I have a problem similar to that described in #100 but with the CISCO vpn. I get a popup stating that vpngui.exe refuses to communicate with CPF if I have OSMODE=3 but not with OSMODE=0.
Bob
After playing with the new version for 30 minutes, here are my comments/suggestions at the moment.
- If I were to turn off Application Monitor in Comodo, the following will happen:
http://swg.fg.bz/comodo/Comodo2.png
As you can see, I cannot uncheck any boxes in the Application Behavior Analysis section yet still it’s enabled and I cannot flush DNSes.
(This even applies if the switch is on “Allow All”)
- Does the stateful inspection rules always have a priority? If so, is it possible to put them in the Network Monitor so I could place some rules that I want to explicit allow/deny. (Such as the one below)
http://swg.fg.bz/comodo/Comodo1.png
-
In Network Monitor, add an option that allows the user to specify description for the rules. (If they allow IP in packets for an IP for example, they could then know what machine it is for instead of remembering which IP is which)
-
Add checkboxes in Network Monitor that allows the rules to be easily enabled/disabled without having the move rules all the way to the bottom (below the block rule - this is useful since users could then test rules or turn a trusted zone into an internet zone fairly quickly)
-
Possbily add “grouped rules” if a rule matches some packet description. (An example of a firewall that uses this structure is Jetico, which makes the firewall extremely powerful).
-
Allow drag-and-drop of rules in Network Monitor. (it’s a hassle if you have a fairly long ruleset and you have to click a hundred times Move down to get the rule down where you want it if you are testing rules)
-
For application monitor, add an option for “Listening/Binding”, and also give an option so that the user could customize what Zone(s) the application could bind/listen to. (Allow the application to listen/bind regardless but block incoming connections from zones that are not “trusted” for the application)
-
Add a description for outbound DNS? Outbound DNS is so common so a description should be added?
http://swg.fg.bz/comodo/Comodo3.png
-
Resizing the application window automatically resizes the columns in the subwindow, is this a bug or is this designed this way?
-
Doing taskkill /f /im cmdagent.exe kills the Comodo service, yet Comodo doesn’t restart it or it could be restarted. (The Comodo driver is still active, keeping the rules/restrictions intact though, but the user cannot configure anything until the machine is restarted to allow the service to restart)
-
In my opinion, I think the Comodo Launch Pad is extremely annoying. I found it a big hassle to have to click Show Application Window after clicking the Launch Pad icon. (This is one big reason why I stopped using McAfee after they introduced their McAfee SecurityCenter feature. I found it annoying and “bloaty”) I would recommend Comodo combine these “recommdations” in the firewall interface by adding an extra tab in the firewall’s GUI. (It would save ~20MB of RAM, anyways)
-
Although not important, maybe add a Comodo Lite version which will feature less-intensive GUI and graphics designed for people who are RAM-concious. (A lot of people wants an application that works well & fast, and the looks are not important to them.) (ex. RealPlayer - Real Alternative, QuickTime - QuickTime Alternative, Windows Media Player - Windows Media Lite)
-
Can someone tell me how the SPI is structured in Comodo? Customizable in the future?
-
For the final version of Comodo, would offline activation be possible? (Some computers use Comodo to protect their LANs, yet they don’t have Internet access)
-
In Activity → Logs, add columns to each entry so that the user could locate events more easily and not have to click on each one to look at the details. (For example, add SRCPORT, DESPORT, SRC, DES, PROTCOL etc)
-
XP Shadow for Networking Icon not showing up correctly. “On” is supposed to be “on”?
http://swg.fg.bz/comodo/Comodo4.png
Also it seems that the wizard could create duplicate rules in the Networking Monitor, but I am not complaining. 
-
Elaborate on the “Flood Detection” feature in Comodo. Could it be disabled? Does it only apply to inbound connections & established connections? What if the firewall is configured as a “stealth” firewall?
