Comodo not remembering trusted programs

I have re-added, re-launched, and rebooted about 100 times a day just to try to add programs. It doesn’t seem to remember. Whenever I try launching programs, it throws out the alert window. I know that program is launching. I CLICKED THE ICON!!! Stop popping up and just run the ■■■■ program.

I am having to close down everything to “test” how to get programs to work. I go to Security, Application Control Rules, I select “Add”, I browse and select the right .exe file, then I associate the browser, then I select “Allow all activities for this application”, then I reboot. I also tried just closing out and relaunching. Everything I could think of.

Whenever I launch the programs again, it asks me again. This is occupying hours of my time I would rather be doing something else. Can Comodo allow us to set a rule for 1 program and leave it at that?

This is my main gripe with Comodo, and I am seriously considering uninstalling the program. AVG is the program that is identifying my problems, Comodo is crippling me to the point I can’t use the computer.

I am having the same issues as well. I run the Wizard, then launch Outlook and it pops the alert, and I select the check box to remember this setting and allow the program.

After a reboot, it will sometimes again alert me for the same program. This happens on just about every program (including IE and Firefox etc) over and over again. It seems like there must be a bug in Comodo, as it isn’t remembering the settings.

Fred H,

This is only my opinion, but I would avoid using Outlook. You can import your contacts using Thunderbird Thunderbird — Make Email Easier. — Thunderbird

I would not uninstall Comodo and suggest you try this method instead with Comodo.

There are a few things that factor into CPF’s alerts for applications:

  1. The Alert Frequency level (Security/Advanced/Miscellaneous). If the slider is set to High or Very High, you will get alerts for each IP address the program is accessing, as well as Port, Protocol, etc. Each time any aspect of that is different than an existing rule, you will get an alert. If you move the Alert Frequency down, then click OK & reboot, that will decrease the popups.

  2. Comodo’s safelist (Security/Advanced/Miscellaneous). Check the box “Do not show alerts for applications certified by Comodo.” Click OK and reboot. Now the applications on Comodo’s safelist will not trigger alerts.

  3. Application Behavior Analysis (Security/Advanced/ABA). These are types of communication attempts that CPF monitors, and will alert on if they occur. This is not the same thing as an application trying to connect (as per the Application Monitor). This is an application trying to connect in a way that resembles malware activity. It is very important to read the information presented in the alert from CPF; if it gives you an alert, there is a reason for it.

  4. Installation choices. If you chose to do a manual, “Advanced” mode installation of CPF, rather than “Automatic” you may encounter problems by incorrectly configuring CPF.

  5. Security software. If you did not deactivate resident Antivirus, Antispyware, or HIPS software prior to installing CPF, you may encounter problems due to interference with the installation of CPF.

LM

Thanks for the tips.

Little Mac,

Thank you for your comments. Here are my responses:

ISSUE 3 - I haven’t looked into the “Application Behavior Analysis” part of Comodo, so I would have to look more into this. Could you give a starting point? Is there a help page?

ISSUE 4 & 5 - Regardless of the mode or co-existing applications, I expect the program to work in either scenario. I find your responses in these areas not really addressing the issue but laying excuses for the program’s weaknesses. So I don’t appear to be vague on this, please read the next response so I can give a detailed example of what I mean by “weakness”. I think you will agree then, if not now, Comodo still has work to do with its firewall program.

ISSUE 1 & 2 - Start with 1. “The Alert Frequency level” addresses every program if I am not mistaken. If so, then if I were to lower the security, then it would lower security levels across the board. I want to lower the security level for ONLY one program while keeping everything else HIGH. I thought “Allow all activities for this application” was to alleviate constraints on one program while giving the user not only security but also freedom to pick and choose what programs required desired security levels. If I were to take your suggestion in the state the program is in now, I don’t see how I could adjust the alert frequency level for specific programs. This is one weakness in the Comodo firewall program.

The second deals with ignoring alerts. I haven’t verified this, and right now Comodo is uninstalled, but I thought I tried this. If I am correct, this doesn’t solve the issue. It still hangs or gives an alert message. I would never want to ignore alerts, either A) permit a program and STOP with the alerts, or B) Send alert because that file launching doesn’t have permission to auto-execute.

These seem like common sense expectations in a program. If the Comodo program can be set to allow certain programs easily, effectively, and in a reasonable amount of time (half hour at the most), I will reinstall Comodo. I may even consider paying for it. However, in the state I see it now after using it for a week non-stop (I have been reading, testing, learning, discussing everyday here and on other sites to learn more about firewalls), I just don’t see the benefits yet.

If you find this useful criticism of the program, please share my concerns with the developers.

Good morning, wwwdotcom (or at least, where I am, drinking coffee…)

I’ll try to answer your questions one at a time here; please bear with me.

