Comodo Internet Security MAJOR FLAW???

Ok, running Comodo Internet Security x64 latest version fully updated on Windows 7 RTM x64 (via MS technet account) and installed this program and was thinking I had found a nice firewall/defense software less the antivirus as I like Avira Antivir and left the antivirus off the installation. The problem is that all was working fine until I ran a program (PopPeeper) to check my email and decided to test how the configurations worked and selected Limited or Isolated Application, I cannot recall to be honest. I then got an error stating “Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item”…not too bad…problem then was EVERY other program no longer would open. I could not run msconfig, IE, Firefox, K-meleon, Nfoviewer, Opera, I decided to exit CIS which was still running and afterwards it even could no longer be opened and I was told I was denied access same as above. This installation had been working fine and was done less than 30 days ago so the only faults I can see are with CIS somehow, if anyone has experienced this or knows anything about it I’d be happy to hear it, the only problem I can think somehow is the cause is because I do not install to the C drive as it is an SSD and is 60GB and I have so much more space on several other internal drives for installations and such, thanks to anyone that knows anything of this issue. I included an example of the error and hope it helps, only way that I was able to type this is I managed to uninstall CIS and Opera launched on it’s own to get feedback on the uninstall, irfanview now works by launching from within opera with custom button but most all other items still do not work properly.

[attachment deleted by admin]

I suspect that you have actually set explorer.exe as an isolated app.

Check your Defense+ rules for anything related to explorer.exe and change them to a more logical assignment. If explorer.exe isn’t the culprit, check the other app rules in D+ and change accordingly.

Ewen :slight_smile:

Perhaps explorer tried to execute Pop Peeper and choosing Isolated or whichever would have done that…problem came with the fact that it could not be undone, uninstalling it and a reboot and I am back to normal but I’d like to have it installed, problem there is that the old setting may be there and then I can again not undo it. I tried looking everywhere, clicked through every menu one by one and tried adding Safe Apps and such and nothing less uninstallation resolved it because although it was already running I think it wouldn’t work same as anything I tried to open. Any thoughts on the installation location as a problem? I am concerned that a reinstall will put me back in the same place and then possible not allow an uninstall again, I’d hate to be completely stuck and unable to uninstall if it reoccurred. Thanks for your reply and I maygive it another shot sometime.

By uninstalling the affected configuration is deleted whereas reinstalling will setup a default configuration.

But if the same scenario occurs again it would be possible to cause the same issue by restricting explorer.exe again.

In such case it is not necessary to uninstall CIS but it might be needed to boot in safe mode (or use SHIFT+CTRL+ESC to launch Task manager and then use New Task/Run… to find comodo folder and launch cfp.exe) to change back explorer.exe policy.

Setting explorer.exe policy to custom policy or Trusted application will revert back the policy.

Though setting explorer.exe to Windows system application might allow explorer to run any progam without triggering an alert (this would prevent the chance of assigning a restrictive policy on explorer related execution alerts)

When an application shortcut is launched it is actually explorer.exe that require Run an executable access right.

When an alert is displayed the Treat As predefined policy apply to the left side program on the alert (eg explorer.exe).

It is likely that launching Pop Peeper this explorer.exe alert was displayed and thus Treat as Isolated Application was applied to explorer.exe.

When Image execution control setting is not disabled (eg When CIS proactive Configuration is used Image execution is set to Normal).

The Isolated Application policy will prevent the application whose it was assigned to launch any executable.

Setting Image execution to disable might provide a way to troubleshoot Run an executable related issues (eg in case a custom policy was manually modified to block such access right)

[attachment deleted by admin]

Thank you for the detailed information…my only issue was I could not launch cfp.exe, otherwise your information I think is most likely what happened, I appreciate the assist, I am not one to request but am usually the one giving help so this is a change from the norm, thanks again to you both! I’ll post back with my findings as I am going to give it another chance, really all I want is Intrusion Detection or Prevention software that is x64 compatible and finding that has been a challenge, Threatfire is in beta though and working well, hopefully GesWall produces an x64 version soon.

Yep, other than rebooting in safe mode it could be possible to use shft+crtl+esc shortcut to launch taskmanager (using those key combo taskman.exe will not be lauched by explorer.exe but by winlogon.exe) and use it to run %ProgramFiles%\COMODO\COMODO Internet Security\cfp.exe, running cfp.exe a second time will make CIS GUI appear again.

I prefer the cntrl+shft+esc method but was not aware of the need for a double launch…I have reinstalled now and it is workiing, only thing I find now that would be a nice improvement is on the Summary view you see items blocked, I clicked it and it blocked something I told it to treat as Trusted, when clicked it brings up a Log which I wish allowed a right-click and Add as trusted or some other setting change as opposed to only a report of an action, maybe I will eventually add that to the Wishlist section. I went through and added the file in multiple places and double-checked the access allowed and it seems to be setup to allow now, time will tell and if not then it isn’t a major issue with the affected program in this scenario. :-TU

Usually it is possible to open CIS gui doubleclicking on the shield icon or on the tray area (or using its right-clik menu) but the Isolated application policy applied to explorer.exe prevents that as well (double click will be logged as blocked sendmessage from explorer to cfp.exe).

The double launch will open CIS gui just like double-clicking on the tray icon does. If this was not possible by rebooting in safe mode it would be possible to lauch CIS gui manually and apply the changes there.

Indeed something like that would come in handy it was suggested by another member as well (tcarrbrion) and it is likely other members would like it as well. :-TU

I like the app for the most part, I’m not sure yet how much it offers but I like using new software and hope it is a good combination when used with Threatfire and Antivir, finding a suitable solution for clients to reduce or eliminate the infections of malware/spyware, virus etc. is ideal and hopefully using a few of them with time I can locate the best and easiest to use for those that require the easiest and least needed interaction for there protection solution. Although I like CIS I am thinking it is not ideal for the most basic home users, the only reason I requested a solution is to speed up the process, Safe Mode I did not try at that point, I had surgery on Friday so my patience is shorter than normal and the quick way out is to ask for help, yours has been great and I appreciate it. :slight_smile:

I haven’t personally experienced any severe infections but may load of a virtual install and try to hammer it once I have decided which apps I want to test in that environment, hopefully CIS will use it’s Defense portion as a IPS well enough but only time will tell that for sure. When I reloaded CIS I manually removed all leftover references in the event some settings were retained. I noted that the firewall I was testing before allowed me to launch skype but I was able to block skype manager which is the addon mess I never bother with, with CIS it is trusted so both modules are automatically allowed, also I noted about 4 IP addresses with the other that constantly hit every 10 minutes or less, some from Netherlands, China, UK, and one in the US half the country away from me, with CIS I haven’t seen any of the four showup in logs or active connections, unsure just yet what to think of that… thx again.

I recall some other members use CIS along with threatfire in a topic devs set-up to get feedback on CIS compatibility with 3rd party product.

If you wish you can disable the automated learning for the firewall by setting it to Custom mode and then chose the Alert Frequency Level you prefer (Firewall Tasks > Advanced
Firewall Behavior Settings > Alert settings).

You can also create some custom Predefined policies (Firewall Tasks > Advanced >Predefined Firewall Policies) to use the later.