Hi to all, I’m just new with this firewall, also if I have enough experience about any software, I’m just encountering an understandable “problem”, maybe because all firewalls I had before was not so good like CPF.
The problem is about, in this case, any app that need to comunicate and winamp.exe:
If winamp is running (I’m listening music) and I launch, for example, OE, CPF ask me if I would to let winamp.exe to comunicate using msimn.exe (OE), If I answer DENY, winamp.exe will not comunicate but also OE will stop to work
I’d tried to block winamp.exe adding it from Securuty/App monitor, but nothing changed
That’s just the major trouble I just experienced right now, but I saw also that any app is trying to get access to the network through another app, a DENY solution will stop both
AndyWarrior, in addition to the info Paul has provided, I’d like to add what has worked for me…
When I have an application (such as winamp) that I use a lot, and it creates this type of situation, I create an application control rule blocking the executable for the application (in this case, winamp.exe) from connecting to the internet. It will go something like this:
In CPF Application Monitor, Add a rule. Find your winamp.exe for the Application (first line). For the second line (Parent), find the connecting app (in this case, msimn.exe). Click to apply the Criteria, and select Block. Select OK, and close/exit from CPF.
Reboot Windows. For me, this seems effective in eliminating the issue for the application.
Well, for one thing, what we’ve got is the same OLE issue. Curse the OLE issue! ;D Because he’s opening Outlook Express w/Winamp open, the whole OLE thing occurs. What this rule does is tell CPF that Winamp isn’t allowed to connect via Outlook Express. That only applies, then, to this OLE automation issue as it relates to winamp.exe and msimn.exe. So CPF will ignore the OLE attempt, block the attempt, and not bother you (or interrupt your browsing)…
Winamp can still connect, if needed, through his browser. This would be the order anway (right?), if he were needing to stream audio - it would be while browsing, so winamp would respond to a call from the browser (or parent) to connect. From the technical standpoint, I think this would actually be an inbound (so to speak) to winamp. If he were browsing to, say, www.givemestreamingaudio.com (I just made it up…), and he was going to listen online, he would click the button (whatever button that is). This would cause his browser to signal the website to stream, which would invoke winamp, so when winamp connects, it should actually be an inbound response, not outbound. In other words, winamp isn’t what is engaging the internet; the browser is. The browser has a requested inbound connection from givemestreamingaudio.com, thus invoking winamp to interpret the data stream and make the music playable.
At any rate, the rule only stops connection thru the chosen parent. You can always create another rule to allow outbound connection thru, say, explorer.exe if needed. If you open Winamp and it needs/wants to check for updates, then it would be trying to connect to the internet, but this would not be an ole issue; it would be a straight connection, and the parent would automatically be explorer.exe (which you could allow or block, and no impact on other internet connection).
That’s should be a nice solution, if only winamp would be involved.
Unfortunately most of the apps running in background plus the ones I open, they try continuosly to comunicate, if I block in one way, they will try in another one (using other apps)
At this point you can image that I’ll not have just few rules to create, but a lot for me
Also if you consider a new app installed, I have to make too many rules for it with its parents apps I would to block
That’s very boring for me
I also experienced that not all the times choosing Allow the app involved will be authoryzed, I saw it in the app monitor as blocked, as far as other allert messages, also checking the box to remember my answer doesn’t help, the question box will arise again
Ok, CPF is free, but it seems to try to convince me to don’t connect at all…
Andy, I understand your dilemma, and frustration (and boredom!). This OLE issue has been submitted to Comodo for development/correction in upcoming versions of CPF.
Until that happens, CPF requires some interaction by the user, outside of what most users are probably used to (or desire). However, tho’ that is the “price” to use CPF, it is a lot stronger, more effective as a firewall, since most simply don’t monitor how your programs connect or interact.
Another method around it (I’m not sure this will work, as I haven’t tried it), is to turn off Application Behaviour Analysis; this may stop CPF from monitoring those OLE attempts. Then you can just block Winamp (or whatever app you want) by creating one rule for it, with “find the parent” set instead of choosing a parent, and that would be that. Might give that a shot. Again, I haven’t done it, but it seems like that might work.
