my English.

[attachment deleted by admin]

Under Known Issues in the RC1announcement:

  • DoS detection is not active yet

Hopefully this won’t be the last RC ;D


I installed CFP RC1 on a Vista box with SP1 installed on it. Vista would hang at logon. We I booted into safe mode, it booted really slow with each driver load scrolling very slow. After I remove CFP RC1 everything is good now…

Anyone else try this on Vista SP1?

I think some people feel comodo went 1 step forward and 2 steps back. In other words it added more features but even more bugs/errors. As i said not my comment but from reading bug reports.
It seemed most people felt comfortable for 3.09 or whatever and 3.010 added bugs such as this what seems big 120 D.P.I issue.

From my experience…I’ve tried literlly just about every Antivirus solution out there, Comodo, to me…Seems to really stand out, it’s pretty damn good, and I run a gaming machine that needs absolute every resource allocated to the games, yet it also needs protection, and Comodo’s peformance and memory footprint, at least on my PC seems VERY small, very minimal impact, it’s come along way since early betas in my opinion, and I’m greatful for that, good job Comodo. :slight_smile:

What is going on with the RAM usage? Earlier builds were so lean. Now it is using almost 40meg on my PC, with Defense+ off.

ALso, even though I asked that it only install only the basic firewall, it installed and enable defense +.

It is using 3.3MB for me, with Vista Ultimate, Avast!, etc. Maybe a reinstall is in order? What other security packages are you running? I had installation problems, especially with the effects of some configuration options, but reinstallation and careful selection seems to have cured them.

Latest ver of NAV & Threatfire. The last 2-3 builds have been heavy.

something wrong… RAM usage should be a single digit…

pls tell us more about your system config etc. and apps u are using…especially other security apps…


WinXP 2gb Ram amd 4200 x2
Norton AV
Comodo BoClean

I would uninstall / reinstall, but I have had high memory usage on the last 3 builds.