Just wondering if anyone knows how to configure Comodo Firewall to specify rules for temporary / transient programs?
I have a VPN that writes a new copy of Ruby each time windows starts (written into a new, randomly named folder in the windows temp folder). So, every time I start up I have to redefine the rules for the program - and, the previous ruleset becomes obsolete and just piles up in the definitions list.
You could just go into the old rule and change the file location. v6 (latest version) does not allow wildcards in the file location string; I believe v5 does though so that may be an option for you. In both versions you can ‘Purge’ the firewall rules and the old entries will be removed.
Out of interest, does the application allow you to specify where the temporary files are created? If so, you may be able to create a specific folder for these, create a file group within CIS, then use file group in the firewall rule.
I noticed that it always creates a directory according to a specific format in the temp directory - that is …/temp/ocr3fec.tmp/bin/rubyw.exe
The “ocr” part of the transient directory always stays the same, the characters after are randomized (i.e., the “3fEC” part in my example). So, I tried specifying a wildcard () in place of the random characters, like so… […/temp/ocr.tmp/bin/rubyw.exe].
It didn’t work. Comodo seems to just ignore the entry and still asks every time what I want to do with the new instance of the program.
From what I can see, this seems to be a known problem with the PIA VPN. There are a number of threads on their forums regarding Outpost, Zone Alarm and Comodo and these temporary folders. Out of interest, when you were trying to create your exclusion rules, which method did you use, as I’m wondering if it may be possible to use the Protected File/File Groups feature of D+, which seems to support some basic RegEx commands. Once you’ve created a new file group, it will bea available for selection from within the firewall.
Initially, I just clicked the option to ‘remember’ my choice when the firewall alert popped up. Then I tried going in to the Network Security Policy / Application Rules / Add… (also did basically the same thing in D+).
[s]I’ll try the Protected File/Groups in D+.
This might take a while. We’ll see…[/s]
Okay. I tried every iteration I could think of. The Protected Files/Groups doesn’t seem to work either!
I just tried your syntax exactly (as …\temp\ocr**). Still doesn’t work - that is, I still get pop ups from Comodo asking me what I would like to do.
To note: when I first tried your syntax (as well as other forms) it DID appear to work, at first. That is, when I started the VPN, Comodo seemed to remember my preference and didn’t pop up any windows. Great. Until I restarted windows. Every time windows is restarted it reverts right back to asking/pop ups, as if there were no defined preferences/rules.
To be clear - this approach does ‘half’ work, as the rules seem to be remembered after windows has started. That is, even if I don’t check the ‘remember’ box, Comodo doesn’t pop-up/ask me what to do afterwards when I start the VPN service - but it still does ask when starting windows (it asks about pia_manager.exe, and rubyw.exe - both of which have defined rules and are in the Protected Files/Group).
I’m not even sure how/why PIA is starting when windows boots. I couldn’t find an entry for it in msconfig, or services.msc.
Slightly more confused now than when I started - but apparently ‘half-way’ there
P.S. - I’m not sure if this means anything, but pia_manager.exe seems to change file size…
I’ve seen it (via windows Properties window) as 89.5MB on disk and 0Kb in the Details tab, and then a few minutes later as 8.75MB on disk and 8.75MB in the details tab. This seems odd to me.
Update: I just found an entry in windows Task Scheduler to start pia_manager.exe on windows boot with the option “–startup”. I’ll try disabling this to see what happens…
I really didn’t expect this, but it seems this solution isn’t a complete fix.
It is still working perfectly fine on my computer, well, on one of them. When I duplicated the process on my other laptop it doesn’t work at all.
I’ve double and triple checked to make sure the configurations are exactly the same, step by step.
At this point - on this computer - even the launching application, pia_manager.exe, won’t observe the D+ rule I have created for it (set to “Trusted Application”). I also have it in a group of Protected Files/Folders. It seems to completely ignore anything I define for it in Comodo.
So, on this computer, I’m back to clicking through 11 (!) Comodo prompts to get the VPN started each time.
You could try exporting the configuration from the PC and them importing it at the laptop. Once imported you can activate it and test… You can always switch back to your current configuration - probably a good idea to make a copy of it first.
I just found something interesting, which I haven’t been able to figure out.
The fixes are still working for me, no problem. But - I just set up a UAC workaround (via windows task scheduler) so that when I start the PIA program I don’t have to answer every time to allow the program…
What happens now is: when I start the program via the UAC workaround shortcut Comodo seems to ignore all the settings/fixes that were working so perfectly before. And if I go back to just using the old/normal shortcut (which brings up the UAC prompt) it works fine again.
In short: old shortcut works, UAC bypassed shortcut doesn’t work.
As far as I can tell the UAC bypass shortcut has exactly the same details as the normal shortcut. What could be happening? What might I be missing?