On 12/2 I posted a request for help because the firewall is not working properly.
I have it in learning mode and still get pop up box showing that Site Advisor or Prevx is trying to access the internet.
The box is already checked to remember my choice.
If I look at the permission logs, the sites are listed.
So why do I still get these pop ups and how do I stop this from happening.
I use Site Advisor and Prevx as examples but there are other programs that I get the pop up for.
Thanks.
j
jst42day,
If the application changes in any way since you have checked “Remember” and clicked “Allow,” CPF will provide an alert to let you know (since it doesn’t know if the program has officially updated or if it has become infected with a virus).
If the application changes the way it is attempting to connect to the internet, such that it is different than when you previously allowed it, CPF will alert you.
Here’s something to try:
Go to Security/Tasks/Scan for Known Applications (lower right corner). Follow the prompts. When it’s done, go to Security/Advanced/Miscellaneous and check the box “Do not show any alerts for applications certified by Comodo.” (2nd one from the top)
Reboot your computer.
If you get a popup for an application you wish to always allow to connect (note what it says the “Parent” application is), check the box to “Remember” and click “Allow.”
If you get a popup about one of these applications, and there is no “Remember” box, it’s because the application is trying to connect in a potentially dangerous way (CPF will give the type of communication it’s trying to do). You can Allow or Deny only in that case. If you Deny, CPF will close down your internet connection, as it deems that your system is in danger. Depending on the type of connection, you will either have to stop/restart CPF, restart your browser, or reboot your computer to clear the block setting. If you allow, CPF will only allow that instance.
Hope this helps,
LM
I’ll try it.
And thanks for the help.
j
have the same problem, and tried this without any help.
comodo keeps asking about the same programs over again, despite they have been set as always remember.
frustrating when youre on the network, and the same warning always comes up.
If you are on a network, have you created a trusted zone?
yes my network is in a trusted zone.
guess ill try a reinstall, just have to write down my current rules
You can save your rules with the backup script in firewall/help section in this forum.
yes did that when i reinstalled last time, then i got this problem,
Date/Time :2006-12-11 14:47:31
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (WCESMgr.exe)
Application: C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
Parent: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
Protocol: TCP Out
Destination: 169.254.2.1:1102
Details: C:\Program Files\Microsoft ActiveSync\wcescomm.exe modified the memory of C:\Program Files\Microsoft ActiveSync\WCESMgr.exe in memory.
Date/Time :2006-12-11 14:47:31
Date/Time :2006-12-11 14:47:31
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (wwasher.exe)
Application: C:\Program Files\WebWasher\wwasher.exe
Parent: C:\Program Files\WebWasher\DelayRun.exe
Protocol: TCP In
Destination: 127.0.0.1:8080
Details: C:\Program Files\WebWasher\DelayRun.exe modified the memory of C:\Program Files\WebWasher\wwasher.exe in memory.
Date/Time :2006-12-11 01:33:35
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (Opera.exe)
Application: C:\Program Files\Opera 9.02\Opera.exe
Parent: C:\Program Files\yz_dck0083\YzDock.exe
Protocol: TCP Out
Destination: 127.0.0.1:pop-3(110)
Details: C:\Program Files\yz_dck0083\YzDock.exe modified the memory of C:\Program Files\Opera 9.02\Opera.exe in memory.
Date/Time :2006-12-11 01:32:08
Date/Time :2006-12-11 01:32:08
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (wwasher.exe)
Application: C:\Program Files\WebWasher\wwasher.exe
Parent: C:\Program Files\WebWasher\DelayRun.exe
Protocol: TCP In
Destination: 127.0.0.1:8080
Details: C:\Program Files\WebWasher\DelayRun.exe modified the memory of C:\Program Files\WebWasher\wwasher.exe in memory.