From the CPF GUI at the top right there’s a link to “Help.” You can find explanations of ABA within the help file. You can access the settings for ABA in Security/Advanced/Application Behavior Analysis, to change which ones are being monitored.

ISSUE 4 & 5 - Regardless of the mode or co-existing applications, I expect the program to work in either scenario. I find your responses in these areas not really addressing the issue but laying excuses for the program's weaknesses. So I don't appear to be vague on this, please read the next response so I can give a detailed example of what I mean by "weakness". I think you will agree then, if not now, Comodo still has work to do with its firewall program.

I have seen a tremendous number of problems solved by users reinstalling and choosing Automatic instead of Advanced. As with any software, choosing an Advanced installation/setup is not recommended until the user knows what the software does and how it works. I cannot quantify what configuration issues were caused by them choosing Advanced over Automatic, because they could not explain exactly what they did during the install/config process; since they were not already familiar with CPF, things were pretty much permanently messed up (until an uninstall/reinstall).

I have also seen a tremendous number of problems solved by users uninstalling/reinstalling CPF after deactivating other security software. It is a very common problem to have software problems if the user does not deactivate security software prior to installation. The security software is frequently trying to protect files/registry that need to be written to. Even if the user is given a popup to allow the install action to occur, and does allow it, an error may have already occurred. This is the nature of computers. At times, it seems like a butterfly flapping its wings in the rainforest will cause problems… ;D

I assure you, I am not trying to cover up any CPF weaknesses; as with any software, there are issues/glitches; some of these are directly related to CPF; some are related to the individual’s computer/software configuration. I am merely explaining some frequent causes of problems that users experience with CPF.

ISSUE 1 & 2 - Start with 1. "The Alert Frequency level" addresses every program if I am not mistaken. If so, then if I were to lower the security, then it would lower security levels across the board. I want to lower the security level for ONLY one program while keeping everything else HIGH. I thought "Allow all activities for this application" was to alleviate constraints on one program while giving the user not only security but also freedom to pick and choose what programs required desired security levels. If I were to take your suggestion in the state the program is in now, I don't see how I could adjust the alert frequency level for specific programs. This is one weakness in the Comodo firewall program.

Yes, the Alert Frequency works across the board; it does not apply to single applications (please feel free to add that to the CPF WishList V4 ). However, this is separate from the “Allow all activities for this application.” If you go to Security/Advanced/Miscellaneous and move that slider up and down, it will tell you exactly what aspect of alerts it is giving. These relate to IP address accessed, Ports used, direction of traffic (in/out) for the application, and IP Protocol (TCP, UDP, etc). The “Allow all activities…” more specifically relates to Application Behavior Analysis, rather than what is covered by the regular alerts. You will note when moving the Alert Frequency slider, that it makes no mention of Application Behavior; that’s because that is a separate issue.

For the second part, I do not advocate ignoring alerts, nor am I saying that you do. My point is that if CPF gives a popup alert that a program is trying to connect to the internet, there is a reason it is doing so. Users in general have a tendency to not pay close attention to the details of the message; however, that message is important to read before allowing or denying the connection attempt. As a note, in your first post to this topic, you said,

Whenever I try launching programs, it throws out the alert window. I know that program is launching. I CLICKED THE ICON!!! Stop popping up and just run the ■■■■ program.
; this would seem to indicate that you think that CPF is alerting you that the program is launching/starting/opening, but that’s not the case. CPF, as a firewall, only alerts you that a program is trying to connect to the internet in a way that is not explicitly addressed in the Application Monitor rules. CPF doesn’t care if you start a program; it only cares if that program tries to connect to the internet; that is the only job a software firewall has. Inasfar as the “Do not show alerts for applications certified by Comodo” goes, this only addresses applications that are on CPF’s internal safelist. While that list is growing, it only contains applications that Comodo has checked and verified, and has the necessary cryptographic signatures for; by checking this box, you will not see alerts for those applications; this doesn’t mean you won’t get alerts.

I hope that specifically addresses all your responses. As a Moderator, I am not a Comodo employee; I am a fellow user. As such, I have no interest in covering up CPF problems, and I have pressed Comodo on a number of things I have felt need to be addressed. Comodo has always been very responsive to its users’ concerns/issues, and has a strong presence in the forums. Although they work specifically from the WishList, rest assured, they have seen this thread. As to CPF’s security, you can review these independent tests: https://forums.comodo.com/index.php/topic,4232.0.html (there are two links in Melih’s first post).

I highly recommend you read through the links on this page: CPF FAQ; this is a compilation of the most frequent/hottest questions, and/or responses to those issues. There is a wealth of information here.

