I’ve been a Comodo Firewall/CIS user since version 4, but the security blunder I’ve just now detected really makes me think if I should use another software.
I always run the firewall in “CUSTOM POLICY” mode since I have a complete ruleset and would like to be notified for any activities that do no fit the rules. The other day I noted that a lot of rules were in there which I did not remember putting there. Ok, I thought since my ruleset is very large, I might have clicked “Remember my answer” when I really only wanted to grant temporary access for some program. So I decided to clean all rules and start from scratch. Now I have a very basic ruleset for a handful of programs.
A few hours ago, I put the software into “GAME MODE”. In my understanding, this should prevent popups while playing full screen games. What it really did, was put the firewall INTO TRAINING MODE!!! Wow, I thought I must be crazy when suddenly I saw new rules for all kinds of stuff. I verified that the firewall was still in CUSTOM POLICY mode and it was.
So there you have it. On my machine, CUSTOM POLICY + GAME MODE = TRAINING MODE. Could other users out there please confirm if they can repeat this on their computers, or if another factor, like UPNP (I have some rules for 224.0.0.0 active) or something needs to be active?
Further info:
OS: Win 7 x64 SP1
CIS 5.12.256249.2599
Game Mode - Switches CIS to Game Mode to enable you to play your games without any interruptions from various alerts in your computer. The operations that can interfere with users' gaming experience are either suppressed or postponed.
In game mode:
Defense+/Firewall alerts are suppressed as if they are in training mode;
Defense+/Firewall alerts are suppressed as if they are in training mode;
AV database updates and scheduled scans are postponed until the gaming is over;
Automatic isolation of unknown applications and real-time virus detection are still functional.
Deactivate Game Mode to resume alerts and scheduled scans.
Maybe you simply forgot to uncheck “Create Rules for safe Applications”.
It is no security blunder as game mode suppresses them and in order to make everything work correctly, it has to allow programs that ask (which is supposedly the game you are running), but still according to the manual it is not directly normal behaviour for game mode to add some rules.
How would you expect for game mode not to disturb your gaming experience if it would block all application that is related to a game from connecting to the internet or doing stuff on your pc? The game would mostly crash or not run well and you would be pretty much upset.
Thanks for your reply, Lunz. Under firewall behaviour, no boxes are ticked, meaning “Create rules for safe applications” is not active. If you want to play a game in game mode, you’d just have to have the appropiate rules in place before you start the game, I guess.
But this is not what we’re talking about here. Supressing and postponing is completely different from learning. So, instead of guesswork, could other users with 5.12 please just test what I’ve written about and confirm or not if the behaviour is the same.
Instead of creating a window that explains short that a game needs UDP/TCP outgoing only, and instead of creating a predefined rule for games,
they invented game mode.
I never suggested it. Even if it does not create rules, its an inconsequent userfriendlyness.
Sorry, I find this unacceptable and contrary to what Game Mode is supposed to do which is just to suppress notification. Instead, it completely compromises my security. This means that for weeks my system has been wide open to any attack. Thanks a lot, Comodo!
No, Game Mode is supposed to do exactly what I’ve stated it does.
From the help file:
[b]Game Mode[/b] - Switches CIS to Game Mode to enable you to play your games without any interruptions from various alerts in your computer. The operations that can interfere with users' gaming experience are either suppressed or postponed.
In game mode:
Defense+/Firewall alerts are suppressed as if they are in training mode;
Defense+/Firewall alerts are suppressed as if they are in training mode;
AV database updates and scheduled scans are postponed until the gaming is over;
Automatic isolation of unknown applications and real-time virus detection are still functional.
Deactivate Game Mode to resume alerts and scheduled scans.
It would be nice if earlier versions of CIS had a reminder that you are still in Game Mode after you have finished playing. Version 6 does add this feature.
Maybe so, but I don’t know of any other application on this planet which would change the security level in game mode. That’s not what game mode is for and it’s not what the user, certainly not I, expected. There should AT LEAST pop up a warning when the software switches the security level by itself.
On the other hand one could argue the problem is on the user’s end.
You normally run Custom Policy mode indicating you want full control over your network traffic. Yet for convenience you want to use Game Mode expecting the same control.
Control and convenience are two conflicting user demands. Getting more of the one will result in getting less from the other and vice versa.
I think the problem are the user’s conflicting expectations.
It didn’t switch the security level by itself. You switched it.
Game Mode may not work as you expected it to work, but as I pointed out, the help file describes exactly what the actions of Game Mode are. You could have read the help file, or asked what Game Mode actually does here on the forum before using it.
