Comodo FW & Antihook

Hello Forum,
Are there any none problems using Antihook with CPF, I installed Antihook yesterday and keep getting pop-ups from CPf everytime i logon to Google.Is there something I have to change in CPF.
Badcompany.

Specify the pop ups, this would be easier to tell then. Anti hook is nothing more than a HIPS based program which I think is preventing Google from installing a cookie or whatever needed to stay a trusted and remembered application…so it keeps being a notification through CPF as it’s probably deleted and re-inserted each time you access Google to logon. Does this make sense? To CPF , it only exists when you access it, then it’s deleted by antihook or blocked and keeps coming up new to CPF. On another note, perhaps more specific, it’s preventing CPF from keeping record of trusted applications.

Paul

Hello Paul,
What you are describing sounds just about right,Antihook is preventing CPF of keeping a record. Because I’m not computer savvy I can’t fix this problem. So the problem lies with Antihook.
Badcompany.

I can do a check as well as you, to see if antihook has setting to allow CPF to keep settings. It should have such a thing. :wink:

Paul

Thanks for the info, I will reinstall AH tomorrow ans see if I can change the setting to allow CPF.I uninstalled AH because I was p***ed off with the pop-ups. I will let you know how it goes.
Badcompany.

Great, and yes, please let me know. :slight_smile:

Paul

hi Paul,
Can’t find where to change the setting in Antihook to allow CPF.I’m not computer savvy.They have just released version 3, perhaps that will run better.
Badcompany.

Hi, this is probably because you need NET framework to use the editor. :wink:

Paul

Hi, Badcompany.
I think the solution to your problem is as follows:
Open COMODO and go to Security - Advanced - Application Behavior Analysis. UNCHECK ‘Monitor Inter-process memory modifications’ and ‘OK’.

The problem is as follows: Anti-Hook modifies the memory of all the applications that get Internet access and you will continually get alerts from COMODO until you remove the memory modifications parameter. But you have that in Anti-hook already, so it’s safe to disable it in COMODO.

Please let us know if this works for you…

P.S.: I hope you realize that without the rules editor installed, and when running AntiHook in ‘Fingerprint’ (Training mode), it is pretty useless. You should run it in ‘Normal Mode’ and install the Rules Editor (right-click on the icon and choose Rules Editor). It will be a bit uncomfortable in the beginning because you really get a lot of alerts, but if you take some time to create rules for all programs you intend to use on your computer, your life will become easier afterwards…

Paul Wynant
Moscow, Russia

Hi Paul,
Thanks for the information much appreciate, I will install AH and follow your instructions.I will let you know how it goes.
Badcompany.

2 Badcompany:

I just installed it (especially for you ). Good choice! Actually the best I’ve ever seen…

Paul Wynant
Moscow, Russia

I am going to install this as well, hey two Paul’s helping are better than one! lol. :wink: Sounds like a good idea, hope it works.

Paul 2

After installing AH and Net-frame I got the BSOD, re-booted and i think everything is ok. Is this normal.
BC.

Well to put it lightly, no BSOD is normal. However, sometimes it will happen and not return. I have gotten BSODs and then they didn’t come back. If it re-occurs, then I would worry. Did you do what “Paul 1” suggested or no? This makes a difference as well.

Paul 2

           Yes, i did what Paul suggested, I got the BSOD after installing the net-frame.

Do you keep getting them? I honestly haven’t heard too many BSOD issues with NET but doesn’t mean it’s not possible. First I would wait and see what happens , if it no longer occurs, I wouldn’t think anything but a hiccup. Of course if it keeps happening, then I would uninstall it. Strange though. I have installed it numerous times on numerous computers and can’t say personally I have had NET cause a BSOD but as I said, it’s not impossible and sure other’s may have had this. I won’t rule out Paul’s suggestion either, or a combination of that with Net possibly but since this did occur with and after NET, we have to look to that first. Let me know if you keep getting them or not, thanks.

Paul

Ok. Here the order of install is important.

You should FIRST install net-frame (version 1.xxx, not version 2.xxx).
Then, for security purposes, you should disable the ASP service in Control Panel - Administration - Services. Double-click on the service. Start-up Type: Disabled. Reboot. [Anti-Hook will work without this vulnerable service]. If you are just as particular about security as I am, you could go as far as to delete the user account ‘ASP.Net’ in Control Panel - Administration - Computer Management - User accounts. It is not needed and is just another attack vector.

