the same for me - on ‘Clear PC’ mode. I downloaded ‘Comodo Parent Injection Leak Test Suite’ (after installed CF, so test files was NEW) - no questions from CF or D+, just answer from Comodo homepage: “Your firewall didn’t pass the test and transmitted information to our website. Get Protected. Download Comodo Firewall Pro Now.”
But when I try to delete those ‘viruses’, D+ freezes about minute and then alert: “Total Commander trying to change protected files…” ok, but Total Commander IS set as trusted application (instead of CPILSuite.exe) .
OK, 'Train with Safe Mode" pass this test, but too many questions about TRUSTED applications in this mode.
Even with the three alerts you have, none of them mention that wallbreaker is trying to launch or use your browser. So, if it’s not trying to access the screen, and it’s not automatically detected as malware bahavior, and just goes for your browser, doesn’t that mean it would get through?
I think that CFP3 relies on its Defense+ for a lot of the checks that made v2 so impregnable but that also annoyed so many average users. Trel, the only thing I can think of is that you already had the leaktest in your hard disc before installing CFP3, and you left D+ in its default “clean pc mode”, so it considered safe anything already in the system at the time of installing. I think that if you look in the computer security policy for the rules concerning the leaktest (generated by the clean pc mode), delete them, then switch D+ at least to “train with safe mode”, you should pass the leaktest.
I also miss the parent check. It may be the only thing I dislike about v3.
For example, when I click the www.7-zip.org button from 7-Zip’s “About…”, it launches Firefox without asking me. I really don’t like this behavior and I can’t find any way to prevent it. Blocking 7zFM.exe (7-Zip File Manager) itself won’t help at all. I need to define it as a blocked child of Firefox (which is not possible).
This is not a reason for me to revert to v2.4, as I think Defense+ is very powerful. But it makes me wonder what kind of control there actually is in CFP 3, concerning outbound connections. Just because I let Defense+ allow a program to run, doesn’t mean I want the program to have the right to start Firefox.
Gotta put this up on the wish list, if it hasn’t already been done.
Regarding toggie’s response showing the 3 alert popups from CFP3 and Trel noting that none of them alert that iexplore.exe is being called by wallbreaker.exe:
Even if there were a program launch rule to allow wallbreaker.exe to run, that doesn’t mean you want to let it call iexplore.exe. The parent-child (which was denoted by Application and Component monitors) is gone from CFP3. Too bad. It permitted control that the forward-looking only access rights options cannot regulate for firewalling. You might have a child program for which you decide to permit one or a select few callers to execute it but you don’t want every program to be able to call it. Also, you might not want a parent program to be able to execute a particular child program but allow it to execute others.
I was looking at Online Armor as a replacement for CFP3 (because it is simpler to use and doesn’t separate firewalling rules into outbound app rules and inbound global rules, just app rules for in, out, or in/out connect requests). Alas, it also doesn’t regulate which parent can call which child to make a connection. So now I’m looking at CFP v2.4 to regain the parent-child control and using ProSecurity for HIPS (I gave up on AppDefend because its author has abandoned the product and System Safety Monitor can be too easily disabled by the new breed of unhooking malware).
So HIPS got added to CFP in version 3 but, alas, we lost the parent-child control that was in version 2.4 for firewalling.
“Antipate”, do you mean anticipate? If so, I have no idea. I can’t understand why this feature has been removed from CFP 3 in the first place. :-\ If anyone knows a way to actually get parent-child control, I’d be happy.
Perhaps it’s possible to make custom Defense+ rules for all conceivable “children”, preventing them from executing other software (like the internet browser)? But still let them run? I think I can recall that there is such an option. (I won’t be using a CFP 3 equiped machine for the next 10 hours)
The first screen shot, I’ve never seen such an alert?