I have reached the point of complete frustration with Version3..

Hi to All,

I have Version

This version is so intrusive that it allows almost nothing on the computer to function. The worst example is that it will not allow Norton Corporate Antivirus to complete a virus scan. It constantly asks for permission for everything Norton wants to do completely stalling the process.

If I am running a full screen game, it comes up asking for permission there, causing the game to crash to the desktop.

It constantly asks for approval on the same question, telling it to remember my answer has no effect on it.

It puts me in the position of having to close the firewall to allow the computer to complete its authorized tasks.

Version2 had virtually none of these problems. How could Comodo have taken such a large step backwards?

Is anyone else having this experience?

I am having similar irregularities with SAV as well. When SAV updates the existing definitions are merged with new files by copying to a new folder. In the process, all of the executable files in the definitions become pending files. Moving your pending files to safe will probably solve the problem, but its a PITA, must be done manually each day after the update, and this ought not be necessary.

Make sure the updater components are subject to updater/installer security policy under defense+ and list Symantec as a trusted software vendor. It might help, but the executable components of the definitions will show up in pending files daily. I do not think that there is a complete fix for this.

Perhaps Comodo will provide a way to modify this behavior.


I don’t know if we are speaking of the same thing or not. I agree when definitions are updated by Norton it requires approval, but this is during a scheduled weekly system scan that the problem arises. Even if there are no new definitions, the virus scan cannot function if the firewall is running. It will ask for thousands of approvals for every single thing it does.

But it isn’t just Norton, it is virtually every program I have. If I put a disc in the drive, it asks for permission to run it - even if that approval has been granted dozens of times before. It wreaks complete havoc with online gaming - which in my view is just when it is needed the most.

This never happened with Version2. I admit that Version3 has many improvements, but it’s inability to “remember” an approval makes essentially non-functional from any real perspective.

Either that or I lack some basic understanding of how to operate it. But if that is the case, given that I had used Version2 for at least a year - it doesn’t say much for how they designed the interface. And, while I am not one of our programmers, I do work for a software company - so if it’s got me fooled…not good.

By the way, it is running in “Train with Safe Mode”. Am I in the wrong mode?

Thanks for you comments

I have the same thing with AVG Free (and also Copernic Desktop Search). CPF3 just ignores any previous policies for most (if not all) of those products, and keeps on generating new Network and Defense+ policies. I have to stay in training mode to avoid drowning in prompts. And I still get gazillions of Defense+ or Firewall “is learning” popups. Just to see what would happen I have made policies defining the AVG and Copernic components as Blocked (Network) and Isolated (Defense+), which SHOULD keep the products from running at all. Does not make a difference. CPF3 ignores those policies runs the components anyway, and keeps generating new policie (or new popups if I go out of training mode). Except for one component of AVG (the on demand scan), where CPF3 honors the Isolated policy. But if I define that component as Trusted, the policy is ignored and I get the multiple “Defense+ is learning” popups. It may learn, but it pays no attetion to what it has learned.

The same thing happens sometime with Firefox, depending on how I start it after I boot up.

I’m running XP Pro, SP2. If I can’t get this solved soon I’ll drop CPF3 and go back to CPF2 and ProcessGuard.

Have you tried playing with the firewall behavior settings and the defense+ settings. For the firewall behavior settings, as well as selecting modes you can adjust the alert level between low and very high. And going to the Network Security Settings and changing them from “custom” to “Web Browser”, “trusted”, etc can cut out a lot of popups that change the custom rules incrementally.
For defense+, similar can be done with the Defense+ settings by going to training or clean pc mode. You also have a lot of control by going to D+/advanced/Computer Security Policy for programs that generate a lot of popups by switching them to “trusted” or “windows system”, or by selecting the custom policy and edit/access rights and allowing whatever is generating the popups. Don’t know what is causing some users CFP to learn easily and settle down with almost no popups vs constant popups, but a little editing of the policies can certainly help. I think it is true that some things, like executing another program, don’t get learned unless you edit the custom policy to updater/installer (or maybe Windows System Application) but it may be also that some of the safe program policies aren’t quite right, still subtle bugs, … . Check the popups to see what they are telling you, and whether it is different from run to run so you can edit if desired.
I am currently using custom policy and high alert, train with safe mode and almost never see a popup. When I install a new program, I select “updater or installer” with the first popup, then allow switch to install mode until finished, and usually don’t see any other popups. I have also gone through the policies for the Firewall and D+ and done a little editing where appropriate. But some are having more problems with this and others, and until next version of CFP3 don’t know how comprehensive the efforts to improve CFP3 out of the box will be.


