CPF 3.0.11.246 RC1 32-Bit Bug Reports

I have a P4 HT, My system internet browser is Firefox, OS: XP sp2 32bit, AV: Avast

Log enties for System idle process and ashwebSv blocking inbound tcp traffic from Port 80.
blocked IP included traffic from Comodo, opera, and avast owned IPs.

I have no global rule to allow http inbound traffic.

Wireshark Traffic analysis showed that these are RST packets and some of them are not blocked (no log entry)

Does this mean that V3 is actually blocking RST Packets?

Ftp Client Policy “Allow Incoming FTP-DATA Requests” rule is incorrect.

The rule is ALLOW TCP IN From Destination Port 20 BUT it should be ALLOW TCP IN From Source Port 20 In order to Allow Active FTP transfers.

Passive Ftp needs only the Outgoing Only predefined ruleset.

Hi Gibran

thanks for responding so quickly. No, it didn’t make a difference if BOClean was installed or not. I had tried to install it with just Avira AntiVi PE first and the cmdagent.exe was at 100%. I then uninstalled it and installed BOClean. I re-installed and the cmdagent.exe was at 100%. I had the same problem with the previous Beta. One thing I forgot to mention. I running a wrapper program that simulates a Vista look over the XP shell. Its called Bricopack Vista.

Any other ideas?

thanks
Al

There were compatibility issues reported with BOC.
Another tester had a 100% loading issue with NOD and solved it adding all V3 files to the exclude list but if I remember correctly it was an issue on Nod side.
There is no solution other than uninstalling possibly conflicting softwares to find the culprit. Then Devs can use this info to find a solution.

You can disable all startup apps using MSconfig (leave only CPF.exe) and see if there are any changes.
If this works you can enable those apps until you find the culprit.
Another thing you can test is adding your AV files to truted apps.

Hi,

Do you select install option when that dialog appears? you should select install driver otherwise it will not be able to install the driver.

Egemen

Hi Guys,

Yes this happens with the introduction of the experimental default policy which allows all the applications to set hooks if the hooks are in windows system32 directory.

To fix the issue temporarily : Open Computer Policy

Double Click on “All Applications”

Click on Access Rights

Click on Modify button of Windows/Winevent Hooks

In Allowed Hooks window, you will see the entry %windir%\system32*.dll

Just change it to %windir%\system32\msctf.dll

And press apply untill all the dialogs are closed.

Restart your PC and then it should be detected.

We will modify the default policy to deal with these issues with the next RC.
Thx for the feedback,

Egemen

Select

Thank you all for the testing. We will fix the bugs you clearly identified in the previous messages.

E

WinXP MCSE SP2 & updates; BOclean, Firefox, Thunderbird (no other anti-malware currently) on an AMD 3800 X2 in an HP a1520n with a ATI All-in-wonder 2006 video card. The Defense+ window of the interface has a problem: the “Browse” button in the “My Protected Files:Add” dialog does not give me a directory listing. It only gives me the contents of my Desktop. I cannot browse to the directory of files that I want to add to this list. The same is true for “My Own Safe Files” and “Advanced>Image Execution Control>Files to Check>Add:Browse”. The other entries give me a file listing that I can use to select files from. This was noted in the last beta also, but only a day or so before this RC1 version came out.

Just found what looks like a serious deficiency. I wanted to protect a key under HKLM\Security\Secrets that has embedded nulls. I opened the “My Protected Registry” dialog and went to Add:Registry Keys and navigated to the HKLM\Security key and guess what - there are no sub-keys listed. It seems that the registry hive used is only the default Administrator profile hive. I don’t use that log-on normally for admin rights, so the registry keys that I normally invoke on bootup are not covered in the Protected Registry keys portion. I believe that it is possible to combine hive keys in a unified registry for editing and that needs doing. I was really intending to test whether the protection could be applied to keys with embedded nulls - which are difficult for some programs to read, but this is a more basic problem.

Hello

Computer information
XP Pentium D 3GHz 1Gb Ram
Operating System information (OS version and Service Packs)
XP Home SP2
Actively-running security and utility applications
CAVS, CFP, BOC, CMG - No conflicts
Specific symptoms of the bug, and steps you can take to reproduce it.

When I go to “View firewall events” there is nothing listed until I go to “more”. There under “today” are the events I should be seeing on the first page.

Specific steps you have taken to try to resolve it.
None

Installation went perfectly along with uninstall of 3.0.10. Very quiet after initial D+ learning. Solid and low on resources.

Thanks Comodo Team

John

I’m not sure is it a bug or not, but it kinda bothers me so I decided to report this issue.

I’ve got an application called WinMTR (ping/trace route tool) and it seems CFP doesn’t detect all connection atempts made by this application.

