I just got CPF yesterday and I’ve experienced some annoyancies already.
I followed the tutorial file that explains step by step how to install.
First I got a script error that told me it couldn’t locate the default installation directory and asked me to chose a location. (Don’t remember the exact wording) but when I was going to browse to a location to install I couldn’t find my windows partition or program partition. Had to chose my documents partition. But when I chosed that path it didn’t appear on the dialog anyway. So I just clicked ‘next’ and it installed anyway. I got really worried here that I would have to give up on Comodo already. But it seemd to have installed correctly. It’s just that I would prefer to have it installed in C:. My system is configured in such a way that those partitions don’t appear in the folder tree unless I type the path manually. I guess Comodo had a problem with that.
I’ve been getting popups about svchost and explorer.exe that wants to access the internet and a warning that it may be malicious. Yesterday when it happend I blocked it and found it killed my internet connection. So I had to shut down Comodo for awhile to be able to get back online. It really ■■■■■■ me off that I couldn’t find it and unblock it in the UI.
Today I got a warning again about explorer.exe and wasn’t sure what I should do. I chosed to block it but this time it didn’t kill my internet connection! Was it something malicious this time? ???
I’ve sent it to Comodo for analyse and hopefully there will be an update soon so the firewall excludes legitimate programs.
Now when I’m typing this I just got a warning that ‘services.exe’ wants to access the internet. Clicked to send it for analyse but get a popup saying something about a server error. I chose to block it instead.
As far as I know these programs are supposed to be legitimate. I also use Antivir and BOClean and they haven’t reported any malicious code on my computer. Hmmm… Maybe I shouldn’t have blocked them then. :-\
CPF seems to have problems with remembering that I have alowed some programs permanent access. It keeps asking me, and the same program keeps filling up the list of alowed programs. I’ve checked them in the list and found that it is different programs using those programs to access, and that’s probably the reason why they appear several times in the list. It would be better if the firewall warned about those other programs instead and that I could control their access in the UI.
This is all for now.
So many Questions! phew! Well I’ll try my best to do a good job here!
first Welcome to the forums!
I hope you are using the 2.4 version and not the 3.0 alpha! since it’s still being tested!
- For this I really cant ans I hope someone from the dev team will answer! But then again you said it installed without a problem. So we’ll go the second question!
2.svchost.exe and explorer.exe are services that come with the OS as you might already know! When a service or an application is trying to access the internet these pop ups are shown. Each and every one of us get these messages the first time we install it under default configurations. Make sure you click remember my answer to not get these pop ups over and over again (But make sure your computer is clean before that since these programs can be hijacked by malware)
And if by mistake you deny one of them you can always go to Security → Application Monitor / Component Monitor and change it to Allow or deny according to your criteria
And just blocking explorer.exe would not kill your internet connection since it’s checking which application is using the explorer.exe. And that particular application will not be able to access internet if you deny it
In order not to get these pop ups again make sure you tick “remember my answer” if and only if you know what application it is (say for like firefox is using explorer.exe)
- It’s not actually cpf not remembering the answer. This is called the layered architecture. So when ever a different protocol (tcp/udp) or a diffrent port is used by an application a pop up is given. Just because you allow an application to use tcp it doesn’t mean firewall will let it access udp. So a different message is shown in the pop up.
Another reason for this is the parent application. You might see this a lot of the time with your web browser “google talk is trying to use firefox” or " … is trying to use firefox" that is because of the firewall architecture. It checks the parent application and just because you allowed Gtalk to use FF doesn’t mean Media Player can use it. So another pop up is given for Media Player. So as you have mentioned, that IS the reason for the several listings that you see in the Application Monitor UI.
And lastly I hope you haven’t changed the security level to Medium or above since then you will be getting more and more pop ups. This is recommended to power users who want to know about each and every protocol/port and etc.
I hope this will shed some light to your questions! Feel free to ask any Q if you have!
I’m afraid I have the 3.0 version. I’ll give it a try for now. I will reformat my harddrive soon and reinstall my whole system anyway, so I thought I would try out some new security software first.
I don’t know what you mean by setting it to medium. I can see 3 options; block all, my own and allow all (translated from Swedish).
Also I can’t find explorer.exe or svchost in the lists of aplications or components. Everything is set to allow except for one IEXPLORE.EXE and msinm.exe. I don’t use outlook express so I decided to block msinm.exe. And my internet connection keeps dying on regular intervals, forces me to quit CPF and repair my connection, then start CPF again.
If you’re not already familiar with CFP, I don’t strongly advise that you try version 3 just yet, especially as it’s an Alpha release (albeit public through the forums, but still…). Not only do you put your system at risk of being thrashed by bugs (the whole point of testing software, after all), but v3 is such a change from 2.4 that you may not be able to get a lot of help resolving issues to try to get it to work. We’re all scrambling (Users, Mods, etc) trying to work this baby over, figure out what it does and how (along with what it should do that it doesn’t, and so on).
Version 2.4 (available from the Comodo website, www.firewall.comodo.com is the current stable release. It is very solid and virtually all the resources here are geared toward that. There is a wealth of information, and many knowledgeable users that can help you through an tight spots. If you’re looking for something to use day-to-day, that (IMO) is a better option at this point. Once the kinks are worked out of v3, that will be a much different story…
Ok, I’m getting confused here. I went to the main page to download the 2.4 version and found I already had it. The name of the installer is ‘CFP_Setup_English_Swedish_22.214.171.124.exe’. How come I ended up having the 3.0 version?? Did I accidently update it to 3.0 I wonder?
Can’t accidentally udpate to 3.0; it’s only available in the forums. Hmm, unless the dev team accidentally put it “live” (ie, linked it incorrectly) so that it was pulling from the main download server. That would be a major squtchsplurp!
Only other possibility I can think of would be that you looked at the wrong number… I think the current database version for CFP 2.4 is version 3… Perhaps that’s what you saw?
I may have missunderstood the version numbers. I have just reinstalled and updated and it now says 'Version: 126.96.36.199. COMODO database over known programs Version: 3.0.
So I guess the problem was me blocking the wrong stuff.
Thanks for your quick responses
The download filename from Free Firewall - Download the Best Firewall Protection and Anti-Virus Scan Software from Comodo states 188.8.131.52, so 184.108.40.206 can only be obtained by the updater (for the Swedish version).