Conserving resources and minimizing work

This will obviously give you people an idea of my age, but such is life.

My introduction to computers came in the form of a 64K(!) mainframe. This was for the OS and applications running together. When you stop laughing, you may continue reading.

I still have the mentality of conserving resources and reducing overhead, and I sometimes expend disproportionate effort in finding a way to do something in four instructions rather than six. OK, this is sometimes done in the spirit of the art of coding and showing how clever I can be, but whatever.

OK, to get on track here, I appreciate the PURGE functions that are available in the FW and DEFENSE+, but would like more. I’d like to be able to find references to non-existent items within the Custom Policy/Access Rights definitions. Is there a way I can do this without manually searching through the Registry and then going to the relevant item’s DEFENSE+ entry and deleting the Access Rights reference? This is very tedious. A SEARCH function would be very useful here, as would be a SORT function on the main Computer Security Policy display.

It appears to me that a Trusted Application has fewer definitions, and hence should result in reduces overhead. Am I seeing things correctly?

Does the inclusion of a vendor in My Trusted Software Vendors result in a reduction of anything, or is this just an automatic way of generating Computer Security Policy entries that would have been generated anyway?

Thanks for any input.

IBM or DEC mainframe? (or Honeywell or Burroughs or Univac, or any other BUNCH machine in particular?) My intro was a CDC 6400 back when…

I’m not sure if this will given you all of what you’re looking for, but the CFP Config Reporting Script will read thru the registry and produce a lot of output on a single, but very long, page. The script is detailed in the sticky topic at the top of the forum page. At least it’ll give somethng you can print out, mark up, and use as a guide in doing the actual cleanup.

Re Trusted Applications and Vendors, some of it is shortcut for rule generation, and some isn’t. It’s a context dependent question. If you look at the Config Report output, how it’s structured may give you some idea of the why and when and where or things.

I hope that helps, at least a little…

Nothing but the best for me in those days - IBM 360/50. Those were the days, with all the flashing lights people used to marvel at:)

I wasn’t aware of the Config Report - should be of some benefit. I’ll try it out.

Thanks for your input.

Well, I finally decided to expend some of my unused mental energy and write my own cleanup process. It works for me, but the usual caveats apply, and I take no responsibility for any failures. You may wish to backup the Registry entry HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro before running the following script, which will remove all references to non-existent files from the Access Rights definitions. Save the following as a file with a VBS extension and then run it:

Option Explicit

Dim objWMIService, objShell, objgReg, i, j, k, l, m, n, folder, bad, RC, HaveNone, temp
Dim RegPath1, RegPath2, RegPath3, RegPath4, RegPath5, MsgPath, NumAppl, NumRules, NumItems, RuleFlags, strFileName, AorB(2)
Dim objFSys, objOutFile, colProcessList, objProcess

Const wshYes = 6
Const wshYesNoDialog = 4

Const cHKLM = &H80000002
Const strComputer = “.”
Set objWMIService = GetObject(“winmgmts:” & “{impersonationLevel=impersonate}!\” & strComputer & “\root\cimv2”)

set objShell = CreateObject(“WScript.Shell”)
Set objgReg = GetObject(“winmgmts:{impersonationLevel=impersonate}!\” & strComputer & “\root\default:StdRegProv”)
Set objFSys = CreateObject(“Scripting.fileSystemObject”)

AorB(1) = “Allowed”
AorB(2) = “Blocked”

RC = 999
Set colProcessList = objWMIService.ExecQuery (“Select * from Win32_Process Where Name = ‘cfp.exe’”)
For Each objProcess in colProcessList
RC = 0

If RC = 0 Then
i = objShell.Popup(“You should terminate CFP, or at least ensure that no activity will be updating any CFP definitions while this cleanup is running. Do you wish to Continue?”, 0, “CFP Registry Cleanup”, wshYesNoDialog)

If i <> wshYes Then
End If

End If

Set objOutFile = objFSys.CreateTextFile(“C:\Windows\Temp\CFP Invalid File List.txt”, True)
objOutFile.WriteLine(“The following entries were removed from the CFP Computer Security Policy Access Rights definitions:”)
objOutFile.WriteLine(" ")

