Discussions on how CFP 3 Alpha works (NOT for bug reports) [Closed]

This a place For general discusion on the functions and use of CPF (V3) Alpha
Please do not post bug reports here
To post bug reports please Click Here to post your bug reports for the Developers.

If you just have something you want to workout but you do not think it is a bug this is the place to discuss it with other users. If you have something to discuss please click reply you need not read my, what promises to be, very long winded analysis. I will post my public notes at the bottom of this post (please forgive my sometimes dyslexic typing

I just loaded CPF Alpha 1.0.0.0 and it looks impressive and I think this is a lot more to learn than v2.4 Thanks Melih (B)

Well, they told me if want to learn to swim you’ve got to jump in the water. Oh well Hope I don’t Drown! Here it goes!!! (R) :■■■■
Opus Dei

I really like the learn mode. It’s nice to know how programs interact with others. I’m always cutting and pasting data between my browser and email programs. Comodo seems to catch every move of data from one internet program to another. CPF could almost double as a spyware program.

Hi,
First of all, comodo is a great firewall.
But I have an issue with Defense+. When installing applications, defense+ keeps prompting me for all sorts of access - memory, protected files and etc. It keeps prompting me and it can be quite a daunting experience. You guys have this issue ?

I’m still a bit “unsure” on the firewall and the HIPS, will the normal HIPS like behavior of the firewall still be there even when the HIPS is deactivated (just like the behavior of the previous versions of the firewall)
@dodo4
the Defense+ is the HIPS, it normally asks you whether to run this process, allow this process to hook onto a process. Think of it as a system firewall which asks you if you will allow this program to do this, just like a firewall that asks you if you will allow this program to use the internet

Thanks for the explanation. I understand what a HIPS does, but still, it does not help in resolving an issue which I have stated.

Is there a category which we can assign when we install applications. For example, when I install a DivX plug in, the Defense+ will give us an option to put this as “installing application”. After the installation, the firewall automatically clears the application in the group.

Hi,

is there a helpfile already available?

I’m just wondering what’s the difference between learn safe only and learn all.

How do you handle new setups (office 2003 etc.) do you allow all for the moment when execute the setup or do you take care of the whole process with CFW3 (Defence +)?

Dodo,

As a general rule, you should turn off/close all apps etc. when installing any software. That’s why I hate software that tells me to close everything but then demands access to the 'net!

Peter.

just 1 question.

For v3.

I was looking at all the screenshots from here Comodo V3.0 alpha is out | Wilders Security Forums

And i was wondering v3.0 should have everything that 2.4 has plus more right?

well just 1 thing does v3…0 have Application behaviour analysis and advanced attack detection and prevention as i see that in 2.4 but not in v3.0. i am sry if it already there but i don’t see it :stuck_out_tongue:

the final version will be much less noisy. It will even have an option to allow you to mark a PC safe (for example, when its a new install or when you are sure that your PC is clean after checking it with av etc) and this will make sure there won’t be any popups… with new installs, we’ll make sure to give the full safelist with the final version and keep the safelist growing.

Melih

Comodo 3 is really Great, I loved it! The most perfect firewall I ever saw, even better than Sygate!

A few things I’d like to keep as they are now:

  • default options on alerts: Alerts UI is fabulous, default options should always stay on “allow the request” and Remember should always be unchecked, these 2 things avoid the user to commit mistakes: “all alerts will be set to allow just this time, if that’s what I want I just click OK, if I want something different I change the options, and if I mistakenly click OK the app will not stop working and the error won’t be permanent, so I must not fear errors”.

  • I set alerts to maximum so that I have full control, and they are not annoying me, it’s cool to read each alert info and answer to them. That’s art, idk how you did that but for sure CPF’s UI developers are great professionals.

  • Give keyboard access to each app is a must! keyloggers are gone! (:AGY) How about do the same for print screen? :■■■■

Some things that can be improved:

  • DLL alerts are very good to fight IE spywares, but also IE opens so many dlls… and the alert only shows the dll name, it could show its full path. And I hope when CPF goes to release or hopefully beta the Security Considerations says if the dll is Windows original or was installed from something else!
    Maybe create some feature to group dlls and allow/block them all together. Exemple: there could be a group for Windows dlls to be allowed to all apps; if I develop a group of dlls to use on apps that I develop I create a group called “Hikari DDLs” and control access to them, and also “Borland DLLs”, “Java JNI DDLs”, “IE bars DLLs”, etc.

  • Shortcuts! Create shortcuts to free mouse use on alerts! Exemple: Ctrl+A sets Allow, Ctrl+B sets Block, Ctrl+T sets Treat as and opens the listbox to be selected with keyboard arrows, Ctrl+R checks Remember, Ctrl+Space clicks OK, Ctrl+Z clicks Cancel, etc. Enter, Backspace, Esc, etc should not be used as shortcut to avoid mistakes, and of course we should be able to customize the shortcuts! :BNC

  • Firewall Alert: when an app tries to connect, it should show destination’s DNS name, and not only IP.

  • Defense+ always says “something is trying to execute something”. This execute is too much vast. What I understand as execute is when a process is executing a program to create a new process. Instead should be some verb like load. It would also be cool to be informed if it is accessing an already opened dll/executable or if it will be loaded to memory.

  • Game Mode! A mode that when is active alerts keep popping, but never steal focus or go over other windows, OR all requests are temporary allowed or blocked.

(B) (L) (M) (R) (V)

Nope Comodo is still working out the bugs IMHO this probably won’t be out until the final release

I find it slightly amusing that defense+ wanted me to allow the UAC window to open on Vista
Great product, can’t wait for the final
(B)

[THIS IS GOOD]

Another suggestion. On policy and rule edit window, put a checkbox to disable it without needing to delete it, and change its color on policy/rule list to let it clear it is disabled.

I only want to say that I’m VERY IMPRESSED!
This is a great peace of security software! This will be a milestone!
(V) (B) (L) (R)

I like that idea too, Hikari.

jasper

Hi Melih,

I was about to make a request of a feature like this. Good to know it will be added. :BNC

ps. Can you please explain a bit how the new Hips of Comodo works and what are the parameters it checks? Checksum, date of creation, date of modification, folder that resides, etc. of the files? Which of the above are included in the new hips?

ABA (aplication behaviour analysis) is found in FIREWALL - ADVANCED - ATTACK DETECTION SETTINGS - MISCELLANEOUS. It’s a bit hidden, but it’s there.

Ewen :slight_smile:

we will release all these details with the final if you don’t mind Pandlouk.
thanks
Melih

Ok, I can undestand why. I do not mind at all. :SMLR
I was just curious. (:TNG)
I’ll wait until is officially released.

thanks,
Panagiotis