Windows XP Home Edition, Service Pack 3:
I am using the latest CIS with Proactive Defense+ (no CAV) (3.5.57173.439). Everything is working fine with the normal user account with Administrator rights. However, when I log on with the Guest account, the CFP shield and interface will not display, even though cfp.exe is active as a process. Also, when I log off the Windows Guest account, Windows displays an “End Program” window for cfp.exe. All that I can do is wait or end the program, and I have to end the program to continue the log off. The event viewer shows event ID 1000 was logged for cfp.exe. Why is this happening? This only seems to be an issue with the Guest account. Is there some security setting that I need to change? Any ideas?
I resolved this issue, but I don’t like the resolution. Basically, it appears that the Guest account must have at least Modify rights to the “Documents and Settings\All Users\Application Data\comodo” folder, subfolders, and files. I tried just granting this to the “Firewall Pro” subfolder, but that did not work. My concern is that I am granting the Guest account modify rights to the db, MarkSafe, Pending, and tvl folders and files therein. What damage might result from a virus deleting or modifying the contents of the MarkSafeList.txt file or the trusted.tvl file. Also, what if a virus, under the Guest account, deleted the cfplogdb.sdb file? That may make the firewall not work at all, it seems. Hopefully there is a better solution.