My system with Comodo 3 has quieted down, and I believe I understand how to work the settings. However, when SAV updates it copies its definitions, which include executable files, to a new folder and merges in some new definitions. This causes the exact same executables to wind up in pending files after each update. I don’t know if my AV is working right due to the restrictions on these files and I am not totally sure if I know how to find out.

Perhaps you can suggest a work around to be assured that pending files run.

Its nuts to have to check the pending files when you have not changed your system. Some way to fix this is needed. This behavior is likely to be the same with all Symantec AV products and that is about half of the market.

From another post, I’m not sure if this will help but…

I usually allow a few temporary file to be downloaded and check "remember my answer". Then I go to Defense+/Advanced/Computer Security Policy and I find the application. I double-click on the application and go to Access Rights and click Modify for "Protected Files/Folders". Let's say I had allowed three downloads that resulted in the following entries:

I would delete two of them, and change the other to:

This allows the application to save any file it wants to c:\SomeUserDir\SomeApplication\files.

Don’t know whether both adding the executables (running or just files?) to “my own safe files” and making Symantec a trusted vendor will help, but don’t see other options in the current CFP3. The help file hints that adding them to the safe files might do it, along with maybe switching D+ to training mode, but haven’t tried it.

I have defined the virus scanner on my system as a Trusted Application. Otherwise, whenever it tries to scan any Protected Files/Folders, there will be alerts generated. The suggestion about using a * to allow files to be created in a folder will work (if the program creates folders, you will have to go up one level on the path - eg if you have a path of c:\SomeUserDir\SomeApplication\files\xyz123.cab, then you would have to alter it to c:\SomeUserDir\SomeApplication* to allow new folders to be created). I don’t know if that will avoid having the new files listed on the Pending Files list. It would be useful to know, so if someone does this, would you report on the results, please?
The Pending Files list does not prevent files on it from running. It is only a list of new files that have been created on your computer. If they are executable files, then when they run, pop-up alerts will be created unless you have defined them as safe or assigned a policy to them earlier. The list is mainly to allow you to monitor new (and potentially hazardous) files created on your system. If it is not something you want to monitor, just select all files and click on Remove to clear the list.

One final comment - AndTheWolf: what version of CFP are you using? There was trouble with an earlier version not remembering rules created for an application, but that was fixed in the more recent version (v Also, if you want to turn off the “learning…” balloons, click Miscellaneous>Settings>General tab and uncheck “Show the balloon messages”.

How does a file in pending files have a policy assigned to it earlier?

i think you should tick “treat this application as” ===> trusted application for this case (and tick “remember”). simply allow & remember won’t work.

I’m also running, AnotherOne. Suppressing the “learning” balloons would help cosmetically, but would not stop CPF3 from creating tens of identical Network Policies and hundreds of identical Computer Security Policies (which means hundreds of redundant registry keys), none of which is honored.

I know how to set the policies. And they work for MOST products. But for the two I’m complaining about nothing I do helps. With AVG when I first had the problem the first thing I did was to add everything in its “Program Files” subdirectory to “My Own Safe Files”, which should have made all components Trusted. And in Training Mode both the Firewall and Defense+ keep on creating the same cutom policy (which should also work) over and over and over.

Every other component I have run gets exactly ONE policy (with one exception), and it may get a few new rules added to THAT policy if the component accesses something new. Not so with AVG or Copernic. They get new policies each time, not new rules. Yesterday I did a virus scan of my C drive and I appear to have produced a new AVG policy for every file the scan looked at. It took a lot of scrolling for me to remove the excess policies from the Security Policy list, which should never grow anywhere near that long.

The exception is Firefox, which depends on how I start it the first time after I reboot. So far,f I use a program shortcut to launch Firefox the policies defining it as Trusted application to Defense+ and as a Web Browser to the Network are honored. If the first launch of Firefox is, for example, by clicking on a “.htm” file, or an email link, or CPF3’s own “Browse Support Forums” link, CPF3 treats Firefox the way it treats AVG and Copernic. Until I clean out the generated policies (which may or may not be required…I haven’t tested every possible combo), reboot and start Firefox from it’s own shortcut, I’m stuck with that.

