How is a blocked application "calling home"?

Webshots should be blocked from contact with the Internet by the settings shown in the screen snapshot below, shouldn’t it? If additional settings are needed, would appreciate advice about where they are.

The screen saver application is connecting somehow. A pop-up window that only opens when it contacts the site opens intermittently and at random times. If it was “Allowed” to call home it would open at every boot, but it does not.

Red asterisks (*) are inserted to the left of its components.

Hi onDvine, welcome to the forums.

Maybe, but quite a few applications call your default browser to gain Net access. So, you’d need to stop both of those applications from being the parent of Firefox as well I suspect, to be certain.

Thank you, kail. :slight_smile:

Can you direct me to instructions for doing that, please? Or would it block me from going to the site using Firefox?

The “parent” concept is not a part of Comodo I understand so if you can provide a link to a description/explanation, too, it could only help.

I appreciate your time and attention.

Right… oh dear, its been awhile since I ran CFP2, so you’ll need to help me out a bit (unless someone jumps in saves me).

Parents… yes, it is in there. CFP2 blocks leaks & that often involves parent/child process relationships. I note that you appear to have duplicate Firefox entries in the Application Monitor, some of these may well be for different “parent” processes. I think CPF2 has settings like “Learn parents” for each application, edit each Firefox Out entry & see what those are set to. But, I’ve just noticed that WebShots seems to be a SCR (ScreenSaver)… unfortunately, these often use RUNDLL to call other applications (like Firefox) & that might be a bit tricky. Do you know the circumstances surrounding WebShots calling home or is it more of a suspicion?

An easier approach might be to delete all of WebShots CFP entries, run it & then watch (and block) as CFP pop-ups with the new attempts made by WebShots to gain Net access.

Will check that out.

... Do you know the circumstances surrounding WebShots calling home or is it more of a suspicion? ...
It's a certainty rather than a suspicion. As I said above:
... An easier approach might be to delete all of WebShots CFP entries, run it & then watch (and block) as CFP pop-ups with the new attempts made by WebShots to gain Net access.
I've done that a couple of times during the last few months but the block setting doesn't stick. I boot daily and may go several days before the window pops open again but eventually it does. It does not do it at booting, which is when the application is programmed to call home. So Comodo IS blocking it then.

Edit: I just changed the setting on the Launcher to skip the parent check. Perhaps that will make a difference? None of the Firefox entries appear to be connected with Webshots.

I've done that a couple of times during the last few months but the block setting doesn't stick. I boot daily and may go several days before the window pops open again but eventually it does. It does not do it at booting, which is when the application is programmed to call home. So Comodo IS blocking it then.
I'm not sure why CFP isn't remembering the block, unless WebShots uses a dynamically named process to perform the connection attempt (might decide a start-up what to call the process). Can you remember what the CFP pop-up is actually referring to? Might be an idea to grab a screen shot of it the next time you see it.. so you can post it here. Also check CFPs Log to see if there are any related entries.
Edit: I just changed the setting on the Launcher to skip the parent check. Perhaps that will make a difference? None of the Firefox entries appear to be connected with Webshots.
It really depends on what Launcher actually is. But, it sounds the wrong way around to me.. I think you should be interested in what can be the parent of Firefox, rather than Launcher. But, don't set Firefox to Skip the Parent Check.. that's sort of the opposite of what we want. Parent process.. does CFP2 allow you to specify the Parent process? If so, add multiple Firefox entries (Block IP Out) for both processes (WebShots & Launcher) as parents. But, this is really dependent on what the CFP2 pop-ups relating to this are about & if WebShots is using RUNDLL (might be OK) or a dynamically named process (trouble), it might be a little more difficult.

That was what I looked at in the various Firefox entries. Nothing was related to Webshots.

... don't set Firefox to Skip the Parent Check.. that's sort of the opposite of what we want. ...
I didn't. I set the Launcher to skip the Parent Check. Webshots.scr was already set to skip the Parent Check.
... add multiple Firefox entries (Block IP Out) for both processes (WebShots & Launcher) as parents. ...
Will give that a try, as well, if skipping the Launcher's Parent Check doesn't stop it and I can figure out how.

Thanks!

It looks like skipping the Launcher’s Parent Check may have stopped it. :slight_smile:

I hate to ask, but since your security is my concern… I will. :slight_smile:

Stopped Launcher phoning home or CFP alerting you to it?

Thanks for checking back. Here’s a screen snapshot. Can you tell which I did by looking at it?

The alert (or pop up message) is generated by Webshots and not by Comodo. If it was still getting through, I’d still be seeing Webshots’ alert, wouldn’t I?

The rule you posted, blocks Launcher using either TCP or UDP In & Out (the direction isn’t clear in the image, but given the length of the squiggle, I suspect it’s “In/Out”) and it doesn’t matter which program started Launcher. Looks good to me. :-TU Obviously, it could be a little tighter if you changed “TCP or UDP” to “IP” (which means TCP, UDP & everything else)… but, that might be a bit “belt and braces”. :slight_smile:

Yes, the squiggle’s length indicates “In/Out.” :wink:

The “IP” option isn’t accessible in that view, but isn’t it covered by the setting in Destination IP tab shown in the screen snapshot below?

IP (or perhaps “IP All”) not on the Protocol drop-down list? Wow… my memory of CFP 2 is even worse than I previously feared. :smiley: I miss my W2k system. :cry:

No, the screen shot you posted is for specifying a destination IP (as in IP address, rather than the IP Protocol).

So, you’re good to go as you have it. :-TU

Nope. Just “TCP,” “UDP,” and “TCP or UDP.”

... you're good to go as you have it. :-TU
That's reassuring. Thanks again for making sure.

No problem, glad I could help.

Me, too. When you said:

I was a little worried! ;D

Have a good one, kail.

Oh dear? Ah… no, that wasn’t about your specific issue… that was me wondering if my brain was up to the task of helping you (not run CFP2 for over a year now). :slight_smile:

Have a good (and secure) one, onDvine. :slight_smile:

edit: PS Sorry, I didn’t mean to worry you.

I knew that. :wink:

... I didn't mean to worry you.
No problem. It was only the littlest of worries. Webshots isn't a malevolent application; it's just a PITA that it's programmed to call home.