I was browsing and posting on a forum that I go to frequently, when I noticed the firewall taskbar icon disappeared. I checked the task manager and cfp.exe had been closed, but cmdagent.exe was still running. I figured it was just some rare bug so I just restarted my computer. But then, the same thing happened again on the same forum days later. I finally put it together that someone got my IP from the forum and hacked me via my browser (Opera). I immediately started looking for a new and safer browser. I’m currently using Comodo Dragon and I LOVE it.
My question is, since the hacker was only able to shut down cfp.exe and not cmdagent.exe, how vulnerable was my machine with cfp.exe closed? I did a test and made a rule for my browser to block everything to see if it still applied with cfp.exe closed and still blocked my browser from going on the internet. So I felt alot better knowing there was at least some protection still with cmdagent.exe open and cfp.exe closed.
But I’m still paranoid as to how much protection there was if cfp.exe was closed. So to summarize erverything into one question, how much protection is there with cfp.exe closed and cmdagent.exe still running and what could the hacker possibly done during that time.
I also highly recommend everyone who reads this to use the Comodo Dragon browser so this doesn’t happen to you. Thank you
Made a paragraph structure for an easier read.Eric
cmdagent.exe is what does all of the work in the firewall. Cfp.exe is the user interface. You are still fully protected without the user interface, you are just unable to interact with the firewall in any way.
May I ask why you feel it was hacker activity that caused cfp.exe to exit?
If the hacker would have had access to terminate cfp.exe then the hacker would also be in the position to take down the much more important cmdagent.exe. With cmdagent.exe down the hacker would have full access to your system. It’s odd he did not go for that.
If it is a forum you spend many hours on it is likely that when a crash happens you may be visiting that forum.
You assume a forum may have leaked your IP address. If that was the case then the hacker could visit you anytime (assuming your IP stays the same (for a lot of people with broadband access their IP address is semi-fixed)). Why would the hacker wait until you log back in to that forum when he has your IP address?
You can have the web site scanned with [url=http://siteinspector.comodo.com/online_scan]Comodo Site Inspector to see if malicious activity is reported.
Because Comodo Firewall has never just shut down randomly like this, and it only shut down when I was on the forum. At first like I said, I thought it was just a random crash, but it happened twice so I had to assume my browser gave them access to my PC.
Because my browser is there only way in. My system (I hope) is very secure. I have almost all services disabled, NETBios disabled, Administrative Shares disabled etc. I feel the only possible way a hacker could of gotten in is through my browser, which is a very popular target. I’m sure you know, that just because someone has your IP, doesn’t meen they can hack you. It can take alot of time to hack someone and gain access if they are more secure then most people (which I hope I am). So the only way they could of possibly got in was through my browser.
But I’m glad that cmdagent.exe is where all the magic happends and that cfp.exe is just the UI. Thank you both for your information.
Cfp.exe and cmdagent.exe may crash for no immediate apparent reason.
In case of an exploit the buffer overflow detector would likely have kicked in.
Do you spend a lot of time at that forum? If so it could be coincidental. I spend a lot of time here at the Comodo forums for obvious reasons.
Because my browser is there only way in. My system (I hope) is very secure. I have almost all services disabled, NETBios disabled, Administrative Shares disabled etc. I feel the only possible way a hacker could of gotten in is through my browser, which is a very popular target. I'm sure you know, that just because someone has your IP, doesn't meen they can hack you. It can take alot of time to hack someone and gain access if they are more secure then most people (which I hope I am). So the only way they could of possibly got in was through my browser.
Opera is not a common target for the hacking community making it less likely you would be compromised. I always run Opera Next snapshot builds. The ultimate security by obscurity....
But I'm glad that cmdagent.exe is where all the magic happends and that cfp.exe is just the UI. Thank you both for your information.
Please check the forum against a service like Comodo Site Inspector to see if there is something malicious running there. In case that is the case I strongly urge you to inform the forum admins about it.
I do spend sometime on there, its just I’ve been using Comodo Firewall for a couple of years now and it has never once closed down like that, and when it closed twice while on the forum I became very suspicious.
I used Opera for that very reason, I knew it wasn’t a very popular browser and would be less likely a target to hack. But after this incident, I did some research and came across a site called www.browserscope.org. They give very detailed reviews and benchmarks for browsers, and Opera was sadly ranked pretty low on there security check. The highest ranked browsers were Chrome based. Since I’m not to fond of Google’s privacy policy, I instead chose Comodo Dragon, which scored the same as Chrome (for obvious reasons).
I was also using Opera Next as I like using betas. I hope Comodo Dragon does the same as Chrome someday with there canary builds and beta builds. I just love to test drive betas. But, if you’re telling me Opera Next is more secure and hacker proof then Comodo Dragon, please let me know. I always want to be using the most secure software on my machine. I thought to myself, “Comodo is the best firewall in the world, so there browser must be the best too”, and according to www.browserscope.org, this is very true. But if not, please let me know.
Also, about the Site Inspector, I removed that extension because I just simply don’t like having extensions, but you made me think twice about it and now I want it back lol. I didn’t just disable it, I removed it, I did a quick search and can’t find where to download it again. How can I get it back?
I cannot tell for 100% whether Opera Next is more safe than Dragon nor can I proof it. But given the fact that test builds are a more of a moving target than stable builds and Opera is only a small player I believe it is less likely to be targeted.