CFP 3.0.11.246 RC1- Questions about how it works

Matousec reports the following existing vulnerability in CFP 2.4 latest version.

http://www.matousec.com/info/advisories/Comodo-Bypassing-settings-protection-using-magic-pipe.php

Has it been fixed/dealt with in version 3?

Hi.

https://forums.comodo.com/leak_testingattacksvulnerability_research/cfp_easily_bypassed_20070801-t11187.0.html

Is there any way to disable this? I don’t want to review any files…

Thanks for the reply. So as fat as I’m reading it’ll be fixed in 2.5 but no one’s sure if it’ll be fixed in 3 right…?

After going through stealth ports wizard {on comps}, trusting all lan comp ips, still blocking svhost icmp’s & not allowing access to shared folders. What next?

I think you misunderstood it.

Note that I said maybe :wink:
As for now, no update to version 2.x is announced.

Cheers,
Ragwing

I have the same problem as mikeo1313, we use windows xp file sharing, with CFP 2.4 it works like a charm but since i installed V3 RC1 in my computer i cant get access to the windows network not even if i disable the firewall, i have to deinstall CFP3 RC1 to be able to browse the network again, my PDC is a linux server with samba, i tried the steps enumerated in the post on how to set one of the earlier betas to be able to work with samba but still cant get it to work.

Anyone can help me here?

Hi xantor, welcome to the forums.

xantor/mikeo1313: I didn’t use CFPs automatic rule generation this time & I created my own rules. I got my LAN working by the following… I created a Zone, I called it LAN imaginatively enough. This Zone is defined to encompass the whole subnet on which the LAN operates (also allowing for broadcasts). So, an IP range of x.x.x.0 to x.x.x.255 (this obviously could be restricted further if needed, ie. for a wireless LAN).

I then created 2 Network Security Policy - Global Rules - Allow All (IP All) Outbound where Target is LAN & Allow All (IP All) Inbound where Sender is LAN. In my configuration I placed these rules high up, positions 2 & 3. I my case, positions 1 & 2 are taken up by a blocking Zone (doing the opposite, completely blocking IP networks). Other than that I added the 2 same Allow In & Out entries to both Service & svchost.exe in the Application Rules. I did the same for some other applications, including the Print Spooler that I wanted to have unfettered LAN access. And the LAN works just fine with this.

It will pass v3 if you do not always allow when prompted

In the thread below Soya mentions Melih says they will be fixed in V3

And in the post below I tested an early version of v3 it passed
matousec said in their methodology for this test when given the option “Allow” or “Deny” they always select "Allow.
If a users always "Allow"s at any prompt by a fire wall I think there is little possibility of passing a leak test.

This is not standard methodology even for matousec

Hope this helps
OD

These are some questions I put as part of bug report Has anyone played with the wild cards (?) & (*) yet??
for more details see the topic link below

Thanks
OD

I think C:\Documents and Settings*\Menú Inicio\Programas\Inicio* should already work.
I’ve not tested more than one ? as I usually use * for this. It should work, hey, maybe it could be used to workaround the multiple progra~? issue
but I cannot test this as I no longer have this issue.

That’s what I meant, Iwasn’t referring to Ragwing’s post but to the one where Melih says they’ll be fixed.

Hello,

I am unable to put my WAMP server online on my Vista machine when Comodo Firewall 3 RC1 is running. If I close comodo, it runs okay. I’m in Safe Mode - Learning, and don’t get any prompts to allow/deny, and I have manually added the application file and services to the trusted applications list and still no love.

intel core 2 duo, vista 32 bit, nod32 antivirus, latest version of WAMP.

Thanks,
Ben

http://www.matousec.com/projects/windows-personal-firewall-analysis/Comodo-Personal-Firewall-2.3.6.81/

Click on “show bugs”. There’s lots of criticals, can someone tell me how many of those are fixed in v3?

there shouldn’t be a critical bug left in v3

Melih

Wow… coming like that from the admin it sounds pretty reassuring. I didn’t know so much attention had been payed to securing the design of the firewall. I guess there’s more changes under the hood than just a new interface and extra features eh? Neat.

Can anyone explain when and what determines if new files are added to the ‘My Pending Files’ list?

I have seen files such as *.dll, *.sys and *.exe and I assume there are more, but I have
not noticed others so far. Files considered safe by CFP do not get added which is what I expect.

I have seen files with and without digital signatures added to the list. I do not understand why files with valid digital signatures are placed there. New *.msi files do not get added even though they are unknown to Comodo. There are other extensions too that are not added. How does ‘My Trusted Software Vendors’ fit into the picture?

Can we expect any documentation on this kind of stuff or is it up to us to figure it out? >:(

It would have been nice if Comodo had released a document for the BETA testers about how CFP is supposed to function etc. I for one would find it easier to test with a bit of documentation. Another benefit of this would be a lot less forum clutter from those of us that RTFM.

Al

It’s only a about time and a help file will come. I guess that the last RC should have that.

From what I’ve tested and read in the beta section My pending list should be able to report changes to protected file extension so it should monitor the executables list in My Protected Files.
My pending list is a place to have an overall view of files/folders changes (this is important too as there is no hash checking) plus it has the ability to disable autolearning for files in the list.
This way you can override autolearning as long as there is no rule for an executable.
So if you wish to disable autolearning for few files you can add those to My pending list.

I guess that one useful addition could be enabling groups in My pending list in order to separate the files you add from the ones added by V3.

It’s better than that Searinox, Melih isn’t really just an Admin… he’s the CEO of Comodo. :slight_smile:

Not only that he seems to be a pretty nice guy with a good business model (R)

but I bet Melih can be a bear as release dates approach
Egemen would know better than the rest of us.

Again don’t let it go to your head Melih

OD