Comodo Firewall v4.1 and Symantec WorkSpace Virtualization

I use Symantec Workspace Virtualization (SWV) for some applications - for eg. Microsoft Money.

Whenever I use MS Money I get prompts from Comodo firewall that it wants to access Internet. No matter how many times I tell the firewall to block this and check the “remember my answer” check box - the prompt keep coming back. This may have something to do with the fact that (SWV) modifies the file path…

I need a way to specify a firewall rule such as “Block any application which has msmoney.exe in its name”.

I tried to turn off internet access from within MS Money using preferences - but was not successful.

This issue is specific to virtualized applications - there is absolutely no issues with normal Windows applications.

This is the behaviour CIS has shows when you run something from a mounted device (external hd, usb stick or drive, encrypted volumes…). It will only remember the answer for the Windows session (i.e. until the next reboot).

That is by design and is there because those devices may get unplugged and cannot be monitored anymore by CIS thus creating risk of infection.

I recently saw another example of this when somebody was running a trial of Microsoft Office in a virtual environment and had the same problem with CIS “forgetting” rules.

How unplugged devices can be a risk of infection? ???

They can get plugged to other devices and get infected. There is no way of knowing what happens after they get unplugged. That makes them inherently insecure.

Well, not if the security tests are done before: the antivirus scans, the hash are calculated for the firewall, etc.
I suppose that any allowed file by the antivirus, firewall, Defense+ and then, afterwards, changed, it WON’T be allowed/executed. It’s the minimum I’ll expect of a security suite…

CIS until v4.x never used hash checks for files. It trusted its own ability to prevent files from being changed was enough. In such a set up unplugging a device makes it a security risk.

In the v5 beta it seems only implemented for D+ at the moment:

Wow… What does it do for that?
Verify the file name and path ;D

Comodo believed that the set of monitor parameters it is using would be enough to be able to prevent the files it protects from being changed and therefor not needing a hash check.

Well… Anyhow… Security tests are done and the file is considered clean. So even disconnect devices, if they get infected, will be submitted to this security tests and if fail, you’re secure, aren’t you?