Try this - worked for the same problem in an older version: go to Firewall>Advanced>Network Security Policy and locate and select EVERY rule for the problem applications and Remove the rules and click Apply. Do the same for Defense+>Advanced>Computer Security Policy - removing all rules for the application in question and click Apply. Then reboot and start the application to generate a pop-up for the application (Copernic may generate a pop-up on its own without your help). When you get the pop-up, make sure “Remember my choice” is checked and select “Treat this application as…” and select “Trusted Application” for Copernic and AVG and “Web Browser” for Firefox. This should get it working for you. I had similar problems with Firefox and in a prior version with AVG. BTW, do you use Free Download Manager? There is a modification that is needed to get it working properly if you use it. You need to add a rule to the Web Browser policy (locate and select the entry for FDM and click Edit; select “Use a Custom Policy”; click “Copy from” and choose Predefined Policy and Web Browser - this allows you to use the base Web Browser policy and then add to it). Then click Add and enter the following:
source Any
Destination Any
Source Port Any
Destination Port 21
Make sure that this rule is listed above the Block and Log rule in the listing.
The FTP policy does not work for FDM, and this works or you could modify the FTP policy for the same result.

It was worth the try, AnotherOne, but it did not help. CPF3 still refuses to recognize policy for AVG, Copernic, or (when not initially started directly after booting) Firefox. Running in training mode, even with “learning” balloons suppressed, is as good as having no Firewall or HIPS at all. I’ll give it another day or so to see if anyone can come up with a workaround or fix. And I may try to uninstall and reinstall CPF3, though I don’t have much hope for that.
After that I’ll uninstall CPF3 (cleanly I hope), and reinstall CPF2 and ProcessGuard

Have you tried uninstalling and re-installing CFP? I use both Firefox and Copernic and I have not had problems. If you do try that, turn off AVG and reboot before uninstalling and installing.

AnotherOne. That too was worth trying, but it failed. I uninstalled CFP3 as completely as possible (Defense+ off completely, AVG not loaded, Copernic not loaded, many other programs not loaded), and cleaned the file system and registry of residual references to Comodo. After rebooting I reinstalled CFP3. I rebooted again, and then reenabled the startup of AVG, Copernic, etc) Rebooted again. No improvement whatever! (I had also submitted this as a ticket, but support merely put it on hold, without even a suggestion as to possible diagnostics.) Anyway, I’m stuck back insecurely in training mode for Firewall and Defense+.

As soon as I have the time I’ll be uninstalling CFP3, reinstalling CFP2.4, and ProcessGuard Free. the combination of CFP 2.4, ProcessGuard, and Threatfire will have to do me at least until CFP3 becomes more useable.

Sorry to hear it. I guess that we’ll have to hope for a resolution from your ticket or an update.

I uninstalled yesterday also. Not sure if I’ll be back. Besides the cfpres.dll problem, I was also having a problem with it intermittently blocking my wireless connection (which was impossible to troubleshoot because it was intermittent). And a problem with files piling up in the review window no matter how many times I sent them to Comodo. And a problem with repeated prompts from programs (updaters etc) even though I had designated them as safe and/or installers. Too bad, it WAS a good product. But it’s free so I guess I can’t complain, except about my wasted effort over a few months. At least it uninstalled successfully…I think :-\

PS: For all those frustrated with V3, I have installed the free version of Online Armor and I have no issues whatsoever so far. It’s playing nice with all my programs including Avast, Windows Defender, my fingerprint reader etc. I don’t know if the free version provides the level of protection of Comodo V3 w/ Defense+ but y’know what, I think it’s fine. I def think it is a helluva lot more secure than just using Windows Firewall, which after all is what most people do (or don’t). I really doubt I’ll be back now. Good luck to everybody.

(:WAV) hi PSDF, i’ve read that online armor is a pretty good firewall too (from scott’s newsletter). i think it’s a good choice. (non expert opinion, see the sig? ;D )
err… have you tried the latest update from CFP3 ? CFP
i use CFP3 on XP SP2 along with BOC,CMF,and Antivir free. no prob at all.
the D+ pop up messages can be pretty frustrating at the first time, but now it’s pretty quiet on my comp.