Will it be possible to stop blocking games as this stops online games functioning as they should?
Firewall Tasks > Common Tasks> Define a New Trusted Application will create allow rules for any application which is not whitelisted (including games).
Online Games should work fine provided the users did not use the Stealth port wizard option “block all incoming connections stealth my ports to everyone” .
In such case Global rules for inbound ports should be configured manually.
I really miss the lack of “Gaming/Full Screen” silent mode. I play Battlefield Bad Company 2 regularly and have faced serious problems with Comodo’s annoying constant pop ups in the background whenever a (currently) non-registered app tries to connect to the internet and I am ALT Tabbed back to the desktop. This sort of behavior causes “Punk Buster” to send a message to the Game Server to forcibly terminate my connection (Auto Kick from Game Server Admin) due to an assumed “connection break” which is extremely annoying. My older firewall had a Full screen “Silent mode” which prevented exactly this sort of problem.
Note that its not the game itself (BFBC2Game.exe) nor the PB services that are causing the problem in the sense that I have granted them “Trusted” status in Comodo. Its other apps that have not yet been authorized by me that are causing a problem.
I use “Custom Policy Mode” for Network Defense where apps I commonly use are already granted Trusted status. Granted that this problem should disappear over time as I have a fresh install of XP running but its just plain annoying until it does. Maybe using “Training mode” rather than “Custom Policy” in the Network Defense option would get around this but I am not sure. Needless to say, this sort of “constant mid game disconnect” might well be construed as “suspicious behavior” by the Game Server admin, especially when it happens so often. The last thing I need is a permanent Ban from the Game Server admin because of something like this.
I sorely miss an option within the Network Defense options where any non-trusted apps that launched while one was in full screen mode where handled “quietly” and more elegantly (preferably with an “access denied” behavior) while adding the app to the “Files Waiting for review” tab in Comodo rather than forcing an ALT Tab back to the desktop. I don’t know if this “force ALT Tab” behavior is by design or a glitch but its -extremely- annoying.
Great firewall overall were it not for this and the glaring absence of an Custom IP Blocklist import feature I would have stuck to it for sure considering my earlier firewall option is not free.
This only works until the game is updated or patched. Then you have to go through the procedure all over again which is very annoying.
This worked expecially well (from 02 July 2009 till today) in Safe modes even after updating the executable such policies were meant for
Well TBH, I personally prefer that any “updated/patched” app (modified executable) that was previously trusted should warn the user with a popup if it were modified since its last run. No issues with this at all. Besides, it would not cause the problems I currently face because the pop ups would occur well before I actually connected to the game server.
My problem is with traffic associated with “unknown” apps force ALT Tabbing to the desktop while one is in already in full screen mode and connected to a game server.
It looks like this approach was superseded by D+ ability to track file changes in realtime (providing a protected file alert when appropriate) but indeed a reasonable amout of posts wished for the hash based approach that was used in CFP V2.
There is at least way to automatically deny such alert automatically by activating the corresponding Parental control options.
Those alerts will be eventually displayed when password protection is disabled.
Though by using Custom policy mode the safelist is disabled and anything without a policy get treaded as “unknown”, it is unclear why so many apps (without policy) attempt a connection just while you’re running a fullscreen game and whenever parental control options might (or might not) provide a less annoying approach in such case.
Perhaps it could be more practical to create an “All Application” Firewall rule to block all network connections and manually trust applications allowed to bypass such restriction
In theory there could be a way to temporarily enable such options/approaches also by means of switching to an alternate configuration (using CIS tray icon Configuration menu) but the alternate configuration policies will not be (automatically) “in sync” with the main configuration ones and this is likely to make such approach less practical when the overall policy setup has not been finalized yet.
Sorry, but it has never worked for the files of the most popular game on the planet, World of Warcraft. after every patch or update, the files would need to be re-added.
Looks like your choice of running WoW using CleanPC mode might have something to do with that whereas such updated files are not digitally signed…
Firstly, many thanks for your prompt replies Endymion - greatly appreciated!
I wasn’t aware of this - it could solve my problem. However I have a couple of questions. This option would work great for apps that I have not given “Trusted” access to yet. But what about existing apps? For example, I buy games via Steam (Valve Software) and therefore use the Steam client. The Steam client keeps games up to date by automatically downloading and patching them as needed. How would this work with Parental controls? What I mean is if I have granted “trusted” status to BFBC2game.exe and Steam.exe and there is an update for the same via Steam, will Steam be able to patch BFBC2 properly or will access be denied (silently) until I expressly allow it by accessing the parental controls option?
You stated in your post-
“Those alerts will be eventually displayed when password protection is disabled”.
Is this the only way to know whether such an event has occurred? Do you mean that one would need to keep checking it regularly? I would have thought it would show up as an alert in the Firewall Summary Window albeit with restricted access which would be parental password controlled?
Though by using Custom policy mode the safelist is disabled and anything without a policy get treaded as "unknown", it is unclear why so many apps (without policy) attempt a connection just while you're running a fullscreen game and whenever parental control options might (or might not) provide a less annoying approach in such case.
Its just plain bad luck I would say. Needless to say, all the alerts so far have been genuine apps and none of them are security risks. Java updater (Jusched.exe) is one example that I recall very clearly causing a PB related disconnect. There were a couple of others as well, one being my antivirus (Avast) which I fixed by enabling “Silent/gaming Mode” (yes it has one!) apart from adding it to my “Trusted” list.
Perhaps it could be more practical to create an "All Application" Firewall rule to block all network connections and [url=http://wiki.comodo.com/CIS/Help_Guide/Firewall_Task_Center/Define_Trusted_Application]manually trust applications [/url] allowed to bypass such restriction
How do you mean "All Application Firewall rule?
