A brownser from Comodo couldn’t for me mean otherwise than the safer on the market. So I downloaded Dragon version 8 and began surfing with it. And then anxiety followed excitement. I realised that Def+ (though in parano mode) didn’t monitor Dragon at all. I tried everything i was able to think of to make Def+ react but to no avail. So I posted in Def+ help’s forum. Two Mods tried to help me without success. Def+ gives Gragon the highest privileges and let him do as he whishes without a single pop. EricJH tested Dragon and didn’t get one single alert from Def+. He then advised me to fill a bug report, which I did. In the follow up of bug reports, the one I posted for Def+/Dragon is flagged NBZ which means that it won’t be tracked by Comodo Staff.
And there I’m disappointed. How is it possible that Comodo, a company which places so high the security of its customers and in which by the way I have great confidence, could consider as non important that its HIPS doesn’t monitor and gives the same privileges than an installer or updater to a brownser be it Comodo or not. For me, if there is one application that needs a strict control it is just a brownser.
So to my annoyance, as long as nothing is done to make Def+ monitor Dragon like any other brownser, I won’t use Dragon anymore and suppress it from my computer. In fact, Dragon running with the highest privileges and doing as he whishes without even my knowledge of what he’s doing, combined with a TVL full of vendors I know nothing about and on which I have no control, is in my opinion like having a bomb shell in my computer.
I ran into a minor problem with Comodo Dragon along with a few other things that have led me to try the Evil *Joke ? * Google Chrome again, for now, so maybe that would be a good idea for you as well.
But I would not give up on the Comodo Dragon bug report situation yet though, if I were you I would try to copy all relevant information down to a Text file or something, along with any crash dumps (if there are any, which there probably are not any in your situation), your Comodo version number, system information, maybe a KillSwitch log, etc.
Then e-mail it to the Comodo Support Team, fill out a web form report if there are any, submit it again to any possibly relevant forum categories, and try praying to Athena or something *Joke *.
But I would think one of the Experts here at the forums, Should be able to help you, unfortunately I am not an Expert so: “I can’t do nothing for you son.” -Quote From The Film True Grit
Other than suggest maybe you manually change the permission or privileges or settings or whatever for now, if you really feel like using Comodo Dragon so badly, or some other suggestions out there on the internet or try my first suggestion cough.
I will keep an eye on Comodo Dragon and hopefully will be able to return to using it soon, once the WOT issue is fixed.
Comodo Dragon is running fine, that’s not the problem.
The issue i’m pointing to is a security one : Dragon is granted the highest privilges by CIS and try as much as you can, there is no way to correct this.
I never read the entire thread on this, but since it possibly has to do with CIS trusting signed Comodo software, have you tried running Dragon inside a sandbox program such as SandBoxie?
I run IE in Sanboxie. Def+ (parano mode) still alerts me that IE tries to install hook, accesse monitor,… so I infer that Sanboxie does’nt completely isolate the brownser. For that reason, I don’t feel safe even in running Dragon in Sandboxie, I think that I’m still exposed to keyloggers, screenshots exploits,…but I may be wrong.
As you, I beleive that the problem comes from the fact that Dragon is Comodo and as such considered safe by CIS. But at the same time, signed Windows files are also considered safe by CIS, IE.exe is a signed windows file but is nevertheless monitored by Def+ in paramo mode as opposed to Dragon.exe.
Even if running Dragon in Sandboxie may solve or at least reduce the security hole, all CIS/Dragon users don’t have Sandboxie and are not aware of the problem. So it will be better if Comodo dev. could take the issue into consideration and make a patch.
That was one of the first thing I tried, but it didn’t have any effect . Are you in parano mode and do you receive Def+ alerts for Dragon? If yes, that’s interesting because EricJH tried too and didn’t either get alerts from Def+.
Firewall rules are fine with custom policy and Def+ are working too but it looks like you must move dragon out of Comodo folder or change group policy ( in protected files and folders ) for Comodo from C:\Program Files\Comodo* to C:\Program Files\Comodo\Comodo* since dragon is in C:\Program Files\Comodo\Dragon.