LM

PS: I noticed in one of your other posts that you starting looking into a firewall after getting a computer virus earlier this year. I just want to make sure that you are aware that a firewall (either hardware or software) will not stop you from getting a computer virus; that is simply not the firewall’s job. A hardware firewall is designed to keep unauthorized internet traffic Out; a software firewall is designed to keep unauthorized internet traffic In (ie, malware - virus, trojan, spyware, etc) by blocking the connection attempt. An integrated HIPS is planned for a future version of CPF (which I think you’ve already read); while not normally part of a firewall, this will greatly help in preventing malware from getting on your computer.

For both of you, if you want to post your CPF activity logs, the answer to what the alerts are in reference to will be in there.

You can do so by the following:

In CPF, go to Activity/Logs. Right-click an entry, choose “Export to HTML” and save the file (ie, “logfile.html”).

Reopen the HTML file in your browser, and resave it as a Text file (ie, “logfile.txt”). This will save the text in the same layout it has as an HTML file, and will allow you to attach it to a new post (in the “Additional Options” just below the text box for the post.

We’ll have look at them and I’ll post some relevant items back for you.

LM

PS: if you simply Rename the .HTML file as a .TXT file, it will be text, but completely unformatted and thus virtually impossible to read; thus, the extra step as I’ve outlined above.

Little Mac,

“I have seen a tremendous number of problems solved by users reinstalling and choosing Automatic instead of Advanced. As with any software, choosing an Advanced installation/setup is not recommended until the user knows what the software does and how it works.”

I understand 2.4 will be coming out shortly, so I’ll reinstall it then. The concern I have about doing it in Automatic, which is sound advice, is how gradual is the progression to the Advanced mode? Programs I come across often have “simple” and “expert”, but if you never tinker around in the expert mode you will never learn the ropes.

I hope this Automatic mode will allow the novice user to use the program right away with “basic” protection and provide a learning ground where they can switch to the advanced mode. Speaking of switching, is it easy to do this after installation?

With CPF, there is no “mode” difference (as in, “Advanced” is more secure than “Automatic”; this would be something you’d expect from ZA). What happens by choosing Automatic install is that CPF is automatically configured to provide top-tier “out of the box” protection, and a set of default network rules that have been shown to be necessary for a large majority of users & internet setups. This will ensure connectivity and protection.

From there, to gain what Matousec refers to as the highest security, is to go to Security/Advanced/Miscellaneous, and unchecking the box, “Do not show alerts for applications certified by Comodo” (as we’ve discussed already). It is at this point that CPF is the #1 firewall against known leaktests. This is not a factor for its high ranking against termination tests; that protection is internal, and cannot be fooled with by the user… :wink:

So no “switching” “modes” is necessary with CPF. If you want to tighten your security from that point, it will accomplished by changing Application Monitor rules to allow each application access specific IP addresses (such as your email server), or destination ports (such as 80 and 443 for your browser), and by watching your Activity Logs to monitor your network traffic, and controlling the flow of that as well. For example, you can create rules in the Application Monitor to allow svchost.exe only access to your DNS and DHCP servers, Windows Updates website, etc, to control what IPs it can access, and then add a corresponding rule in the Network Monitor to “route” that traffic.

With CPF, the Network Monitor is similar in function to a Router, while the Application Monitor is closer to what most firewalls do. With the combination of both, you can tweak your rules, watch your Activity Logs, and tighten up the rules to allow applications and network/internet traffic only as you want it to be allowed.

Since there are no user modes to switch between, this is why I so strongly say to use Automatic install unless you are intimately familiar with how CPF works. If you choose the Advanced install with the configuration possibilities present, it is very very easy to get things out of whack, and not know how to go back… Which can be very frustrating, to say the least. :wink:

So, to sum up, with CPF you get the strongest protection currently available from any software firewall, from the initial Automatic install (which configures the firewall for you). From there you can tweak alert frequency, turn off the internal safelist of applications, and create app/net rules to control the way programs are allowed to communicate.

I highly recommend reading thru these FAQ links. The top section (first two links) regard initial installation and configuration/setup. One is a great video tutorial by AOwl, the other is written out (by me); depends on your preference to watch, or read… There are links there to a great explanation of Network Control Rules by m0ng0d, a detailed listing of the default & common application Network rules by pandlouk, and an explanation of CFP’s layered rules (also by me).

Hope that helps answer those questions.

LM

Ok, so in other words, the automatic install is like a template page for websites? The Advanced would be like starting from scratch in that case.

There you go, that’s a good analogy of it. Once it’s installed and running, the only difference is, as compared to the website template, your possibilities for tweaking with CPF are almost limitless.

BTW, here’s the link I referenced in my last post; apparently, I didn’t get it in there:

https://forums.comodo.com/index.php/topic,894.0.html

Sorry about that.

LM

I have installed 2.4 and run it for almost a day now. It seems to handle program associations better.