What I did when I installed Comodo was I immediately switched from “Safe Mode” (or was it training mode?) to “Custom Policy Mode” and manually added my trusted apps. I forgot to add my anti virus and Jusched.exe (and a couple of others) which is why I got Alt Tabbed to my desktop in mid game when they executed. Lousy timing to say the least but there you have it. 88)
In theory there could be a way to temporarily enable such options/approaches also by means of switching to an alternate configuration (using CIS tray icon Configuration menu) but the alternate configuration policies will not be (automatically) "in sync" with the main configuration ones and this is likely to make such approach less practical when the overall policy setup has not been finalized yet.
This went over my head. I don’t understand what you mean. In any case, I need a practical solution not a theoretical one.
Thanks again for your replies…
Even in case they happen while the game is running, those blocked events should be logged and could be confirmed using CIS events/log features.
So it would be possible to run a game a deny all firewall alerts and eventually check the logs any time after the game was terminated (and Parental control disabled)
Basically it is possible to use different configurations with different options (and policies) enabled. Before running a game it would be possible to manually activate the alternate configuration using CIS tray icon.
Eg. It wold be possible to create a config to automatically deny new Firewall alerts and activate such configuration just before running a game:
The most noticeable drawback is that the activated config should already contain the policies necessary for the game (and other trusted applications) to work.
Nothing prevent the user to configure the appropriate policies for the game only in such config or in alternative to copy (import) the main configuration from time to time (to update the policy used in the “alternative” config) and then change the option that should be active only while running games.
The “all application” group match any application with any path ( * ) it would be possible to creat a firewall rule that block any network connection by default and use “Define a New trusted application” (Firewall > Common Tasks) to allow network access for any trusted application (thus removing the need to use parental control).
It would be possible to create also rules to allow network connection for any application previously installed in a specific path (eg: C:\games*)
Parenal Control provide an option to suppress and automatically deny alerts for D+ and Firewall separately so you can suppress and deny Network alerts alone in a somewhat way similar to the one you mentioned earlier:
Application updates are likely to trigger D+ alerts and D+ alert suppression might prevent these actions, though using Installer policy (D+ safe mode) it should be possible to bypass this restriction for any known application and any (unknown) additional executable (update) such application will spawn.
No, the problem is that they are signed but Comodo does not recognize them as such and will not even let you submit them for analysis saying that there is a “compression error”. You also can not add Blizzard to the trusted vendors list because it says the files do not have a valid signature even though everything else indicates that they do. In versions prior to 3.14, I could add Blizzard to the trusted vendor list but since 3.14 and now 4, I no longer can. We’ve been asking for ages for better compatibility for this hugely popular game and things have gotten worse instead of better. In my opinion, the last somewhat usable version was 3.13 and you had to jump through some hoops even with that to get things like WoW and the Steam games to work right.
The problem would be even worse if I was using anything other than Clean PC mode. (and forget even thinking about enabling the sandbox. That causes a total nightmare.) Safe mode causes even more problems and not only with games. It prevents other things like DVD Flick from operating correctly.
I am getting closer by the day to dropping CIS altogether and just using one of the other free AV’s along with the Windows firewall. At least then, my favorite apps will all work and I will even be able to turn on System Restore and know that it will work if I should ever need it. (It’s currently off because CIS prevents it from working and I wouldn’t go anywhere near CTM even if you paid me to.) It’s sad that I may have to settle for lower security to be able to use my machine the way I want to.
In my opinion, CIS will never be accepted by the mainstream of PC users because it will never be user friendly enough if it continues in the path it has taken up til now. I certainly would never recommend it to anyone who didn’t have a fairly good knowledge of what goes on inside their machine.
Hope you don’t mind if I ask you if there is a bugreport topic where you clarified what “everything else” actually means: If it does mention an invalid signature, chances are that there is no digital signature at all even tough the version ifo of those file might mention that “blizzard” as the Company Name which relased such executable.
If there is indeed a digital signature it would be a bug and thus a poor example to make a point even though there is no doubt that a bugreport clarifying such details would be a great contribution to allow devs to identify the issue and provide a fix.
I posted after 3.14 came out that I could no longer add Blizzard to the Trusted Vendors list and also that the main WoW exe and it’s Launcher exe always show up in the purge list as invalid files even if you purge them and then let the program create a new rule for them the next time they are run. My postings were ignored as far as I could tell. It seems that since 3.14, woW has become like a rogue app or something. It’s just plain ridiculous.
That’s an harsh thing to say but newethless could be fitting for those sharing you indvidual experience.
As for mine I didn’t have any knowledge of what did go on inside my machine before starting to use CIS.
It was using CIS that I had the chance to learn and understand such things.
Perhaps in the end it is all about mindset and not about “paths”.
Could it be that blizzard din’t digitally sign wow.exe and laucher.exe anymore?
Maybe, but my mindset is that people should not have to learn about these things in order to use a security application. I would suggest that CIS did not allow you to learn these things, it necessitated that you do so.
There is no way anyone’s chance to learn should be limited for argument’s sake:
I guess it should be to each their own and by far this provide the “rightful” chance to those willing to learn:
The others will obviously get what they wish for with any AV of their choice.
[attachment deleted by admin]
If the detals of such dialog mention that the signature is Ok (signature validation made by Windows) would you mind to update the bugreport topic with such screenshots?
If there is an issue with D+ signature validation (thus causing differerent results from windows signature validation) it should be fixed and perhaps the screenshoots would make this more blatant and easy to confirm at glance.
In that case it would be probably needed to attach the affected executables as well as this looks like something specific to Blizzard signed executables.