Whenever I use Windows’ tools such as ping.exe or tracert.exe all the conncetion atempts are reported to me and if not answered or denied then they are blocked and these applications report Time Exceeded.
But WinMTR seems to bypass CFP in some way. Only the DNS Querry popup appers for this application, ICMP packets are sent freely without any user notice.
Well, it seems kinda weird to me so I thought I should mention about this.

[attachment deleted by admin]

Hi,

  1. Intel P4 3.0Ghz, 1.5Gb Memory, Raid 0

  2. Windows XP SP2 all updates

  3. Nod32 v3 (disabled - when attempting install from D:)
    Spyware Terminator (disabled - when attempting install from D:)

  4. Error when attempting default install from Drive D: (after license accept screen)

  5. Could only install when setup file was copied to drive C:

Deleting a file present in the ‘My Pending Files’ leaves status ‘New’. Also, the status ‘Deleted’ seems to have disappeared in this RC. Previous BETA did show ‘Deleted’ on some items that I manually deleted.

The 1st item below was deleted with Explorer which is why a new item appeared in the recycle bin.
The 2nd file was deleted with a utility that I use which directly deletes the file without using the recycle bin. In this case I received an Alert that the utility was trying to modify the file that I had selected for deletion. I allowed the alert and the file was deleted. It would be of great help in the decision making process if the Alert were specific enough to indicate whether a file is being deleted or modified. If this is at all possible, please fix this.

Even though the status is wrong, notice that the Company Name has disappeared in the list. Since some logic is there to remove the Company Name (probably can’t find it anymore), then I would assume similar logic could be applied to the status no?

Note: the purge function correctly determines what files have been deleted even though the status
indicates something else. I can imagine that this is very confusing to some. Especially when users
are told to use the purge button to remove deleted files from the list

Al

System Information

[attachment deleted by admin]

A very minor bug.

Vista, Home Basic, 32 bit, TrendMicro Internet Suite (installed without the firewall). The new CFP release candidate installed fine, and is running fine. I believe this is related to something Gibran brought up in an earlier post about known conflicting software issues, one of them being TrendMicro firewall. During my CFP install I had a warning window come up. The 2 warning messages inside the box were cut short, and there was no way to expand them. It was probably about TrendMicro firewall (which was not installed anyway), but it would have been nice to be able to expand these warning messages out so I could have read them.

RC1 working fine otherwise.

System: Dell 2400 (Intel P4 2.2GHz), 760 M RAM, XP Home SP2
Secutiry apps: Avira Antivir, Teatimer, BOClean

No issues with install of RC1. However, when Defense+ is activated AND enabled, the system will (apparently) boot normally, but all login attemps “hang”–desktop does not appear and explorer does not run.

Workaround: call task manager (or reboot in safe mode); manually run cfp.exe and set Defense+ to disabled (but still active); reboot

EDIT: after additional testing, the problem still occurs if all “monitor settings” are off; there are no entires in the Defense+ log.

EDIT #2: The problem seems to be a conflcit with Windows Product Activation (WPA). If I log off (w/o reboot) and log back on with Defense+ disabled, there is no problem. However, when it is enabled WPA complains about not being able to check license (error #0x80070005) and returns to login screen

If I try to use my vpn connection(Microsoft PPTP) it will timeout trying to login and post a 721 error message.

If I disable the firewall, I can login via my vpn connection. Once I have logged in I can re-enable the firewall and continue to use the vpn connection without problems

I was able to login via vpn with version 2.4 of the firewall.

Updated
I have confirmed that there were no Log entries when the connection fails.

Dell Inspiron 9400 Laptop
Intel® Core™ Duo processor T2500 processor 2.00 GHz
1GB Memory
Windows XP + SP2 + security fixes
Trend Micro Client/Server Security Agent 7.6.1095 ptn 4.819.000

Short names bug is still present.

Athlon XP 3200+, 1GB memory, Windows XP sp2 fully patched, Avast Antivirus Home

hello everybody (R)

iam french, sorry for my poor english (:SAD)

Computer information
e6600 2.4 GHz 2Gb Ram

Operating System information (OS version and Service Packs)
WinXP Home SP2 32-bit + online updates

Actively-running security and utility applications
Boclean, Antivir PE 7 free (last versions), (Acronis true image 10, windowblinds, logitech setpoint)

Specific symptoms of the bug, and steps you can take to reproduce it.
since I installed RC1, Everytime I try to shutdown windows XP, I get a dialogue box pop up with the title ‘dwwin.exe DLL initialization failed’ and a critical sound before the logoff

Specific steps you have taken to try to resolve it.
if i disable Firewall and Defense+ and CFP RC1 is closed (exit), and then i try to shutdown XP, it’s ok, no message ;D

somebody has the same symptoms ? ??? or it’s a problem with my computer ???

before installing CFP RC1, i haven’t that with Beta 4…

Yes this is a bug and It will be fixed.

Thanks for reporting.

Egemen

Could you try to find minidumps generated by windows for us to analyze them?

Thx,
Egemen