-
Possible in future version/beta? Network Monitor: Filter by protocol type regardless of ports? (Jetico has this built in as protocol rules)
-
Activity Icon (and lights) as some might have already suggested - I loved how Jetico shown green up and down arrows when there were traffic and red up and down arrows when some/all traffic are blocked.
-
ARP Poison Prevention and Detection (prevent spoofed ARP packets and middleman attacks)
That’s it for now, when I see something, I will come and report.
Sorry if any of these are already issued. (Take it as an re-enforcement if you wish. ;))
Thank you Comodo Team for such great software! Keep up the great work!
G’day memo1337,
Welcome to the forums. Excellent post - well thought out, clear, concise and reasoned!!! You should consider posting these requests on the CPF (Comodo Personal Firewall) wish list.
Comodo are an exceptional company in that they actively encourage user participation in their freeware development AND they listen to and utilise the suggestions where they will improve the product for everyone.
If you have time, have a look at https://forums.comodo.com/index.php/topic,587.0.html. This is on a development proposal they are considering, and I think it has genuine merit in both the home and commercial markets. I would appreciate any contribution you’d care to make (and that goes for the rest of you out there. ;)) Two heads are better than one, particularly if one of them is mine.
Again, welcome to the forums.
Ewen
(WCF3) (WCF3) (WCF3)
Hi,
Thank you very much for the feedback,
No this is not possible in CPF. SPI will always override.
10. Doing taskkill /f /im cmdagent.exe kills the Comodo service, yet Comodo doesn't restart it or it could be restarted. (The Comodo driver is still active, keeping the rules/restrictions intact though, but the user cannot configure anything until the machine is restarted to allow the service to restart)
If you attack CPF’s services this will be the default result. If you kill cmdagent, no connection will be allowed anymore.
18. Possible in future version/beta? Network Monitor: Filter by protocol type regardless of ports? (Jetico has this built in as protocol rules)
You can do so by creating IP rule and selecting IP protocol value.
Egemen
No this is not possible in CPF. SPI will always override.Would this change in the future or would it remain like this ummm, forever? ;)
If you attack CPF's services this will be the default result. If you kill cmdagent, no connection will be allowed anymore.I believe that the old version has some kind of protection that askes if you really want to close the CMDAgent, but in this beta, this didn't exist. Would it also smart for Comodo to restart the service as it is killed? (or maybe protect it to an extent, like the old version?) Right now the service even refuses to start when I try to start it once it is killed.
You can do so by creating IP rule and selecting IP protocol value.Ha, I see. Guess I missed that... Thanks! :D
Thanks!
Wanting to be of assistance and help out a bit, I uninstalled 2.2.0.11. Uninstall (using Add/Remove) went surprisingly well.
Then after rebooting, I installed beta 2.3. Install was truly effortless and the reboot was problem free.
Then ran every program / application / update request for applications that I could think. It all went flawlessly … very smooth indeed.
Then I edited the registry to change OSMODE from 0 to 3 and did a reboot. As reported by others and thus as I was expecting, I get a “Comodo is closing … do you want” window when I shut down or reboot. But I must observe, on a rather simple configuration such as mine 2.3 (and your new installer) is looking good. My “Event Viewer” remains clean and problem free. Nice going. 
Well, maybe this isn’t as much help as I wanted but I’ll keep pushing my system and will be back if anything comes up.
No news is good news - and in the case of a firewall log file - it’s GREAT news! Glad to hear it went so well for you. continue test,please and post any issues you find here.
Thanks in advance,
Ewen
(WCF3) (WCF3) (WCF3)
I am using the new beta 2.3 version, just installed this afternoon. Previously I was using 2.2.0.11 but uninstalled 2.2.0.11 before installing the beta. WinXP SP2 FireFox
I was on-line making a purchase. I sent a copy of the order to FinePrint 5.54. I print on-line information and screens like this on a regular basis.
