Never saw this one happen in in prior Comodo vers. Today I was doing alot of stuff. Before I get into all that, the main question is if you reset your Comodo configuration, in my case from “Firewall” to “Proactive”, does that cause the Comodo firewall to be reset on a subsequent boot?
This is what I did today. However, I could have sworn that I had rebooted Win 7 after the change to Proactive and the firewall was fine. However, when I subsequently rebooted into Win 7 after running in XP for a while(I have a dual boot) is when the firewall totally reset. I was greeted with that Comodo pitch screen to upgrade to Pro and it then told me it detected a new network connection which was the same as my previous one.
Luckily I did not have a lot of custom setiings otherwise I would be peeved.
What do you mean with " to be reset on a subsequent boot?". If you changed to Proactive you will boot in Proactive Mode each time you boot Windows.
This is what I did today. However, I could have sworn that I had rebooted Win 7 after the change to Proactive and the firewall was fine. However, when I subsequently rebooted into Win 7 after running in XP for a while(I have a dual boot) is when the firewall totally reset. I was greeted with that Comodo pitch screen to upgrade to Pro and it then told me it detected a new network connection which was the same as my previous one.
Luckily I did not have a lot of custom setiings otherwise I would be peeved.
CIS does not reset its self. What I have seen happen is that one can loose (part of his) rules after cfp.exe or cmdagent.exe has crashed.
Like I said, upon reboot the slash screeen appeared like you were doing a new installation and then the screen appeared that it had found a new network connection. However, the IP shown was the one usually assigned by DHCP for my NIC, 192.168.1.1? I didn’t know what to do at that point so I just accepted it. The text said it was for "Local Connection #1 identical to what it was previously.
To make things more strange, and the prior firewall logs details are still in place.
I have done an IPCONFIG /all and all looks normal. Also did a NETSTAT -a -n -b and all connections looked legit.
this is normal operation as rules and network zones are cleared once you switch to a new’unused’ configuration, It seems that the splash screen “Never show on start up” also resets,
Thanks for the update. That is at least a relief to know that a Defense+ policy change will cause a firewall reset.
What should be done for the next release is provide a warning message to this effect prior the actual Defense+ change being allowed. This would provide for the opportunity to export your current firewall configuration.
Lets say you use “Internet Security Configuration” and you use it for two days or so, and Program A and B are added to the firewall policy and Defense+ policy and AV Exclusion as well as Shell Code Injection Exlusions, now when you switch to “Proactive Security Configuration” Those Policies are saved and then erased and then the Configuration is set to “Proactive Security Configuration” Defaults (If never used Proactive Security Configuration)
The policies are not deleted from the face of the earth, but still in the other configuration;
I was under the assumption that when you switch from one Defense+ configuration to another, the existing firewall configuration; rules, network settings, and the like would remain the same. I guess I was wrong.
I still don’t understand why a change in the Defense+ setting which prirmarily controls running processes on your PC affects the firewall. The new default rules that were generated were identical to the old “firewall” configuration from what I could determine. I guess that is one disadvantage about having the detail generated firewall rules hidden by default. You can’t compare “apples to apples proactive” in this instance.
One interesting happening due to this change in configuration is I am not getting hammered with “destination unreachable” from my router firewall events like I was in the firewall only configuration. Perhaps the previously creating a firewall rule to allow ICMP 3,0 from my router to my PC was a mistake.
Time will tell …
There are no differences in the default firewall rules between the three security policies. Unfortunately, when exporting and importing a security configuration, it’s all or nothing. Currently, there’s no easy way to simply export and import, for example, just D+ settings, without resorting to registry manipulation.
With regard to handling ICMP messages, in addition to managing the Global ICMP rules, simply create equivalent rules for the Windows Operating System pseudo process. When using the Windows firewall, these inbound connections are controlled by the ‘System’ process but that doesn’t work for CIS.
Changing the configuration from “Firewall” to “Proactive” is not the same as changing Defense+ from Clean PC mode to Paranoid. Its a profile swap, so the settings are different, rules are not carried over.