Then you install COMODO and then Anti-Hook. That is the right order. No more BSoD’s should appear now…

P.S.: Shutting down unnecessary Windows services is something that can boost your security up to 75%! If you need any help doing that, I’m ready to provide you with a list of services that can be safely shut down. For example: nobody needs the vulnerable DNS Client service; all applications are able to do the DNS query themselves. If you don’t disable this, you will have an open port. Also, if you have XP SP2, you don’t need the Application Layer Gateway service (alg.exe). This also opens a port or two. Although you may appear ‘Stealthed’ on-line, it is always better to close ALL ports you don’t need. You can easily check for open ports by using TCPView from here:
http://www.microsoft.com/technet/sysinternals/utilities/TcpView.mspx
Download link down the page (55KB). No install needed. Just open TCPView.exe and it will tell you the status of all ports and which applications are active there. ‘LISTENING’ state means: an open port that CAN be attacked with buffer overflow attacks, even if you have the strongest firewall ever. ‘ESTABLISHED’ and ‘TIME_WAIT’ is ok.
NOTE: when you disable services, you should be off-line. Afterwards reboot. Manually stopping services after you set the start-up type to ‘disabled’ doesn’t always work…

Paul Wynant
Moscow, Russia

Hi Paul Thanks for all your help and info. I think everything is ok now no more blue screens.I would like a list of Windows services that can be safely shutdown.
Badcompany.

Remember, you should be Off-line to do any of this. After you put everything on ‘disabled’ or ‘manual’ as indicated, reboot the computer!

Windows XP Pro (and Home):
Each service is listed as it is in Microsoft’s Windows XP Professional. These should be similar in Microsoft’s XP Home as well. I hope the names are all correct, because mine is a Russian version of XP.
* Alerter
* Application Layer Gateway Service (disable only if you have XP SP2)
* Automatic Updates: enable it once a month, together with BITS (the next on the list) and Event Log (which cannot be disabled). The three are necessary to update Windows. For the rest of the time, they just don’t do anything useful (BITS even leaks your info!!!)
* Background Intelligent Transfer Service. Is known to leak info. Enable once a month for Windows Updates and then shut it down again.
* ClipBook
* Computer Browser: If you are on a network with other computers, and need to see them, this may be a useful tool. Otherwise, disable it.
* Cryptographic Services: Unless you are in a large corporate network where connections are managed through authentication, this is unnecessary; disable it.
* Distributed Transaction Coordinator
* DHCP Client Disable if you don’t have a modem or a stream connection.
* DNS Client: all applications can make a DNS query themselves. Shut this down against Trojan exploits. Also, don’t make global DNS rules for ALL. You should do this per application. Some Trojans mask their connecton through a DNS query. If you have per-application DNS rules, they can’t fool you. That is probably the reason that COMODO has the ‘monitor DNS queries’ enabled by default, and it should stay that way!
* Error Reporting Service: Microsoft is not going to solve your problems anyway. Shut this down.
* Help and Support: If you know how to use Google, disable this.
* Human Interface Device Access
* Indexing Service: very tricky service. You should disable this and FORBID indexing on all your disks. Shut this down.
* IMAPI CD-Burning COM Service: leave this on ‘manual’ if you have a CD burner installed. If you don’t, disable it.
* Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): since you have COMODO to protect you: shut it off.
* Messenger: responsible for a lot of spyware/adware pop-ups. Disable.
* Net Logon: Unless you need this to operate inside a domain, it’s likely not necessary or useful. If you are using a home or SOHO PC and don’t have a local domain based network, disable it.
* NetMeeting Remote Desktop Sharing: Do you really want a built in tool to share control of your desktop over your network connection? Disable.
* Remote Desktop Help Session Manager: If you don’t want to share control of your computer through your network, disable it.
* Remote Registry (exists only on Pro, but is enabled by default): a shame; great hacker tool if you can’t secure it. Disable it.
* System Restore Service: This is almost useless if you ever have a problem with damaged drives, corrupted data, or malware (you delete, and this services restores the viruses right back!?). Better turn it off and use some good backup software. (I use Norton GoBack)
* TCP/IP NetBIOS Helper: DO NOT use NetBIOS on-line. Disable it in your connection settings together with LMHost Lookup.
* Telnet: leaving this on (even on manual) is a VERY BAD idea.
* Terminal Services
* Themes: If you aren’t addicted to cute desktop eye candy, disable it.
* Uninterruptible Power Supply: Unless you are using a UPS on your computer and it has the capability of managing the system, disable it.
* Upload Manager: If you are not in a local network sharing data (files and/or services), disable it.
* Windows Time: leave on ‘manual’
* Wireless Zero Configuration: Unless you use 802.11 devices, disable it.
* Workstation: If you are not in a local network sharing data (files and/or services), disable it.

What I did is rather extreme, but it works great: I disconnected myself completely from all Microsoft’s wonderful services by UNINSTALLING EVERYTHING in the Internet connection settings EXCEPT for Internet protocol TCP/IP. You can also just uncheck, but remember that there are programs that can check it again without you knowing about it. AOL is notorious for doing this…

P.S.: another service that tends to open ports for no particular reason is the so-called ‘Scheduler service’ (hope I got the name right). If none of your applications use this, you should also disable this one…

Paul Wynant
Moscow, Russia

Paul W.,

Did you ever see the “Black Viper” services configs? Most agree with yours (within debatable differences), except for one:

Workstation ~ Used to connect local computer to remote computers. Examples: Internet connectivity and local File and Print sharing. Many services depend on Workstation to be functioning. Leave it on Automatic.