Explorer.exe blocking problem with Defense+ "Isolated application" setting

Today I had a problem. Only registry backup saved me.

English is not my native so sometimes I am using a dictionary software to find appropriate words. So today I was writing a post in some message board and launched the dictionary from the start menu. As I had recently installed a fresh copy of Windows XP SP3 I was not surprised to see that Defense+ was asking what should I do with this app. I wanted to put it on the “Trusted” list but there was no such option (BTW, can anyone explain, why Trusted option sometimes is not visible on the list?). So - oh, I fool! - I chose Isolated application. I thought it means that the software will run as some standalone app without interacting with other processes and I decided that is what I need. Woops. I got some message about “Windows is unable to access the path.” Thought it was some glitch in a program. But it was not. Now I could not open ANY application at all. All of the shortcuts gave me the same error.

Rebooted PC and hoped to get rid of the problem. No way. When I double clicked the IE8 icon to get online and find help, I just got many copies of “Shortcut to Internet Explorer” appear on the desktop.

I thought that this is some virus, but I was not afraid because I had a full backup of my C drive. Still decided to restore registry backup first (I am using ERUNT utility). Oops - I cannot run it because of that permission problem. But I tried Run as… and use another user’s account and that worked! So I restored the registry, rebooted and everything was fine.

I decided to try the trick again to see if it really is a problem with the Defense+. Did the same with that dictionary again. Defense+ stores settings in the registry - so it forgot about that program because I restored registry. This time I studied the Defense+ message more carefully. It told me that explorer.exe is trying to execute the application. So Defense+ was not asking permission to execute the dict. app. but permission for explorer to execute the app. And for the sake of the experiment I chose “Isolated” again. And again the same problem. So it came to me that maybe Defense+ set explorer.exe as a isolated application and not the dictionary.

After the second time restoring the registry I chose just “Allow” for the dictionary without setting it as a special application. This time everything was OK.

So I think of course it is my fault that I did not think about what means “Isolated” and did not think which application will get isolated - the explorer.exe or dictionary.

But still I think that something is not quite right with letting the user to apply such a dangerous setting for a system application (explorer.exe). Besides in the message it was said that explorer.exe is trusted app so I assumed that the permission is needed for the dictionary and not the explorer.exe.
Misunderstanding… and not me alone ;D

https://forums.comodo.com/help_for_v3/comodo_is_blocking_my_exes_i_think_i_just_made_a_huge_mess-t18883.0.html

It took them almost three pages to find the reason. I have spotted it to be related only to “Isolated application” in my case. Do not know, which option did the author of that thread choose, but my guess is - “Isolated application”.

And the issue is not fixed after more then a year. Should I report this as a bug or the developers are aware of this?

I am not sure whether to call this a bug. This type of powerful firewall has a learning curve I am afraid.

Making Explorer isolated can be a pain.

I recently did it in a moment of not paying attention. It still took me a reboot and some thinking for a total of 15 minutes…;D And then I am supposed to be an experienced user…:smiley:

When explorer starts a known program I will allow and set to remember. When it starts an installer I simply allow without remember. Works like a charm.

Yes, I guess it is not a bug, more just an ambiguity: it was not obvious which program are the options in the CIS message related to - the dictionary or the explorer.exe. I assumed that CIS assumed ( :D) explorer.exe to be trusted and only the dictionary needed my permissions to run.

Thanks for the hint about using that “remember” checkbox more often, I guess I 'll stick to your advice.

If you do it again it is possible to boot into safe-mode and change the explorer.exe setting from Isolated.

Matt

I very foolishly did the same thing, accidentally isolated explorer. I was then blocked out of everything including reboot. Here is a quick step summary for anyone else who needs it.

  1. Hard reboot into safe mode, log on as administrator.
  2. Start cfp.exe from Comodo Directory under program files
  3. Click into the Defense + Tab on the top icon bar
  4. Click into Advanced Screen from the left icon bar
  5. Click into Computer Security Policy
  6. Find Explorer under the Windows System Applications and if it has a ‘Treated As’ status of ‘Isoloated’, select it and remove it.
  7. Apply changes, exit out and restart.

Hope that helps someone.

there is a order in D+ window.

The app shown on left side in the window, is the app, that does something. On the right sight is the file which is influenced be the app on the left side.
So every action you choose is always part of the app on the left side.

I had given a wishlist sometime back for this at the following link

https://forums.comodo.com/defense-wishlist/rule-for-explorerexe-t48341.0.html

In such circumstances (when explorer is blocked) you can open taskbar (Alt+Ctrl+Del in XP) and the programs will open through taskbar. So open CIS (through browse) navigate to defense+ delete the rule for explorer from defense±advanced-computer security policy.

But, it is always a dangerous situation as novice users will call a computer expert, who would suggest formatting stating virus attack and most other users may opt for restore, loosing some of their data.