I have a P4 HT, My system internet browser is Firefox, OS: XP sp2 32bit, AV: Avast
Log enties for System idle process and ashwebSv blocking inbound tcp traffic from Port 80.
blocked IP included traffic from Comodo, opera, and avast owned IPs.
I have no global rule to allow http inbound traffic.
Wireshark Traffic analysis showed that these are RST packets and some of them are not blocked (no log entry)
Does this mean that V3 is actually blocking RST Packets?
thanks for responding so quickly. No, it didn’t make a difference if BOClean was installed or not. I had tried to install it with just Avira AntiVi PE first and the cmdagent.exe was at 100%. I then uninstalled it and installed BOClean. I re-installed and the cmdagent.exe was at 100%. I had the same problem with the previous Beta. One thing I forgot to mention. I running a wrapper program that simulates a Vista look over the XP shell. Its called Bricopack Vista.
There were compatibility issues reported with BOC.
Another tester had a 100% loading issue with NOD and solved it adding all V3 files to the exclude list but if I remember correctly it was an issue on Nod side.
There is no solution other than uninstalling possibly conflicting softwares to find the culprit. Then Devs can use this info to find a solution.
You can disable all startup apps using MSconfig (leave only CPF.exe) and see if there are any changes.
If this works you can enable those apps until you find the culprit.
Another thing you can test is adding your AV files to truted apps.
Yes this happens with the introduction of the experimental default policy which allows all the applications to set hooks if the hooks are in windows system32 directory.
To fix the issue temporarily : Open Computer Policy
Double Click on “All Applications”
Click on Access Rights
Click on Modify button of Windows/Winevent Hooks
In Allowed Hooks window, you will see the entry %windir%\system32*.dll
Just change it to %windir%\system32\msctf.dll
And press apply untill all the dialogs are closed.
Restart your PC and then it should be detected.
We will modify the default policy to deal with these issues with the next RC.
Thx for the feedback,
WinXP MCSE SP2 & updates; BOclean, Firefox, Thunderbird (no other anti-malware currently) on an AMD 3800 X2 in an HP a1520n with a ATI All-in-wonder 2006 video card. The Defense+ window of the interface has a problem: the “Browse” button in the “My Protected Files:Add” dialog does not give me a directory listing. It only gives me the contents of my Desktop. I cannot browse to the directory of files that I want to add to this list. The same is true for “My Own Safe Files” and “Advanced>Image Execution Control>Files to Check>Add:Browse”. The other entries give me a file listing that I can use to select files from. This was noted in the last beta also, but only a day or so before this RC1 version came out.
Just found what looks like a serious deficiency. I wanted to protect a key under HKLM\Security\Secrets that has embedded nulls. I opened the “My Protected Registry” dialog and went to Add:Registry Keys and navigated to the HKLM\Security key and guess what - there are no sub-keys listed. It seems that the registry hive used is only the default Administrator profile hive. I don’t use that log-on normally for admin rights, so the registry keys that I normally invoke on bootup are not covered in the Protected Registry keys portion. I believe that it is possible to combine hive keys in a unified registry for editing and that needs doing. I was really intending to test whether the protection could be applied to keys with embedded nulls - which are difficult for some programs to read, but this is a more basic problem.
Computer information
XP Pentium D 3GHz 1Gb Ram Operating System information (OS version and Service Packs)
XP Home SP2 Actively-running security and utility applications
CAVS, CFP, BOC, CMG - No conflicts Specific symptoms of the bug, and steps you can take to reproduce it.
When I go to “View firewall events” there is nothing listed until I go to “more”. There under “today” are the events I should be seeing on the first page.
Specific steps you have taken to try to resolve it.
None
Installation went perfectly along with uninstall of 3.0.10. Very quiet after initial D+ learning. Solid and low on resources.
I’m not sure is it a bug or not, but it kinda bothers me so I decided to report this issue.
I’ve got an application called WinMTR (ping/trace route tool) and it seems CFP doesn’t detect all connection atempts made by this application.