However, when I don’t use the computer for a while, my computer almost freezes up. I can’t use the taskbar but I can click icons. I try to log off or reboot and it stalls. I have to shut off the computer and reboot. Right now I don’t have Comodo running and I am going to see if the same problem occurs.

Not sure if this is the right place or not, but is as close as I could find without a new thread—
Have the app thing figured, but Comodo does not seem to remember any connections, even after clicking remember my answer, and I do have the security settings set to the highest, but can not seem to figure out this particular problem…Hmmmm-any help appreciated (V) (V)
Sincerest Blessings

Darrell,

When you say you have the security settings set to the highest, that makes me think you are referring to the Alert Frequency level (Security/Advanced/Miscellaneous), among other things.

If this is so, you’re probably getting all those continued popups because it’s watching for every detail of the connection - application, IP address, Port, direction of traffic, etc. It’s all separated out, and for each varying detail, it requires a new approval.

If this is not what you’re referring to, please explain more about what you’re experiencing - application, network, etc. What the exact symptoms are, and so on.

LM

Sorry, LittleMac, seems that my mail decided to start sending everything to the spam folder ( which I never think to check)…
Thank You for explaining that, because that answers some of the questions, but here is an example:
my antivirus updates, and I tell it to remember my answer numerous times, and it still always asks…
I know from previous experiences, that even a DLL change will cause it to ask again, or any change for that matter…
I like the security, because I like to know what programs are connecting -Such as windows explorer likes to connect every time you install something, and I don’t like that; they do not need to know every time that I install something-anonymous or not…
One of my most memorable headache experiences was having a firewall tell me everytime there was a dll change (wasn’t time to do anything else LoL (:SAD)
As far as the Comodo Firewall-- it is an awesome piece of software, just need to listen to the experts here, who will guide me in the right direction as far as security settings, so that I can dis-allow constant connections to Microsoft, everytime I hit a key–despite turning off most of their services…
Sorry, seems that I went off on a tangent here, I’m just a security freak, and do not like to download all of the microsoft fixes, because they sometimes create other problems (would get rid of Sp2 if I could)…Here I go again LoL (:NRD)
I just believe that with the right security products–I don’t need the bloatware…
Again, I am sorry for the delay in my response–made myself the fool a few times for not checking the spam folder, sometimes it all decides to go there for no apparent reason
Blessings To All

Darrell,

No problem; glad to hear back from you. So if I understand correctly, you have an issue with CPF continuously asking for approval of your antivirus application…

Two things for you:

  1. Under Security/Advanced/Miscellaneous, where is the Alert Frequency slider set; what level?

  2. When CPF gives you a popup alert for your AV program, this should generate an entry to the Activity/Log. Please go to the Log, right click an entry, and select “Export to HTML.” Save the file, and reopen it. Copy/paste the text regarding that alert only into your post here.

    2a. At that point, also open your Application Monitor to full-screen size, and capture a screenshot with your AV rule highlighted. Save it as a JPEG file, and attach to your post under ‘Additional Options.’

TNX,

LM

Well, after some more thorough checking, and reading, I believe that being set to very high would probably cause the problem…
The logs do not seem to show the avast service, which is the frequenter for pemissions, and I also noticed that the addresses are exactly the same, except for the last number, and the rest just say any…

1 -very high
2 -does not give one that I can find
2A- attached

And yes- I know AoL is certain to create a shorter life expectancy for an O.S.–If I could find another e-mail client that supported copy and pasting of pictures into the mail body, I would be there LoL
Have also went down to a lower setting, just want to keep it to where I can deny the stuff that does not need to phone home, everytime you strike a key- Hmmm
Sincerest Blessings

[attachment deleted by admin]

Darrell,

Yes, Very High could cause at least some of what you’re experiencing.

I also noticed that although I see the Webshield & Email entries for Avast! in your application monitor, I don’t see the updater. Unless that’s the updater entry… Which if it is would explain, as all the IP addresses are different, along with variances on IP Protocol and Port.

BTW, what theme/skin are you using for Windows? That looks pretty cool.

LM

That is what is killing me, it does not show that entry, and today it took 19 Mins. & 23 Secs. to update (which normaly takes about 30 Secs.)
Ahh, the themes and apperances - I probably have thousands (Love those skins for everything)
This one is an .exe, called Nocturnal ( but can extract it all from the resources folder), and of course a modified UX theme, either manually, or with a windows theme program.
It is a Lightstar theme/appearance, but can not find it there, so here is another (slow) link to it, and if links are not allowed- let me know and I will delete it…
Just wanted to find it on the web, because a lot of folks are not up to recieving files in mails LoL (R)
Sincerest Blessings
http://themes.belchfire.net/index.php?download=1959

[attachment deleted by admin]