Component Monitor And Boot-up Problems

Hello All!

First off, Comodo FW is, IMHO, very good and as it is free I shouldn’t have any gripes. But it seems to be trying to be all things to all people and in the process takes away control form the end user that should be allowed.

As has been mentioned here in the help forum… I run a system with encrypted files and it would be nice to have a little better control over the firewall. I too have had the problem with connections not being released including a VPN connection to get files from our offices.

It would be nice if the Dll’s listed in the component monitor could be completely deleted with the remove key… As it was, there were over 700 dll’s all approved by Comodo. I had to go into the registry to dump them because the remove function didn’t clear the entries from the registry. I would like to be able to control dll injection permissions on a case by case basis as can be done. Likewise with the “Approved Applications”… I would prefer to decide for myself what is approved and what isn’t.

Another issue that has been mentioned before here is the sudden appearance of the LAN IP 169.254… even though the 192.160.0.xxx LAN IP had been setup properly and was working. It isn’t a UPnP or router problem. The cause of it, at least in my case, was the boot-up delay on my computer that caused Comodo to grow impatient and configure the 169.254.xxx.xxx IP. Part of the problem was my having set Comodo not to allow outbound connections until it was booted… But it was tripping over NOD32’s loading and my boot-up was taking 50 seconds from the appearance of the welcome screen. I have been using LnS and Outpost 4.0 and my boot times with the same configuration were under 20 seconds.

My questions are:

  1. Is there anyway to deal the the DLL and application issue… to create my own “White list” without Comodo second guessing me? 700 plus having defacto approval is a bit over the top.

  2. Is there anyway to keep Comodo from becoming impatient during Boot-up and deciding that the LAN IP should be 169.254.xxx.xxx?

Thanks,

Barry

You are right about 700 items in the Component Monitor list. In fact, I have about 800 or a bit more, I believe. Installations of updated software (Adobe Acrobat Reader 8 and Sun Java Runtime Environment 1.6 just in the past few days) required removing around 40 entries to clean up the mess in the Components Monitor.

However, you do not have to use regedit to remove these entries! The “Remove” button does remove the selected line from the list; but it does not stay gone without help. After you “remove” all the lines you wish, just press the Apply button: the lines will now stay away and the registry will be updated properly. This is all laid out in the CF Help file, which see.

Actually, hillsboro, CPF does give full control, but it’s a control over security, rather than the other way around… :wink: Unlike LookNStop or Outpost, or well, pick your firewall; Comodo’s a lot different, being both Network & Application based.

Here’s what happens (short form) with the Component Monitor… Any time an application is loaded, CPF verifies all components involved with that application being connected to the internet. The “approval” is based on those components matching checksum, etc. It’s a security approval. The components are not, in and of themselves, being approved to connect to the internet. Only Applications are Allowed for that, based on your rules. You can remove or block those components; every time an app is loaded, the component approval will follow. The approval is basically CPF saying, “These components have been checked; they match up to what they should be, and are okay.” You have the ability to turn off the component monitor as well, but I wouldn’t recommend it, as it will reduce your security.

Inasfar as the Applications which are certified by Comodo, you can go to Advanced/Security/Miscellaneous, and uncheck the 2nd box, “Do not show alerts for applications certified by Comodo.” This will do just what it says, and give you alerts for those, in accordance with your chosen alert frequency.

I am not aware of CPF setting your LAN IP for you; that would seem to be outside the purvue of the firewall, and is certainly not CPF behavior that I am aware of. You stated it has been mentioned before… Would you provide a link, please?

LM

I can also add that you can set component monitor to ON, which will produce a popup for every DLL. You can find info in the help file about that.
Since you have scanned for known applications and used if for a while, a reinstall might get you started on a fresh component monitor. The DLL injections monitor work even if you have thousands of DLL’s in component monitor.

Thanks to those who responded with helpful suggestions.

Pudelein:
Thanks for the component deletion tip. I missed it in the help file.

AOwl:
I did a reinstall as you suggested, it helped and was better if I let it setup automatically, something I am not used to doing.

Little Mac:
Yes is is a lot different than other FW’s… Maybe too different for some people like me who have grown accustom to the more traditional interface.

The approved apps is a problem for me because if the system is left to run in the default settings, approved applications that are launched don’t get added to the monitor. If I want to have more control then I loose some of the permission levels I set earlier. For example System and SVhosts play behind the scenes in the default settings. If I take more control, and make custom setting in the app monitor then go hand back control to Comodo… Well then I loose everything I did to customize the system and svhost processes… No other firewall does this. I can make custom settings then and still have the firewall act in a default/autopilot mode with the custom setting still intact as in Look-n-Stop, Outlook 4.0, KIS6.0. Maybe I am missing something but I do know if I change the alert frequency level, my applications settings get hosed.

The LAN IP problem has been reported here since last September. While it isn’t a major issue, it has hit a few of us. The problem being, when Comodo is set to block outgoing traffic and there is a long boot-up due to app loadings, Comodo blocks the normal LAN polling process during the boot-up and the IPs get hosed because of that interference. I reported it to the developers and they are aware of it according to the email response I received. The solution in my case was to turn off the boot-up protection.

Thanks again everybody…

Barry

If you want to have control yourself instead of the firewall you can do as Little Mac said.

Inasfar as the Applications which are certified by Comodo, you can go to Advanced/Security/Miscellaneous, and uncheck the 2nd box, "Do not show alerts for applications certified by Comodo." This will do just what it says, and give you alerts for those, in accordance with your chosen alert frequency.

Abut that lan thing, I have never noticed it, but I have my router set up to give the PC’s on my lan static ip’s and I have set my PC to have that static IP. The other two have auto settings in PC, without problem so far.
That might work for you if you have not tried it.