As Eric pointed out, it is impossible to have both security and convenience. To accommodate convenience, security must be compromised.
well guys, thats something that i have to talk about too.
i never use game mode here.
everytime I run any game I just run the game for the first time, see what popups comodo gives me and decide what to do with then. after “rulling” the game in comodo, from its popups or just in defense+, etc, the comodo will NEVER shows popups for this game again. thats because NO GAMES needs to change dlls or exes from itself.
and if the game needs some update, than you run it as the first time, mark all you want about the comodo protection, close the game and run it again and have fun without popups or worries.
thats what i do for about 3 years and NEVER HAD ANY PROBLEMS. NO FPS DROBS, NO SLOW FPS, NO GLITCHES, NO POPUPS AND THE FULL SECURE OF MY SYSTEM WITH COMODO INTERNET SECURITY.
sure, a lot ot gamers doesnt want to spend about 5 minutes to see what popups does comodo shows for each game loaded for the first time, but this is the best way to go (i guess).
So Comodo’s “Game Mode” changes the security configuration so that detection is suppressed. This is the development team’s choice and if this info is only found in ‘Help’, maybe it should be more prominently alerted to at the time the setting is adjusted.
For me the issue is that even an experienced user who had not read the ‘Help’, would not presume this to be normal behavior because other IS programs only suppress alerts when in “Game Mode”.
Detection is not suppressed nor is the isolation of unknown files. From the help file:
[b]Game Mode[/b] - Switches CIS to Game Mode to enable you to play your games without any interruptions from various alerts in your computer. The operations that can interfere with users' gaming experience are either suppressed or postponed.
In game mode:
Defense+/Firewall alerts are suppressed as if they are in training mode;
Defense+/Firewall alerts are suppressed as if they are in training mode;
AV database updates and scheduled scans are postponed until the gaming is over;
[b]Automatic isolation of unknown applications and real-time virus detection are still functional.[/b]
Deactivate Game Mode to resume alerts and scheduled scans.
Do these other IS programs you mention use a HIPS?
Game Mode does more than just suppress alerts because many users were having parts of their games blocked by Defense+. So how do you make it easier for novice’s to add rules to the HIPS when they don’t even understand what it is really doing? You add Training Mode. This way a person doesn’t need to know much about how to create rules. All they need to do is enabled Training Mode and start the program. CIS will learn the programs behavior, and there should be no further issues running the application.
It’s really only a logical progression of functionality. People are having troubles running their games? Have Game Mode institute Training Mode.
As both Eric and myself have pointed out from the help file, the realtime AV and the sandbox are still functioning in game mode, so you will still be protected from malware and unrecognized applications.
Just call the button “Trainingsmode Button”,
and show a warning about what using this mode will have as consequences (at the first using, with a “dont show again X”). And the suggestion to keep it enabled as short as posssible if.
Its not rocket science
Users are not stupid.
But they can be misinformed.
When I read “Defense+/Firewall alerts are suppressed as if they are in training mode” I understand it to mean that outgoing traffic that would normally be alerted to or blocked, is allowed without question. Is that not the point of the “as if they are in training mode” bit?
If this is the case, detection is not suppressed in comparison to being in “Training Mode”, but it is suppressed in comparison to how I would expect the term “Game Mode” to affect a programs operation, hence the need for a more blatant warning.
If this is the case, detection is not suppressed in comparison to being in "Training Mode", but it is suppressed in comparison to how I would expect the term "Game Mode" to affect a programs operation, hence the need for a more blatant warning.
Detection points to the AV and the AV is not affected by Game Mode. It means that the AV is active when running Game Mode.
The term Game Mode appears to be confusing. The request for a warning when enabling it would be worth a request for the Wishlist.
Are you sure about this? D+ has no detection capability? I’m surprised to learn that CIS has come full circle. Used to be whenever someone criticized the effectiveness of the AV, a barrage of “The AV isn’t really even necessary. Defense+/Firewall is the core component of CIS. I don’t even bother installing the AV” type comments would arise from this forum. Is the reverse now true? I.e. the AV is the core of CIS detection and fully active D+/Firewall is superfluous?
Automatic isolation of unknown applications and real-time virus detection are still functional.
I was referring to the real time virus detection
I'm surprised to learn that CIS has come full circle. Used to be whenever someone criticized the effectiveness of the AV, a barrage of "The AV isn't really even necessary. Defense+/Firewall is the core component of CIS. I don't even bother installing the AV" type comments would arise from this forum. Is the reverse now true? I.e. the AV is the core of CIS detection and fully active D+/Firewall is superfluous? I agree. I'll suggest it.
Of course things are not reversed. Prevention is what CIS is all about.