Whenever I use Windows’ tools such as ping.exe or tracert.exe all the conncetion atempts are reported to me and if not answered or denied then they are blocked and these applications report Time Exceeded.
But WinMTR seems to bypass CFP in some way. Only the DNS Querry popup appers for this application, ICMP packets are sent freely without any user notice.
Well, it seems kinda weird to me so I thought I should mention about this.
Deleting a file present in the ‘My Pending Files’ leaves status ‘New’. Also, the status ‘Deleted’ seems to have disappeared in this RC. Previous BETA did show ‘Deleted’ on some items that I manually deleted.
The 1st item below was deleted with Explorer which is why a new item appeared in the recycle bin.
The 2nd file was deleted with a utility that I use which directly deletes the file without using the recycle bin. In this case I received an Alert that the utility was trying to modify the file that I had selected for deletion. I allowed the alert and the file was deleted. It would be of great help in the decision making process if the Alert were specific enough to indicate whether a file is being deleted or modified. If this is at all possible, please fix this.
Even though the status is wrong, notice that the Company Name has disappeared in the list. Since some logic is there to remove the Company Name (probably can’t find it anymore), then I would assume similar logic could be applied to the status no?
Note: the purge function correctly determines what files have been deleted even though the status
indicates something else. I can imagine that this is very confusing to some. Especially when users
are told to use the purge button to remove deleted files from the list
Vista, Home Basic, 32 bit, TrendMicro Internet Suite (installed without the firewall). The new CFP release candidate installed fine, and is running fine. I believe this is related to something Gibran brought up in an earlier post about known conflicting software issues, one of them being TrendMicro firewall. During my CFP install I had a warning window come up. The 2 warning messages inside the box were cut short, and there was no way to expand them. It was probably about TrendMicro firewall (which was not installed anyway), but it would have been nice to be able to expand these warning messages out so I could have read them.
System: Dell 2400 (Intel P4 2.2GHz), 760 M RAM, XP Home SP2
Secutiry apps: Avira Antivir, Teatimer, BOClean
No issues with install of RC1. However, when Defense+ is activated AND enabled, the system will (apparently) boot normally, but all login attemps “hang”–desktop does not appear and explorer does not run.
Workaround: call task manager (or reboot in safe mode); manually run cfp.exe and set Defense+ to disabled (but still active); reboot
EDIT: after additional testing, the problem still occurs if all “monitor settings” are off; there are no entires in the Defense+ log.
EDIT #2: The problem seems to be a conflcit with Windows Product Activation (WPA). If I log off (w/o reboot) and log back on with Defense+ disabled, there is no problem. However, when it is enabled WPA complains about not being able to check license (error #0x80070005) and returns to login screen
If I try to use my vpn connection(Microsoft PPTP) it will timeout trying to login and post a 721 error message.
If I disable the firewall, I can login via my vpn connection. Once I have logged in I can re-enable the firewall and continue to use the vpn connection without problems
I was able to login via vpn with version 2.4 of the firewall.
Updated
I have confirmed that there were no Log entries when the connection fails.
Dell Inspiron 9400 Laptop
Intel® Core™ Duo processor T2500 processor 2.00 GHz
1GB Memory
Windows XP + SP2 + security fixes
Trend Micro Client/Server Security Agent 7.6.1095 ptn 4.819.000
Operating System information (OS version and Service Packs)
WinXP Home SP2 32-bit + online updates
Actively-running security and utility applications
Boclean, Antivir PE 7 free (last versions), (Acronis true image 10, windowblinds, logitech setpoint)
Specific symptoms of the bug, and steps you can take to reproduce it.
since I installed RC1, Everytime I try to shutdown windows XP, I get a dialogue box pop up with the title ‘dwwin.exe DLL initialization failed’ and a critical sound before the logoff
Specific steps you have taken to try to resolve it.
if i disable Firewall and Defense+ and CFP RC1 is closed (exit), and then i try to shutdown XP, it’s ok, no message ;D
somebody has the same symptoms ? ??? or it’s a problem with my computer ???
before installing CFP RC1, i haven’t that with Beta 4…