I’ve got full alerts with parano mode, custom access right to ask for all and protection settings set for IMA and Processes’ (sic little typo bug here I guess ).
Adding Windows/Winevents hooks will block the launch and generate both log line for Def+ ( log event targeting comctl32.dll ) and a debug.log in Dragon directory ( [0213/124819:ERROR:client_util.cc(257)] Could not find exported function RelaunchChromeBrowserWithNewCommandLineIfNeeded)
I’m sorry Regression I’ve already tried what you said and for me it doesn’t work.
I just gave it another try without success.
Dragon.exe drawn above everything in Computer Security Policy > Defense+ Rules
In protected files and folders C:\Program Files\COMODO* changed to C:\Program Files\COMODO\COMODO Internet Security*
Defense+ Settings > Monitoring Settings : everything is checked
Config : proactive
OS : XP SP3
Dragon rule : eveything on ask
I don’t get a single alert from Def+ when dragon is launch and runs.
How is it possible that you got alerts and not me, what could be different in you config?
My test were made from Vista (with proactive), Check twice that Dragon is not in your trusted files ( I guess it is not since when I try to add it it says it is already a safe application ) and try with C:\Program Files\Comodo\Comodo* to avoid blank/space (Problem handling files/folders names with space was seen before in XP sp3). Even if it is on last line of the list of Def+ rules it works here. Weird.
Dragon isn’t in my trusted files. I still coudnt trigger an alert from Def+ even after changing COMODO Internet Security* to COMODO* as you suggest.
That’s quite a mystery. If it works for you, it should for me too. I’ve been using Comodo FW and Def+ since 2007. But here I’m at a loss. I don’t see where the problem could come from.
I don’t think it is related but in Firewall general behaviour I checked create rules for safe applications and in Network Security Policy/application rule I set Block and Log All Unmatching Requests for dragon.exe
Further I log some common request like FTp…
Are Dragon events in firewall working for you ?
The FW behave normally for Dragon. First time I launched Dragon, I receive the usual alerts from the fFW till I made a rule for Dragon. If I ask for logs, they appear as well in the Firewall Events.
It’s just Def+ which makes problem. In the first post I made on Def+ Help Forum, I also mentionned that if I set some parts of Dragon Def+'s rule on block, well that’s respected by Def+. But the ask rules are ignored by Def+. So what isn’t blocked is automatically allowed.
If I manually sandbox Dragon, Def+ will accept it and behave accordingly.
I’d like to correct this, it just doesn’t mean it was entered in bugzilla, which by no means does mean that it’s not tracked by staff. Staff monitors all posts!
I have notified staff about 2 months ago about this CIS trusting Comodo’s own apps to much, specially in combination with add-ons etc.
The only way I have found to restrict Dragon is the following.
Only allow what you trust, and put a * on the blocked tab, also activate protection modes.
I’ll follow your suggestions and make block rules with exceptions. Now I’ll be able to use a secure brownser with my beloved CIS without a breach in my security.
Don’t you think it could be usefull to post your recommandations for Def+ Dragon’s rule in Dragon’s forum in some sort of FAQ so that every user of Dragon will benefit from it.
I’m happy that this problem will not go unnoticed by the Staff.
I’m sorry if I misunderstood the meaning of NBZ which I found in mouse1 topic (“What hapens to issues we report”) : (quote) “Otherwise it is flagged as [WBZ] which means that tracking is being considered or [NBZ] which means we have decided not to track it. Untracked issues may still be fixed - it’s just that mods don’t track them.”
Best thing would be that Comodo would fix this behavior and treat Dragon as any other app on D+
Just remember to check the D+ logging every now and then to see if there are things blocked from/to Dragon as there are no alerts anymore only loggings. It takes a bit of trial and error to allow all that’s needed.
And if something broke remember you have blocking active ;D
* Google Chrome again, for now, so maybe that would be a good idea for you as well.
