I got exactly the same issue with AVG anti-virus, everytime the PC starts Def + learns again the same rules about it and write the same list of entries in the computer policy list.
The second one is also a false positive.
File path: D:\Documents and Settings\All Users\Application Data\Comodo\common\DB\DDB\OTHERS\386.sld
File size: 14868 bytes
MD5: d6d1df9b0f1422d57bda3f41d60026be
SHA1: 12daacb94e65ee11d2596592a90b24878c9fecd9
Cheers,
Ragwing
Ok, the news: yesterday I’ve change eMule mod and come back to Xtreme, this afternoon I’ve swich on PC and another problem with update, exactly 5 min after start eMule, but this ones with correct IP Comodo Address(see picture). So I think, Ok X-Ray have problems and I’m contacting authors, but at this point ther’s a problem on Update function(wich is disabled), and may be with some eMule mechanism.
Look this:
http://img145.imageshack.us/img145/3562/whatrthiscomodoup2gf7.th.jpg
COMODO has block them 'cause I’ve forgotten a block rule after yesterday, now the situation is so:
http://img86.imageshack.us/img86/2047/comodoapplicationrulesqx1.th.jpg
I think U need try X-Ray for understand better…this mod ask me a lot of Defence+ permission(I was think all in saefty), non too many Xtreme.
Anyway, ask me if U need exactly and I try to report U.
If cfpupdater was able to connect to other IP then this should mean it was tampered in some way.
So either there was a direct memory access or a hook or it was modified and thus failed the digital signature verification.
maybe you can use V3 log to filter only emule and export all D+ log entries about X.ray
Hi,
First of all, I’d like to thank all the devs and support people for making an awesome program like Comodo possible.
I am currently trying RC1 out and I’ve run into a bit of trouble, but I am not sure if it’s because of a bug or just me not knowing how to fix a mistake I made. The problem is this: When trying to run the game Half-Life 2: Episode One from the Steam launcher window, I accidentally hit the Deny button on the Defense+ query… with the Remember application tickbox checked. Now whenever I try to run the game from inside Steam, I get an error message preventing it from running. I’ve looked everywhere on Comodo settings for the policy or whatever I need to reverse, to no avail. The “Access Memory” event gets registered on the Defense+ Event Log, but even though I’ve repeatedly tried to add Steam it to my safe files from the My Pending Files and I’m told it is in the library when trying to add it, I am still getting the problem, even when I disable the Defense+ module. Am I doing something wrong, or is this likely a genuine bug? Thanks for your help.
Look for explore.exe run an executable blocked apps in D+.
Then delete any HL2 entries in D+
Had this problem with StarCraft and Prince of Persia Two Thrones - some permission-related issue and the app freezes, you gotta alt+tab to the alert cause you can’t see it, could the alerts be made to steal focus if something’s running fullscreen?
I agree with you on that it is a pain and end up using the windows key.
Dennis
Hi I am very new and have questions about high security events. What should I do if I am receiving excessive numbers. 22 in less than 5 min.?
Thank you for your advice,
spinwool
This is strange.
When you install a game usually you can move all game files from my pending list to my safe list.
This should prevent these issues…
Welcome to the forums, Spinwool
Please post your logs and Give some more info as to exactly what the events a saying. Without more info It´s Impossible to say
OD
??? ??? ???
What happened to the “Manage My File Profiles” option within the “Miscellaneous” section? Moved somewhere else (I couldn’t find it) or is it that we can’t export or import our safe file list anymore??
??? ??? ???
(B) (R)
I have a doubt respect with process termination. This function (process termination) is into Defense+ monitor settings… and, what whappens if I disable Defense+? Using Process Explorer v10.21, by Microsoft Sysinternals, I can suspend or kill cfp.exe and cmdagent.exe… This is really preocupant, while the stable version, 2.4, doesn’t need a HIPS function to protect it from process termination.
I’m a compulsive downloader ;D, and is normally I let something downloading in Free Download Manager 2.5.725… The problem is, in Clean PC Mode, Defense+ asks before each download starts, but, if I go out? Should I disable the Defense+ to not interfere in my downloads process?
Excuse my bad english!
(R)
Now, Manage My Configurations.
Free Download Manager (FDM): What is CFP actually prompting for FDM? In Clean PC Mode… I don’t think it should prompt. But, maybe it is file access (happens on Modes other than Clean PC)… if so, goto Computer Security - find FDM. Edit - Access Rights - Protected Files & Folders - Modify & add FDMs download area(s) to allowed files/folders. Apply (a few times) & it shouldn’t prompt any more. FDM can draw a CFP prompt for a few different things, aside form file/folder access. Such as, disconnecting & calling other applications to name a few.
I had a couple of pop-ups about allowing disk writes for Free Download Manager, so I added disk rights to the Computer Security Policy entry for FDM:
Defense+>Advanced>Computer Security Policy>(locate the entry for FDM)>Edit>x"Use Custom Policy">Access Rights>xDisk (under Access Name) Then click Apply a couple of times. I also found out that the firewall setting was a bit off. It was set for allow all outgoing IP connections. You might want to try:
Firewall>Advanced>“Network Security Policy”>(Locate the FDM entry)>Edit>x “Use Custom Rule Set”>Copy From>Predefined Security Policies>Ftp Client
This will apply a more appropriate set of firewall rules.
just two questions: when for any reason I want to disable the firewall, two possibilities:
1 disable it from the interface or the tray icon
2 exit CFP from the tray icon
and that’s the second way that worries me a bit. When you click exit you get the message “Are you sure you want to shut down the firewall?”. You click yes, but CMD agent is still active in the process list of Windows, which also explains why Windows Security Center doesn’t signal the firewall is off…because it’s not off, when it should be. (also it would be nice if the tray icon color could change whenever the firewall is set to block all activities or to disabled)
another remark, why is IE launched when I click on the Comodo Forum link from the software interface, even though Firefox is my default browser? Thanks.
Just an update.
I contacted Pctools about the false positive and they have fixed it. Spyware doctor no longer sees the Comodo files as malware.
Cheers (:AGL)
Just checked it: it seems indeed Def+ controls the anti-termination protection of cfp and cmdagent. But is it a an issue? I don’t think so. It’s after all the role of a HIPS to take care of that kind of things. And if you ever decided to use SSM for instance instead of Def +, you could easily set it to protect CFP termination as well. I haven’t used CFP 2.4 for a while and I’m not sure that it was self-protected against process termination. All I remember is that its settings were protected through a CFP registry keys protection. Correct me if I’m wrong.