Comodo Firewall v3 locks user out ((3.0.15.277, X32, XP)

I’m no IT expert but I’m far from a casual computer user as well, so I know my way around a firewall. The software looks very impressive and has many great reviews and scores on various tests, but I really feel that the ease with which it can completely lock out an administrator from their computer is very worrying. It happened to me within five minutes of installation.

I let it learn my programs that should be granted access to the internet, and then I opened up one it didn’t recognise, a PS2 emulator I was running an experiment on. Why it needed to access the internet I don’t know, but I decided to select the option to have the program’s details sent to the company site for analysis. Then the alert disappeared, but the program wouldn’t load.

So I tried it again, only to be told that I did not have sufficient access privileges to open that file. Or any file. Or the control panel. On any account on the computer. Effectively, for clicking that option, I had been locked out, and no amount of reboots or fiddling or waiting would clear the problem. So I went into safemode and uninstalled the firewall.

This may have been some kind of oversight on my part but when a product can have such a massive effect from a single unwitting error (and I don’t see where it could have been made) by an experienced user, it’s probably got some issues to work out. That’s why I’m sharing the information, not because I want to say “boo this firewall sucks”, but so you know that it’s having this effect at times and might be able to address it.

I posted this already in the feedback forum but was asked to bring it here as a bug report.

OS: Windows XP Home with SP2
CPU: AMD Athlon 64X2 2200MHz
RAM: 1GB

Please add more details to your bugreport in order to explicitely state what kind of alerts you got.

Alerts comes in Two categories Defense+ and Firewall.
It would be very unlikely to lock such many resources denying a firewall alert.

The most common culprit should be Delense+ execution control alerts for app launched using shortcuts by explorer.exe.

If you click ok to the alert I attched you’ll set explorer policy to isolated app (this will cause a lot of issues).

I guess that in order to prevent this the “treat application as” should be disabled in Execution alerts.
But I guess that in such cases a new option should replace that one in order to set the policy of the child app.

Infact the execution alert is usually triggered also when the parent app already got an assigned policy.
Overriding an existing policy should be prevented.

Assigning a policy to a new app before it runs should prove useful to cut down the number of D+ alerts.

This option could be activated only if the child app has not any assigned policy or
it could be used to assign a different policy if that app is run as a child of a specific process
(so it would be possible to run an app with different policies if the parent app changes)

[attachment deleted by admin]

This happened to me aswell. I had no permission to do anything. Your software seemed to have prevented several other processes I ususally have after boot, aswell as the main process of your own program suite. So it’s very likely it even left my system open for an attack! The only running process I could recognize as yours was cmdagent.exe. *See below for a list of running processes.

I am happy for the breath of fresh air on the free firewall market (since Norton snatched Sygate sob). So even though I’d like to smack you over the head for locking me out of my own system I’ll try to be as constructive as I can. Unfortunatly I obviously wasn’t expecting this to happen and when it did my options to gather usefull information was pretty restricted.

Some likely things I did that might have caused this was kill the cmdagent.exe, set the defence+ to disabled, set defence+ to clean PC. I also remember setting something to isolated app (didn’t know what that would do; imho the term is formulated descriptive/intuitive enough) - but noticed it prevented me from accessing files, so I opened the Comodo interface and managed to revert things back to how they were. What order I did all of thesea ctions, if I rebooted between the steps, I don’t remember unfortunatly. In any case next time I restarted I was locked out, my process list looked as shown below and there was no tray icon for Comodo nor anything else, except network connections. Executing any program, including Comodo, was prohibited. Thankfully I was able to rightclick and disable my wireless connection to protect me from external threats. Pressing my hardware button for that did not work as it needs it’s proprietary software.

*The running process for all users after rebooting.
Under normal circumstances this list is usually about twice as long.


Name PID

mysqld.exe 1912
ati2evxx.exe 1860
cmdagent.exe 1672
spoolsv.exe 1596
svchost …
svchost
WLKEEPER
S24EvMon
taskmgr
EvtEng
svchost
Wacom_Tablet
svchost
ati2evxx
lsass
services
winlogon
csrss
smss
wmiprvse
explorer
Wacom_TabletUser …
wdfmgr 276
Wacom_Tablet 204
System 4
System Idle Process 0

all policies can be reviewed an changed. You got it right “Isolated app” is just a name and you can change that name using D+ advanced\Predefined security policy.

If you set an isolated app policy when you get an execution alert then you’ll limit the parent app. In your case you assigned a rstrictive policy to explorer.exe (your windows shell)
As you don’t know what you exactly did the only way out is to run in safe mode and use Miscellaneous\Manage My Configuration to select another poliy.

You may also attempt to change D+ security policies from safemode afterall you only need to find all application marked as “Isolated app”