Tks a lot for your suggestion and time, so, if I don’t understood wrong, switching off the ABA and setting just one rule for the app to block, choosing also “learning parent app”, it will stop that app to comunicate forever also through any other app, without blocking the secondary app
For example:
I create e new rule where winamp.exe is the app to be blocked, setting the parent app to “learn”, then, if I open OE, winamp.exe will not comunicate and OE will works fine alone…
I can try it in two ways, one is with ABA on (I think, in this case, OE will not works) and the other way is with ABA off (I suppose OE should work)
That’s should be a nice test, also if the results can help the softwarehouse to improve CPF
Unfortunately now I’m so far from my PC up to thursday, so I’ll not be able to perform these test so soon…
Anyway, just a little help more: Could you explain to me how to turn the Application Behaviour Analysis OFF??
I would strongly advise against turning it off completely. Why not try, instead, to find out which elements bother you most and leave the rest on? I, for example, had an issue with Anti-Hook and disabled the ‘Monitor inter-process modifications’ parameter. This solved my issue. By disabling the Application Behavior Analysis completely, you remove one of the strongest features the firewall has!
When I replied, I was away from my computer w/CPF, so I couldn’t look at the specifics about the ABA. Paul’s correct; you reach ABA by clicking on Security, then Advanced, then Configure in the top category, which is the ABA. I have attached two screenshots. The second one is the ABA Configure window. About halfway down, you’ll see a box next to “Monitor COM/OLE Automation Attempts.” This is the only one you will want to uncheck.
If you turn off the entire ABA, as Paul notes, you have just lost a huge security advantage. You can, however, just turn off the OLE monitoring, which is where your issue is coming from.
With that turned off, then yes, just create the rule as you’ve verified…
That should take care of the issue for you. Again, I have not used this method; I’ve created each individual rule for each app that tries to access the internet. It’s more time-consuming, but I prefer the higher level of security.
To give you an example, I have a program called XnView, which tries to connect if I’m connected. So I created a rule blocking the parent that showed on the alert - explorer.exe. I reboot. The other day, I had Word open and used the help file (which connects to the internet). Now XnView tries to connect via Word. I deny it, which shuts down my connection. So I create a new rule, blocking XnView thru Word (as the parent), and reboot.
The key with the OLE attempt is that CPF holds the memory of your choice (so long as you don’t select the “remember this action” option) to deny or allow access, until you reboot. So if you deny, it stops your connection, but only until you reboot; thus if you create a new rule, then reboot, you’re all set.
Hi, I think is not so easy to find a friendly and good forum like this one today… (:HUG)
tks p2u, very clear; you exactly shoot the missed target. I’ll do what you have just suggested.
I’m not a newbie with most of the apps, firewall included, but when I met CPF the first time, it was so different and powerful comparated with the other ones that I started to smell milk odour around me, like a children so young to be not capable enough to coordinates his movements while he’s drinking milk… :o
Anyway, I’ll decide quitely how to proceed, step by step, trying everything I learned from all of you in these few days. I strongly hope to come back here with good news. What I’ll have to do will not let me free for few hours; I know, everything has a solution, but it is not always easy.
Also if CPF will not stay in my system (I have to decide after the tests, with 60 Gb of apps that would to connect… you can image…) I would to try all the possible solutions for, mainly, two reasons:
CPF have me impressed a lot (I think was years it doesn’t happen)
I would to give you more results and information about everything I’ll do, I strongly hope to be helpful just a little bit for the future improvements of CPF; if it will not be so, at least it should help someone else. (:TNG)
2. I would to give you more results and information about everything I'll do, I strongly hope to be helpful just a little bit for the future improvements of CPF; if it will not be so, at least it should help someone else.
Yes, you are welcome to post the results of your testing. I’m sure it will help someone.
We appreciate your help.