Date/Time :2006-12-10 01:29:19
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (DCPlusPlus.exe)
Application: F:\ftp\fuldc\DCPlusPlus.exe
Parent: C:\Program Files\GPSoftware\Directory Opus\dopus.exe
Protocol: TCP Out
Destination: xxxxxxxx:490
Details: C:\Program Files\GPSoftware\Directory Opus\dopus.exe modified the memory of F:\ftp\fuldc\DCPlusPlus.exe in memory.
Date/Time :2006-12-10 01:29:17
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (DCPlusPlus.exe)
Application: F:\ftp\fuldc\DCPlusPlus.exe
Parent: C:\Program Files\GPSoftware\Directory Opus\dopus.exe
Protocol: UDP Out
Destination: 192.168.1.1:dns(53)
Details: C:\Program Files\GPSoftware\Directory Opus\dopus.exe modified the memory of F:\ftp\fuldc\DCPlusPlus.exe in memory.
Date/Time :2006-12-10 01:17:53
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (Opera.exe)
Application: C:\Program Files\Opera 9.02\Opera.exe
Parent: C:\Program Files\yz_dck0083\YzDock.exe
Protocol: TCP Out
Destination: 127.0.0.1:pop-3(110)
Details: C:\Program Files\yz_dck0083\YzDock.exe modified the memory of C:\Program Files\Opera 9.02\Opera.exe in memory.
Bill,
If you decide to reinstall (which might/might not be a quick fix), I personally wouldn’t try to import/regenerate your old rules; not if you are having difficulties with CPF working properly.
I’d recommend going with the Automatic install (versus Manual/Advanced). Once installed, run the Network Wizard (Security/Tasks/Define a New Trusted Network - lower left); then run the Application Wizard (Security/Tasks/Scan for Known Applications - lower right); then reboot.
That will give you a clean slate to work from, and automatically identify/set up the majority of applications and network needs.
If you continue to get a lot of popups, when you already have identical rules (application/parent/protocol/destination/miscellaneous, no updates or changes to the application software), you can go to Security/Advanced/Miscellaneous, to the Alert Frequency slider and lower the alert settings if you want.
You should not be getting multiple popups from CPF for applications that have an identical existing rule, unless the application has changed (ie, been updated, etc). If it changes, CPF will have noticed the checksum change and alert you.
Hope this helps,
LM
guess its something on my end, but after reinstalling comodo and following every advice it wont remember the settings.
Guess ill have to look for another firewall, because checking the same warnings everytime is not productive.
Date/Time :2006-12-12 15:38:47
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (Opera.exe)
Application: C:\Program Files\Opera 9.02\Opera.exe
Parent: C:\Program Files\yz_dck0083\YzDock.exe
Protocol: TCP Out
Destination: 127.0.0.1:130
Details: C:\Program Files\yz_dck0083\YzDock.exe modified the memory of C:\Program Files\Opera 9.02\Opera.exe in memory.
[attachment deleted by admin]
Bill, this Alert is not a duplicate alert for an Application Rule you already have in place.
This alert is a warning from CPF that YZDock has modified Opera’s internal memory. I’m guessing that YZDock is a browser bar/BHO of some sort? Oh, ok, I see a little better (did some quick research). It’s a utility-type shell simulating an OS-X environment? Looks like it’s using Opera as an integration/internet tool. This is why you’re getting the popup; it’s modifying Opera every time it’s started up.
This is part of what I was referring to when I said you shouldn’t get multiple popups for identical existing rules unless the application has changed; CPF notices such changes as they can be used to exploit your machine (trojans, etc).
You may find some results by creating a rule for Opera.exe (this may be an additional rule), where you set YzDock.exe as the Parent, with TCP Out, Port 130. Then go to Security/Advanced/Miscellaneous, and check the “Skip loopback connections - TCP.” This is the 127.0.0.1 IP address in your activity log (it’s an “internal” address used by the system).
Hopefully that will resolve it for you.
LM
installed the latest beta, and seems its remembering now.
will test it out
Be sure to update us…