Running latest Comodo System Cleaner alongside Comodo Firewall (will install the latest NOD32 ASAP).
I clicked the “Advanced options” arrow in a Defense+ alert box and the alert box now overlaps onto the system tray. This carries over into all future Defense+ alert boxes. I can’t even move the alert box so that it doesn’t overlap the system tray.
I haven’t tried to solve the problem but I’m open to suggestions.
No crash dumps as the program hasn’t crashed.
I don’t think screenshots are needed as it’s a pretty obvious thing that occurs. You’ll know it when you see it.
I have noticed in the Defense+ logs that there’s an abnormally large number of instances where C:\Program Files\Logitech\SetPoint\SetPoint.exe (a legitimate application related to Logitech mice and keyboards) is blocked from accessing the memory of various applications related to Comodo Firewall (cfp.exe, cfplogvw.exe, cfpupdat.exe).
I tried right-clicking one of these events and selecting “Add to trusted files” but I get a dialog box popping up that says SetPoint.exe is already a safe file.
Configuration is set to Firewall Security (firewall and Defense+ in Safe Mode, sandbox disabled). There were no previous settings imported.
Running the latest Comodo System Cleaner alongside Comodo Firewall (will install latest NOD32 ASAP).
I can’t close any Comodo Firewall windows from the taskbar previews in Windows 7. This is apparently being caused by Defense+ blocking explorer.exe from terminating the related process (cfp.exe and cfplogvw.exe are the 2 main targets).
Tried to solve this by right-clicking the related entry in the Defense+ event log and selecting “Add to trusted files” but I get a popup that says explorer.exe is already a safe file.
There’s no program crash so no crash dumps are required.
No screenshots are necessary as it’s so easy to reproduce it isn’t funny.
Can’t think of anything else that could be relevant.
My configuration is Firewall Security (firewall and Defense+ set to Safe Mode, sandbox disabled). No imports of previous settings were made.
1. Your Operating System (32 or 64 bit) and Service Pack revision
Windows 7 32 bit
2. Other Security and Utility Software Installed
none
3. Step by step description to reproduce the issue
Registry key for proxy server is still not protected. I found malware that bypassed it again. Egemen I will PM it to you.
4. How you tried to resolve the problem
none
5. Upload Memory Dumps on crash if you encounter any
none
6. Attach screenshots to your posts to clarify the issue further
none
7. Any other information you think that might be useful
none
8. The CIS Security profile your using, and if you imported a previous version of the config
default
WIN XP Pro 32bits SP3 guest on VMware, (host machine Win7 32 bits)
n/a
downloaded and run few malware from MDL, some of unrecognized running in sandbox, from unrecognized files window submitted files, while deleting files from “unrecognized files window” system crashed (BSOD)
n/a
download attached zip file
screenshot of added protected files and folders
added “\RPC Control\AudioSrv” to “COM interface groups”
Please post them. My visual imagination is not that great as may be others.
I have noticed in the Defense+ logs that there's an abnormally large number of instances where C:\Program Files\Logitech\SetPoint\SetPoint.exe (a legitimate application related to Logitech mice and keyboards) is blocked from accessing the memory of various applications related to Comodo Firewall (cfp.exe, cfplogvw.exe, cfpupdat.exe).
I tried right-clicking one of these events and selecting “Add to trusted files” but I get a dialog box popping up that says SetPoint.exe is already a safe file.
Configuration is set to Firewall Security (firewall and Defense+ in Safe Mode, sandbox disabled). There were no previous settings imported.
This is not a bug. Please open a topic in the D+ help board about this. Also don’t mix two or more bugs into one bug report. This will help the devs to keep track.
application added in “always sandbox”
run this application
view active process list
this application sandbox level was marked disable, however it should be marked “partially limited”
I thought the information regarding SetPoint.exe might’ve been relevant to the report. That’s why I put it there.
EDIT: Screenshot of glitch has now been attached. I’ve also found that I had my mouse button held on the wrong part of the alert. That’s why I couldn’t move it.
7a. It seems my system crashes is somehow connected to “treat unrecognized files as: untrusted”, coz there is no system crash if I change back to “partially limited”, I will test some more tomorrow, please can someone confirm?
8a. + added “%ALLUSERSPROFILE%\Documents*|” to “protected files and folders” (after change back to “partially limited”, so no crashes yet)
1- Win 7 32 bit in VirtualBox on Ubuntu Host
2- GesWall
3- CFP Defence Plus in proactive security, paranoid mode, AV and Sandbox disabled.
a-Launched Firehole leak test, it injected firedll.dll into internt explorer. CFP Defence plus gave pop up alerts about Firehole lauch, dll creation and IE launch but no pop up of dll injection- test failed miserably
b- Disabled defence plus, installed Family Keylogger,
enabled Defence Plus, launched family keylgger, again Defence plus warned about its launch and modification of its log file( txt file) but no warning of global hook by keylogger and Defence Plus failed miserable. Keylogger recorded strokes happily.
c. Launched AKLT, allowed the pop up alert of its launch. CFP defence plus failed to intercept even a single keylogging method.
4, 5, 6, 7- None
8- CIS in Proactive Security, with paranoid settings, sandbox disabled, explorer.exe set to Ask on each execution, rather than default allow.
Your Operating System (32 or 64 bit) and Service Pack revision Windows 7 32 bit
Other Security and Utility Software Installed none
Step by step description to reproduce the issue Run starcraft 2 game results in black screen and have to alt tab and do task manager to get the screen to come up (see screenshot below) Comes up as a buffer overflow thing. I’m able to skip it this way but this would be a problem for most people.
How you tried to resolve the problem Task manager allows me to skip the problem and remember it for next time.
Upload Memory Dumps on crash if you encounter any None
Attach screenshots to your posts to clarify the issue further Screenshot attached.
Any other information you think that might be useful I notice all game alerts never come up over the screen and require alt-tab. Being a new popular game with 1million+ players may need to look into this one.
These are not related to that setting, these are learned because the could possibly break your system from booting normally, the check mark only works for apps that launch after logon.
