Since the latest update, my Comodo Defense+ has gone INSANE! It’s alerting me to all kinds of things, registry changes, DLL access and so on. I have not changed ANY setting myself, so something in the latest update is messed up. It should not be alerting me to registry changes when I start Firefox or IE.
I’m using version 5.8.213334.2131
What to do? HELP!
Right click CIS’s system tray icon, select Configuration and if you have a configuration listed with “(old)” after it then select it.
Which version were you on prior to CIS 5.8? Have you altered any settings/options? Also how did you update CIS?
Many thanks for your reply.
I do not have “old” in my configurations.
I do not remember what version it was before the update. The application updated itself - it just asked me to apply the updates and restart, and then the main application window and all the alerts had a different look, and are now behaving strangely, with all these alerts.
It sounds like that you have potentially lost your previous settings… this isn’t dissimilar to the problem you had a few years back when you lost some of CIS’s settings. What Configuration Profile is CIS currently using?
But why did this happen?
I am running Firewall security.
Firewall Security? Was that the one you were previously using or did you change it recently? Do you only have the Firewall installed?
edit: Massive light bulb on your subject… try changing it to Internet Security.
Yes, it was on Firewall security before, as Internet Security was allowing connection WITHOUT asking me to pre-approved applications like Adobe and Apple and so on. I have the full security suite installed.
The Internet Security policy would probably do that because the Firewall Security Level would be set to Safe Mode by default. It sounds like you wanted Custom Policy mode. But, it should have also been the same for Firewall Security policy (which implies other settings/existing rules were the cause) and this doesn’t solve your current issue anyway.
Please check both the Firewall Network Security Policy and Defense+ Computer Security Policy screens and see if they are both populated with Application rules for software the you use.
Yes, both are populated, saying “custom policy” for a lot of them. But I still do not understand why this has all gone wrong with the recent update, when it worked just fine before?
I don’t know… that’s what were trying to figure out. I don’t remember seeing any similar reports like this.
Open up the Defense+ Event screen, press the More button and go to the Alerts Displayed item. Make the screen bigger & also make the columns wider to show more information and then post a screen shot here to give me an idea of what you’re seeing. Thanks.
Here it is, attached. I also got about 15 alerts from Comodo while trying to take the screenshot and save it!
[attachment deleted by admin]
Go to Defense+ Defense+ Settings and post a screen shot of the General Settings tab. Also go to Defense+ Computer Security Policy and confirm that the Predefined Policies tab is still populated. Thanks.
Here’s what those screens look like.
[attachment deleted by admin]
OK, I’m wondering if this has been caused by the Defense+ Clean PC Mode…
[b]Clean PC Mode[/b]: From the time you set the slider to 'Clean PC Mode', Defense+ learns the activities of the applications currently installed on the computer while all new executables introduced to the system are monitored and controlled. This patent-pending mode of operation is the recommended option on a new computer or one that the user knows to be clean of malware and other threats. From this point onwards Defense+ alerts the user whenever a new, unrecognized application is being installed. In this mode, the files in 'My Pending Files' are excluded from being considered as clean and are monitored and controlled.
.. and what CIS update might have done to the [i]My Pending Files[/i] list and your [i]Safe File[/i] list. Previously were you controlling the [i]My Pending Files[/i] list (moving known files to the Safe File list)? What was Safe List called do you remember? I beginning to suspect that the CIS update might have wiped this safe list and that is what is causing all the alerts.
In the mean time, I recommend switching Defense+ to Safe Mode to limit the amount of alerts and based on what you said previously… you might want to switch the Firewall to Custom Policy mode to stop applications accessing the Internet without your specific authorisation.
The Defense+ was actually in Safe mode when all this started, and in the previous version. I tried switching it to Clean mode so see if that would help, but it didn’t. So the alerts appear in both settings…
I’d better take a look at some more elements of the logs in more detail. Get to the external Log Viewer, by using the More button on any CIS Event log. In the external Log Viewer press the “Entire Period” button, then select the Alerts Displayed item. On menu item File (at the top) select Export… and choose a name & place to export that log to (they’re exported in HTML format). Also do the same for Tasks Launched and Configuration Changes. Now, ZIP the three HTML files up post them here as an attachment. I’ll go through them & see if I can figure what happened. It might take a little while though.
Can I email those to you, or send them in a PM?
Thanks so much for your assistance!
You can’t attach files via PM. So, you’ll need to email me. My email address is under the
to the left of my posts.