RegPath1 = “SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy”
objgReg.GetDWordValue cHKLM, RegPath1, “Num”, NumAppl
NumAppl = NumAppl - 1

HaveNone = True
For i = 0 to NumAppl

RegPath2 = RegPath1+"\"+CStr(i)+"\Rules"
objgReg.GetDWordValue cHKLM, RegPath2, "Num", NumRules

If NumRules > 0 Then
   NumRules = NumRules - 1

   For j = 0 to NumRules
	   RegPath3 = RegPath2+"\"+CStr(j)
	   objgReg.GetDWordValue cHKLM, RegPath3, "Flags", RuleFlags
	 IF (RuleFlags = 1) OR (RuleFlags = 2) OR (RuleFlags = 4) OR (RuleFlags = 16) OR (RuleFlags = 512) OR (RuleFlags = 1024) OR (RuleFlags = 2048) Then
	   For l = 1 to 2
		   RegPath3 = RegPath2+"\"+CStr(j)+"\"+AorB(l)
		   objgReg.GetDWordValue cHKLM, RegPath3, "Num", NumItems
		   If NumItems > 0 Then
			  NumItems = NumItems - 1
			  k = 0
			  n = 0
			  Do While K <= NumItems
				 RegPath4 = RegPath3+"\"+CStr(k)
				 MsgPath = RegPath3+"\"+CStr(k+n)
				 objgReg.GetStringValue cHKLM, RegPath4, "Devicename", strFileName    'Devicename contains expanded name in case of %...% Filename
				 IF Not IsNull(strFileName) Then
					IF Mid(strFileName,2,2) = ":\" Then
					   folder = False
					   If Right(strFileName,2) = "\*" Then
						  strFileName = Left(strFileName,Len(strFilename)-2)
						  folder = True
					   End If	
					   bad = True
					   If folder Then
					      If objFSys.FolderExists(strFileName) Then
						     bad = False
						  End If
					   Else                                'not a folder
					      temp = Split(strFileName,"*")
					      If temp(0) <> strFileName Then   'generic name
						     bad = False
						     If (objFSys.FileExists(strFileName)) Then
						        bad = False
							 End If
						  End If
					   End If
					   If bad then
						  objgReg.DeleteKey cHKLM, RegPath4
						  objOutFile.WriteLine("HKLM\"+MsgPath+"  "+strFileName)
						  For m  = k+1 to NumItems
							  RegPath5 = RegPath3+"\"+CStr(m)
							  RC = objShell.Run("Reg.exe Copy ""HKLM\"+RegPath5+""" ""HKLM\"+RegPath4+""" /s /f", 0, True)
							  RegPath4 = RegPath5
						  IF (NumItems > 0) AND (K <> NumItems) Then
							 objgReg.DeleteKey cHKLM, RegPath5
						  End If
						  objgReg.SetDWordValue cHKLM, RegPath3, "Num", NumItems
						  NumItems = NumItems - 1
						  k = k - 1                'so that we don't ignore what is now the new k'th item (just moved from k+1)
						  n = n + 1
						  HaveNone = False
					   End If
					End If
				 End If
				 k = k + 1
		   End If
	 End If
End If


If HaveNone Then
objOutFile.WriteLine(“All entries are valid - nothing to purge”)
End If

MsgBox “CFP Access Rights file cleanup - complete”

RC = objShell.Run(“”“C:\WINDOWS\notepad.exe”" ““C:\Windows\Temp\CFP Invalid File List.txt””", 4, False)


Please note: one line changed above 2008.10.20

Oh my :smiley: Thank you for the effort. With your permission, we’ll be adapting the script for usage here in the forums.

By all means, permission granted. Enjoy:)

Note: if CFP is active when you run the script, you will probably get an alert for REG.EXE when the script runs. Select ALLOW and REMEMBER, so that the alert is not repeated for each update attempt.