An application I started brought up an alert from defence+ that it was going to access a certain folder and file in my system that I did not wish it to. I specifically selected the BLOCK This Request radio button. When I clicked OK the program deleted itself. I performed the Diagnostics and :
[b]---------------------------
Information
The diagnostics utility did not find any problems with your installation.
OK (no? Not OK??)
---------------------------[/b]
\Device\HarddiskVolume2\apps\Convert2Play.exe wanted to modify \Device\HarddiskVolume2\apps\Convert2Play.exe. I said no and Comodo Defence+ did not stop the action.
So I deleted all references to \Device\HarddiskVolume1\Program Files\FreeCommander\FreeCommander.exe in the Defence+ rules and did some testing. I answered BLOCK This Request to every defense+ alert and every action FreeCommander wanted to do it did regardless of the choice I made.
I set FreeCommander as an isolated program and it did just as it pleased with no interference from defense+.
I manually set its process access rights to block all and restarted FreeCommander and it was like it had no restrictions at all. This was same in safe mode and clean pc mode.
I archived the comodo instalation folder and I am going to reinstall I also backed up the registry [HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup] and [HKEY_CURRENT_USER\Software\ComodoGroup]
if any one cares.
You got the default action set to block (from now)…
However if you changed to this recently then you might have some “hidden” allow rules that got saved previously.
You see those “modify” buttons you got on that picture?
Try clicking ALL those…
See if you you have any “allow rules” in there… If so remove them… =) and the application should be fully isolated. =O
CIS got those controls so you can literally control a application to the fullest… eg you can allow a program to open “bla.exe” and “hihi.exe” but not “badass.exe”… =) Hope my response made sense… =)
I have reinstalled CIS_Setup_3.8.65951.477_XP_Vista_x32.exe and nothing is different.
MD5=
8F89A249AF1FA3D06749FDE3808A116A
Operating System: Microsoft Windows XP Professional 5.01.2600 Service Pack 3
As this seems to be a real issue I am installing threatfire until my concerns are addressed. I am going to test the anti virus and fire wall now as well.
UPDATE: Comodo firewall did block threatfire from updating as it should. when I reset the rule it allowed the update properly.
AVTEST part 1:
downloading known badguy with AVG and COMODO-AV ready:
Sorry Monkey_Boy=) I forgot to thank you for your help. I must be posting this in the wrong forum.
I wonder if I should try to install an older version of CIS?
UPDATE:
Complete reinstall of windows xp
installation of WindowsXP-KB835935-SP2-ENU
installation of XPSP3_RTM_UPD_UNF_EN
Installation of CIS_Setup_3.8.65951.477_XP_Vista_x32
start C:\Program Files\SysinternalsSuite\Procmon.exe Defence pluse says
\Device\HarddiskVolume2\Program Files\SysinternalsSuite\Procmon.exe
Access Memory
I say no!
Procmon.exe does as it danged well pleases???
I manually set all the advanced Computer security policy rules for Procmon.exe to block and start it right up and COMODO just lets it do what it wants. I dare any one else to try this with my setup and tell me I am wrong and why I am wrong.
UPDATE:EICAR Standard Anti-virus Test File was caught after it was loaded to my desktop and I left clicked it but I would have felt better if it had not gotten to my desktop at all.
Downloading /CIS_Setup_3.9.73015.489_XP_Vista_x32_BETA.exe I hope this works better than the release.
the beta works like a champ.
I may be stupid and useless but I got my COMODO working.
I may be a spamming aggravation but as far as I am concerned I did good.
this version clamps down hard on any app I tell it to and policy rules are saved and applied ASAP.
Downloading … Checking updates…one reboot no…checking next update reboot…OK now up to date.
I Emailed John to say Its OK with me to lock this thread. I am reassured that the issue has been resolved with the Betas. If there was indeed and issue.
