EQSysSecure.exe refuses communication with Comodo Firewall Pro

I keep getting a popup from Comodo firewall, telling that “EQSysSecure.exe refuses communication with Comodo Firewall”, and that it installed a kernel level hook. I know it does install kernel level hooks, it is part of EQSecure’s normal behaviour. I would like this popup to go away and not be displayed again. I added EQSecure files as “trusted application” to ComodoFW, set them to allow invisible communication, and skip advanced security checks for this app. I also trusted ComodoFW in EQSecure settings. It did not help! I gone as far as disabling Application Behaviour Analysis, but the popup dialog still came. The ComodoFW log says that this alert is from Application Behaviour Analysis, even though that is disabled. ???
How do I disable this popup please?
(screenshot attached)

[attachment deleted by admin]

You’re getting this alert because of the exact reason it says - EQSysSecure refuses to “communicate” with it. This is why the rules you set do not work. CFP has no authority over EQSS, and EQSS will not accept any communications from CFP. It’s not a CFP issue, it’s an EQSS issue. Unfortunate, because that limits what we can do to help you!

Basically, CFP is telling you, “EQSS won’t play with me.” I gather it is a security app, somewhat HIPS-like?

A couple thoughts…

  1. Was EQSS running/active when you installed CFP? If so, please shut EQSS down completely, uninstall CFP, reboot, shut EQSS down completely, and reinstall CFP.

  2. Can you Add cmdagent.exe & cfp.exe to EQSS’s Exceptions, allowing them access?

I can’t find out much about the application as the site is in Chinese, but I believe that one of our users also has this program; let me see if we can get some first-hand input.

LM

Thanks Little Mac,

If an CPF could provide a popup dialog with an Allow/Deny button, I don’t see what would stop it from automatically allowing the application. Why is my intervention (pressing Allow) needed again and again for the same application?

If I press “Allow” in CPF, that will not make EQSecure any more cooperative, will it? Still everything works OK after that. So could CPF please press the Allow button for itself if the application is trused?

The only visible incompatibility between the two applications is the dialog itself which keeps reporting something I already know, and don’t need to be told any more.

Regarding your questions,

  1. I installed EQSS after CPF
  2. I did this, but it does not help. CPF keeps complaining.

The problem is, CFP cannot create a permanent rule (thus, there is no “Remember” option) because EQSS refuses to cooperate with it. Thus, it is allowed for each instance or session only; the “rule” is not retained past that point, due to EQSS’s settings.

This cannot be changed by CFP. It cannot stop telling you that, because the conflict is continuing, and the other application is not responding “appropriately.”

I have PM’d another user that I believe uses both successfully, and asked for assistance on how that occurs. Hopefully, we’ll have an answer soon.

We can also go for:

  1. Shut down EQSS completely. Then uninstall CFP. Reboot. Shut down EQSS again. Then reinstall CFP. Perhaps reversing the order in this way will help with the conflict.

BTW, if you have already created some rules for CFP that you do not wish to lose, there is a batch file in this thread to export those rules; there are instructions on both export and import…

https://forums.comodo.com/index.php/topic,2366.0.html

LM

I don’t see what kind of cooperation would be needed from an other application in order for CPF to store into it’s own config file that whenever this application does communicate allow it without asking the user. Unless EQSS would block CPF from writing into it’s own config file, there is nothing else it can possibly do to stop a permanent allow flag for the application to be stored into CPF-s own config.
Note that CPF can allow the application after user presses Allow, no matter how uncooperative it is. I believe this is rather a missing feature in CPF: since this dialog is rare, they didn’t care to make a permanent allow feature for it.

Well, I don’t do programming, so I don’t know the ins and outs of how this would (or wouldn’t work) at that level. What I understand is that in general security terms, an application that “refuses to communicate” in this way is essentially indicative of malware. The firewall is there to provide security, to monitor all applications that do or may generate a connection, and allow the user to control that connectivity. If an application refuses to allow the firewall to monitor it and interact as needed, this would seem to be a threat. As I understand it, allowing the creation of a global or permanent rule in this scenario is considered to be a security risk of rather extreme proportions.

Granted there are some legit apps that do this; yours is only the 2nd that I’m immediately aware of. At any rate, I cannot change the situation, and do not have an immediate answer for you, I’m afraid. All that does not help you, I agree. Hopefully the user I PM’d will show.

You may also file a ticket with Support here: http://support.comodo.com/

Provide them a link back to this thread for reference, and keep us posted on their response.

LM

Thanks LM,
I submitted a ticket, and will keep you posted.

  • hojtsy

hojtsy,

The other user has responded via PM. This same problem occurred there as well. The “solution” was disabling EQSecure’s auto-updater; apparently this is what was triggering all the alerts.

You may try that to see if that works for you as well. I presume you can still update manually.

LM