Anyway, after I had printed a couple of different screens, FinePrint 5.54 apparently faulted … then quickly (seconds thereafter) CPF also faulted and I got the WinXP notice that FinePrint and CPF needed to shut down. I then found my internet connection had also been lost … and then FinePrint also crashed (very unusual … FinePrint never mis-behaves) … so I rebooted and went back on-line. I completed the order, printed several more pages without any problems this second time.
I hope this is helpful.
Here is the error message from XPs “Event Viewer” for CPF.
Faulting application cpf.exe, version 2.2.0.10, faulting module unknown, version 0.0.0.0, fault address 0x01731f58.
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 63 70 66 ure cpf
0018: 2e 65 78 65 20 32 2e 32 .exe 2.2
0020: 2e 30 2e 31 30 20 69 6e .0.10 in
0028: 20 75 6e 6b 6e 6f 77 6e unknown
0030: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0038: 20 61 74 20 6f 66 66 73 at offs
0040: 65 74 20 30 31 37 33 31 et 01731
0048: 66 35 38 0d 0a f58…
and HERE is the error message for FinePrint 5.54
Faulting application fpdisp5a.exe, version 5.54.0.0, faulting module unknown, version 0.0.0.0, fault address 0x024f1f58.
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 66 70 64 ure fpd
0018: 69 73 70 35 61 2e 65 78 isp5a.ex
0020: 65 20 35 2e 35 34 2e 30 e 5.54.0
0028: 2e 30 20 69 6e 20 75 6e .0 in un
0030: 6b 6e 6f 77 6e 20 30 2e known 0.
0038: 30 2e 30 2e 30 20 61 74 0.0.0 at
0040: 20 6f 66 66 73 65 74 20 offset
0048: 30 32 34 66 31 66 35 38 024f1f58
Think I found an issue.
The beta blocks PDA syncing with MS ActiveSync 4.1 and above. Even allowing all applications access, and replacing the default “block all IP in” network rule with an “allow all IP in” rule does not work. Nothing shows up on the log as far as to why the connection isn’t successful. Setting Comodo’s overall security level to “Allow All,” however, lets the PDA sync.
I read earlier that SPI rules are always enforced, and not modifiable. Do we know if this is a set thing?
Do a search for ActiveSync. Egemen has done apost that outline the particular requirements to get this working with CPF. There were a couple of ports you had to explicitly allow.
HTH Ewen
Thank you for your reply. I may not have been clear in my original post. I explicitly allowed all ports. I also logged blocked activity. Nothing showed in the log.
As an update, I think the issue is a bit more complicated than I thought, as it seems to not occur consistently. Trying to narrow down precisely when it happens.
I realise that you have allowed ALL ports, but apparently you stil have to explicitly ALLOW the specific ports for Active Sync. Dunno why, but Egemens response seemed to indicate this, and he’s the man!
Ewen
Just a question, will the final version of CPF 2.3 require us to uninstall our current version? Or will it just update like usual?
I actually tried opening just the specific ports before I opened all ports. I didn’t want to particularly leave all ports open, and only did that after opening the specific ports didn’t work for the purpose of testing. The results were the same either way.
Just to update…
Turning off high-performance mode seems to get rid of the problem, as far as I can tell so far.
I’m actually going through the application behavior rules to check if any of them are the problem; it is HORRIBLY frustrating that blocks due to app behavior rules don’t show up in the log, so I have to troubleshoot by turning them on and off one by one. An option to let those show in the log would be a FANTASTIC change.
Out of curiosity, am I right in posting bug fix/suggestions as replies to this thread, or was I supposed to start a new one?
Hi!
I noticed, Melih, that you said we need to uninstall previous CPF before installing the beta. Is there anyway of retaining the existing configuration/rules, etc?
Clem
Since installing 2.3 I suddenly noticed that the Max Log Size setting is not being remember between reboots, it always resets to 5MB.
In addition, log file entries also disappear between reboots. However, this doesn’t seem to be consistent, since some entries are remembered. I can’t see any pattern at this point.
I tried stopping CPF manually before rebooting and playing with OSMode’s 0 & 3. But, this had no impact on the above.