Comodo Firewall is easily killable

ravel · October 26, 2007, 10:17am

Hi,

I have testet the BETA of Comodo Firewall and found out that the Firewall is easily killable via task manager (kill the cfp.exe). That means that a malware can simply terminate the process.

Sygate Personal Firewall 5.5 has a protection for its process.

It would be cool if you guys could implement such protection.

EDIT: If you want I could write a sample application that kills comodo to proof it.

Regards,
ravel

garry · October 26, 2007, 10:49am

Hi,

Which BETA version are you testing so that we can move this to the right BETA section of the forum?

Garry

ravel · October 26, 2007, 12:05pm

its 3.0.9.229 but i guess all versions of comodo firewall behave like that

ravel · October 26, 2007, 1:22pm

three lines of vb.net-code to kill the firewall:

Dim proc() As System.Diagnostics.Process proc = Process.GetProcessesByName("cfp") proc(0).Kill()

it even keeps the firewall-icon in the system tray so the user thinks he is still protected until he moves the mouse over the icon.

Blas · October 26, 2007, 2:32pm

Strange…
I am also using 3.0.9.229, and I can’t terminate cpf.exe via task manager. Maybe your installation is corrupted.

Ragwing · October 26, 2007, 4:39pm

Or simply create a batch file with either ‘tskill cpf’ or ‘pskill cpf.exe’
Is there any option to protect CPF 3 from unauthorized termination?
I doubt CPF 3 would lack this protection if 2.4 has it, so as Blas said, maybe your installation is corrupt?

Ragwing

ravel · October 26, 2007, 10:12pm

is rather think you aren’t using administrator accounts on windows. i do

Coolio10 · October 27, 2007, 2:27am

ravel i can also terminate cpf using task manager. Must be something to do with other software installed. Kinda dumb for me to be running the newest beta along with norton is 2007 :D.

Coolio10 · October 27, 2007, 1:20pm

Were using 3.0 beta.

We do not have that option.

JJasper · October 27, 2007, 6:04pm

Here is the latest test on v-3.0.10.238

John

[attachment deleted by admin]

Coolio10 · October 29, 2007, 12:01am

Do you have the hips on, or simple mode?

JJasper · October 29, 2007, 1:25am

I had it with HIPS on and in training mode.

John

hans010 · November 26, 2007, 6:36pm

I just read this post. No-one seemed to have answered this.

We now have the official v3.0.13.268 and I also tried to kill cfp.exe

Run taskmanager, end process and yes… firewall gone! Defense+ was not enabled but this should not be possible! I’m running a limited account. Something to fix soon it seems!

Smokie · November 26, 2007, 7:11pm

I’m running (getting used to) 3.0.13.268, I cannot kill the process using taskman. (Using XP-Pro).

Keep up the good work btw, MASSIVE ammount of changes to get used to after porting from 2.7.

hans010 · November 27, 2007, 8:40am

I bet you have Defense+ enabled. If I do that, I can’t kill cfp.exe either. BUT you can install this firewall without Defense+ and then it’s easy to kill the firewall. Just try it out…switch Defense+ to ‘disable’, and you can kill the firewall easily. If you can install comodo 3 w/o Defense+, cfp.exe should also be protected when Defense+ is not there.

Chuck · November 27, 2007, 11:31am

This is really too bad and should seem obvious, although when I was testing the beta, this issue was noted and was not subsequently corrected. It almost seems punitive to those of us who choose not to use Defense+.

ratchet · December 2, 2007, 4:05pm

Does anyone know if this will be fixed with the next update?

Blas · December 2, 2007, 4:42pm

Unfortunately no. Time will tell us:). (btw I am comfortable with defense+)
But I saw somewhere that in a future update their will be a Version2-like operating mode.(for those who prefer not to use defense+)

Chuck · December 4, 2007, 1:23am

This would be most welcome! CHUCK