First off, congrats on your fantastic firewall. I’ve been using it for awhile and I think it’s one of the best free things in the world.
I’ve 2 questions though.
First, how is it that my Comodo doesn’t alert me about connecting to the internet when I start my utorrent client? It’s not on the application monitor list, and I don’t remember allowing it to connect (or remember the allow).
Second, I’ve got couple of CPF alerts about allowing connections for Firefox, even though it’s already on the application monitor list. Sometimes the alerts come in the middle of my session with Firefox. One of the alerts is about Firefox wanting server rights. Should I allow it?
I’ve taken a screen shot of what occassionally pops up when I’m using my Firefox, especially when I click on some link . If I click deny on the dialog box, Firefox becomes dysfunctional and the PC has to be rebooted in order to surf again.
This is identical to the pop-up I got after Firefox had updated to 2.0.0.1 yesterday. I think it is just that the firewall recognizes that Firefox has changed. Check your firefox version, if it has updated to 2.0.0.1 you should be safe to allow the connection.
Your popup has the following text: “A new parent application has been detected for firefox.exe.” Then it has “firefox.exe may be using firefox.exe to connect to the Internet.”
You think, “Well, of course firefox.exe is using firefox.exe to connect. Duh!” However, if you look at your Application Monitor, to the Rule for Firefox, you will note (I am confident) that the parent specified is explorer.exe, not firefox.exe.
Here’s what happens: Firefox as the browser, uses explorer as the Windows parent to connect to the internet (I think explorer is defined as the shell…). If you click on a link on a webpage, now Firefox becomes the parent app to that link (which is activated by Firefox). Confused? Think about it this way ~ if you click a link in your email client, you get a popup to let you know about the connection attempt. Your email client is allowed to connect to the internet (or it couldn’t do its job), but opening a link uses your browser, which is a different type of setting. Now put that into your browsing scenario, and think of Firefox in the same way as your email client.
Here’s the bottom line: CPF is protecting your computer. If it detects a type of activity that is potentially hazardous (using techniques employed by malware), it will alert you (unless of course you disable all its security settings). This is why CPF is #1 in the best leaktests; no other firewall comes close. It knows its job and does it well. (R)
Hope that answers that question. Now on to the first one.
If utorrent is connecting, and you haven’t disabled CPF’s security settings (doesn’t sound like you have, if you’re getting the Firefox popup), then you’ve allowed it to do so at some point. But it’s odd that you don’t see it in the App Monitor. Hmm. Have you created any network rules for utorrent? Are you successfully doing any downloads with it? Go to Security/Advanced/Miscellaneous, and see if you have the box checked, “Do not show alerts for applications certified by Comodo”; if so, uncheck it, reboot your computer, and see if you get an alert when you open utorrent.
You’re exactly right! The parent for Firefox and my flashget are both explorer. Think about it flashget does give me occasional CPF popups as well, even though it’s on the Application list…
So is the solution would be to change the parent to their respective programs?
Another question is, should I allow server rights for Firefox…? Is it safe to do so?
About utorrent, I’ve done port forwarding for that program, that’s all. I’m not sure if port forwarding is the reason why Comodo doesn’t give any alerts.
Well there you go… What I would recommend with Firefox (and Flashget) is to add a new rule for the new parent, rather than changing it in the existing rule. In general, FF needs explorer.exe as the parent; it’s what’s used for browsing. But then for the links, it will use itself as the parent. If you have only one but not the other, then you’ll get alerts. (When you get the alert, you can check “remember” and click allow; it should create the rule for you.)
On the Server Rights issue, when you get that popup, is the Parent svchost.exe? If you deny svchost, you’ll probably shut everything down, unfortunately; if you allow without “remember” then it’s a one-time thing only. Also, look in the Activity Logs for that High Severity Alert, for the destination IP address. It may be 127.0.0.1, which is an internal thing; no external contact. You can allow with remember, or go to Security/Advanced/Miscellaneous, and check the two boxes for “Skip Loopback…TCP/UDP”, OK.
Utorrent… well, most of what I see in the forums is people that don’t know why it’s not connecting with a green light. Yours is connecting and you don’t know why… If you’re using a router for the port-forwarding, such that on the computer side utorrent would be behaving “normally” that could be why you’re not having problems. If you scanned for known applications in CPF, it’s possible that utorrent is recognized as a “safe” program and doesn’t generate a popup in that respect.
Two things you can do there: 1. Go to Security/Advanced/Miscellaneous, and uncheck the box, “Do not show alerts for applications certified by Comodo.” Click Ok. Wouldn’t hurt to reboot. Start your torrent; see if you get a popup. 2. Add your utorrent into the application monitor; set the .exe as the Application, set the Parent to “Learn.” Reboot to set the rule. Go back to that rule, and click on it. Look in the Details box at the bottom. The top line is Security Risk: if it says “Safe” then your torrent app is in CPF’s encrypted dbase; thus no alert.
Another thing to do, start your torrent, and then look at Activity/Connections; see if the app is showing in there.
Btw is there a magic button somewhere that I can reset Comodo back to its default state, ie go back to its original settings, as if I first installed it? It’d be useful if I accidentally click ‘remember’ instead of just allowing it once.
If you click on ‘Security’ and select the application monitor and then right click on any of the applications on the list you can modify from allow to block or vice versa. See the attached screenshot.
:SMLR
You can also delete the rule entirely. After any of these changes, it’s a good idea to stop/restart CPF to set the rule; perhaps even reboot the computer.
To stop/restart: Right-click CPF’s systray icon, choose Exit, follow the prompts to shut down the program. Then go to Start/Programs/Comodo/Firewall/Comodo Firewall to restart it.
If you’re using a router for the port-forwarding, such that on the computer side utorrent would be behaving “normally” that could be why you’re not having problems. If you scanned for known applications in CPF, it’s possible that utorrent is recognized as a “safe” program and doesn’t generate a popup in that respect.