I think I found a flaw

Hello. I dont know where I post this so, Im posting here. If its wrong please move this topic. :wink:

Here’s the flaw: I thought comodo firewall wasnt notifying me about outgoing access, so I tested all policies to make it alert me of everything, I even removed all default entries in firewall list to make it alert of any outgoing access.

So, at a latest test, I installed Tuneup Utilities 2007 with a fake serial number, and waited comodo to alert me the silentupdate.exe of tuneup try to access out.

The silentupdate accessed out but comodo didnt notified me. How do I know? Tuneup blocked my use of the program because of a fake serial I entered, and that it can only make if the program (tuneup) access the update server of the company.

I forgot to tell: my pc is an Athlon XP 3200+, Asus A7v600-x, 1gb ddr ram 400mhz, hd 40 gb, windows xp sp2, comodo pf 3.0.14.276, avira antivirus 7.06.00.270

And I know silentupdate should be silent, but I explicit detailed in the firewall that I wanted to be alerted.

Another thing: if I block it, tuneup dont recognize it as a fake serial and no alert is showed in firewall log ( as I configured to show too ).

One probable explaination for this is that Tuneup Utilities 2007’s silentupdate.exe is in Comodo’s safe list (not a fact, I’m just guessing here), and the Firewall Security Policy was set to Train with Safe mode when the application was launched. If that’s the case, then Comodo automatically created the necessary application rule(s) and allowed silentupdate.exe’ outgoing connection(s). That’s how Train with Safe mode works.

If it’s possible to run the same test again (not sure if you can revert Tuneup Utilities back to the non-blocked state), you should do it in Custom Policy mode. You should also delete any network rules for silentupdate.exe in Network Security Policy before running that application.

Thanks for answering, but I always run in Custom Policy mode, I deleted all entries rules and unchecked the “trust comodo signed applications”.

I think comodo is still with the problem of a program running under other program because this silentupdate runs when I’m running another instance of tuneup ( the integrator.exe ).

Could anybody do this test again? I did again and the result was the same. Another thing is, if I delete the silentupdate it works too ( tuneup does not identify as counterfeit software ).

Interesting. I installed the trial version of TuneUp Utilities 2007. When I clicked Update, I got two consequitive alerts for UpdateWizard.exe: the first was UpdateWizard trying to establish an outgoing HTTP connection, the second one was UpdateWizard trying to reach my localhost proxy (probably looking at IE’s settings for that). I blocked both, and got an error from TuneUp saying updates couldn’t be found.

I understand you were talking about something else. So, can you PM me (don’t make it public) that fake serial number so I can try to do exactly the same thing you did, and see if this issue is reproduced?

Firewall event log never shows ALLOW. It ONLY shows BLOCK

To allow a test site to route trace me I added a Global Network rule.

The rule was "Block and Log ICMP Echo Request.
Pings were still Blocked, and each block appeared in the Firewall Event log.
I then edited the rule, from “Block and Log” to “Allow and Log”

This allowed Pings, BUT FAILED TO LOG, so I could not see the IP address of what pinged me.

Alan

allcooll,

I installed TuneUp Utilities 2007 - the russian version 6.0.2311, and used the serial you PM’ed me to activate it. I can’t replicate your issue. I have no problems switching between utilities and using them. The only time TuneUp tries to connect to the internet is when I click Update. Comodo alerts me of the UpdateWizard.exe’s attempt to establish an outgoing connection (which I block), TuneUp returns an error (couldn’t find updates…).

What version of TuneUp Utilities are you using? May it be that the “fake” serial has been black-listed and the version you use already knows about that?

Im using this version but in english. It takes some time to tuneup “discover” the fake serial. Updatewizard really tries to access the internet but is easily blocked. The one im talkin about is the silentupdate.

I think it only access after the 30th day ( after trial-end ) because when I get alerted about my counterfeit I dont have anymore options-> buy or die ;D

Oh well, I will try a more objective test ^^. thanks for trying =)

allcooll,

Maybe this will help:
Set your D+ to paranoid mode. Then remove all entries of TuneUp’s executables from D+ security policy. Then repeat your “test” for silentupdate. This time there should be alert that one of executables of TuneUp Utilities tries to execute silentupdate (in this case choose “block and remember”).

Hi Guys,

i have TuneupUtilities 2007 - german version 6.0.2311 with a FULLY ORIGINAL KEY (i bought it)
and i have the exactly same problem as allcooll. :o

D+ ist switched to off
Firewall mode is “Custom Policy Mode” (and there a no rules which could allow this progamm to update)

I HAVE THE SAME PROBLEM WITH ADAWARE 2007 (NEWEST VERSION)

The firewall didn´t even asked me if i want to allow a request… :o

If you have properly set up network security policy, i think there is only one way to solve this problem: D+ must be enabled.

No! I don´t want to enable it, cause i dont need D+. I have my kaspersky antivirus… :wink:
Just want a Firewall.
And the old 2.4 version from Comodo showed me every connection request from EVERY application :-\

Kaspersky Antivirus could be the cause of the problem. I don’t know about prior versions, but KAV 7 has that “Web Antivirus” component that intercepts HTTP traffic (actually, any traffic on ports you specify in it’s options) and routes it through it’s real-time scanner. It does so before Comodo notices something, so to Comodo it looks as if Kaspersky Antivius is the one initiating all those connections. Check the Active Connections next time you’ll be updating your AdAware or TuneUp to see if there is any network activity for Kaspersky’s executable.

ok you are right. avp.exe (kaspersky) seems to generate the trafic when im browsing through the internet (http).
i disabled the web antivirus from kaspersky, but comodo still didn´t notified me about the update request from tuneup and adaware.

can someone tell me why the old version from comodo 2.4 showed me all requests ???
(:SHY)

I noticed one thing: if I allow a program to access internet but make it not remember the rule, the program can access and comodo does not show any evidence of it.

I think on the newer version should be a “temporary rule” menu on firewall.

Oh, I use D+ disabled and sometimes D+ activates if a program tries to modify protected files.

Well, as I know, if its disabled it should not do anything, right? Thats another strange thing about comodo d+.

On the case of tuneup I’m really amazed. I cant find out when it access internet because the couterfeit notify occurs when I try to use file cleaner then registry cleaner ( the program blocks and makes me go online to buy a license ) but it doesnt do it when I delete the silentupdate.exe in the tuneup folder.

Please, I’m not trying to use tuneup without paying or teaching how to use it without buying, what I’m doing is for educational purposes or in this case, try to find this flaw in comodo, or in MY comodo firewall. (:KWL)

And thank you all for posting (:CLP)