Everytime I select ‘Skip parent check’ for an application, within half an hour I will have another popup asking permission for a new parent application, obviously internet explorer is one of the biggest troubles because so many programs launch it. I think it may have to do with the application behaviour analysis, when I recieve a pop I click always remeber this setting, and a for some inexplicable reason parent application is now specified!? This means that the other 20 applications that might launch it will also cause pop ups, making the firewall a complete pain. This also means that any other application behaviour analysis settings for other parent apps have been completely forgotten, so I recieve a popup for each of those aswell.
Is there anything I can do about this? Is it a bug?
In fact, when you tick “skip parent check”, CFP doesn’t forget this option. However, if it explores a new component or doubtful activity about the program, it ignores “skip parent check” setting. I don’t know if it is a bug. May developers thought this as a security precaution.
I have turned off component monitor and so far so good. Thanks aXes. I can see why a new component could cause for a prompt, but I still see no reason to then specify a parent, why not leave it as skip?
Don’t confuse the two things (ie, Parent vs Component Monitor); they’re different. Skip Parent tells Comodo that you don’t want to define a Parent application at that time. The next time you Allow & Remember, it will apply those settings to create the rule; this means that it will apply the current Parent application as the Parent. If you do not want this to happen, don’t click “Remember,” or else set the parent application, or set it to Learn; then Comodo will apply the next Parent app. As a parent for a browser, you should generally only have either the browser’s executable as both app & parent, or explorer.exe as the parent. Explorer.exe is the Windows shell that is going to be the parent if you use a shortcut/toolbar to access the browser. If you use the executable itself, you will find the browser’s .exe as the parent. If you click on a link in a Word document, or allow an installation to connect for updates/registration, you may get an alert that a new parent is detected; in this instance, you would probably want to Allow without “Remember,” so as not to create another rule.
The Component Monitor’s job is to validate all components that are loaded into an application’s access to the internet, to verify that they are legitimate and allowed to be part of that application’s connection to the internet. By turning off Component Monitor, you are turning off a big part of CFP’s security. If a component changes and CM is On, CFP will alert you that there are new/changed components attempting to load with the application. This may be legit, as through an update that occurred, or a new module/extension/add-on that hasn’t been used before, or it may be a case of attempted hijacking by malware. When you install CFP, CM is set to “Learning” by default. If you leave it that way for a few weeks (until you’ve run the majority of your common applications fully) before turning it to On, you should reduce the number of alerts you get.
Parent and component are two different things, and monitored in different ways.
Whoa! I’ve got 495 entries in my component list and frankly, I don’t know what at least 80% of these do or what roles they play. I just approve everything if I am on a known website.
I’ve also experimented with denying a component. When I tried this a couple of times in FF, it stopped FF from working.
Until Comodo can provide more detailed info about components when a prompt comes up, there isn’t a lot of value for the average user in the component monitor.
I completely agree, iamme99. If there was some way to label or group them to what programs use them then we might at least have an idea whether they are legit or not. Nonetheless, let’s try to keep our focus on the skip parent topic here.
Component monitor is back on :P. Did not solve the problem, it was indeed the ‘Application Behaviour analysis’.
If I select learn parent then it will only ever learn one at a time, and whenever another application tried to launch I will recieve more pop-ups. My case with internet explorer is that it is launched by more than explorer.exe, for instance nearly all apps, (utorrent, dreamweaver, cabos, word, excel, windows media player, photoshop, even cpf.exe), launch it through various actions so specifying learn parent would be fairly usless as it will only ever rember one at a time. Skip parent would be wonderful if indeed that is what it did, not care what application launched that exe.
For now I have the application behaviour analysis off, I have managed so far without it!. Maybe an option to permanently rember skip parent check in the future? ;D
Given that, my advice would be to add/create rules in the application monitor for each of these scenarios. Yes, you will then have several rules for IE, each with a different Parent application. But you’ll be far more secure than if you turn off ABA.