I am a new user of COMODO and must say I’m very unimpressed.
I note that that there are many issues posted on these boards about issues with FIREFOX. I have now joinded that club.
I am using Firefox 2.0.0.12 and COMODO 3.0.20.320. Op Sys Is Win 32 (XP plus SP2)
Despite the Firewall being set to use CUSTOM POLICY ONLY and Firefox being designated a Web Browser COMODO subsequently insists (after a period of time and without any warning or prompts) in adding FIREFOX as a CUSTOM application - allowing anything IN or OUT !!!
I note that the new entry uses 8.3 filenames. I end up with 2 FIREFOX entries in my policies list.
This is a DANGEROUS bug - what else couldl COMODO chhose to add to my policies without being asked ???
I have absolutely no confidence in COMODO as a reliable product.
By the way I have installed and re-installed this product but the behaviour is laways precisely the same. As I noted earlier these boards seem crammed with issues with FIREFOX but I would rather trust their software than yours.
As far as I can tell this is a known bug for which a patch was released some time ago, that solved 90% of such issues but still left a few.
Thanks Searinox.
COMODO allegedly fixed this in 3.0.18.309. However as I said in previous post I’m using the very latest vesrion 3.0.20.320 and the problem still persists.
It is quite easily reproducible - other people have reported similar behavior in other earlier versions.
Doesn’t anybody think it is a tad dangerous for a product to add its own rules (when it has been specifically configured to forbid this) to allow an application unfettered access to the internet?
A firewall is meant to be watching my back, and not the other way around. In my opinion it renders the product unusable.
It’s really not that easy to reproduce. On my configuration for instance I only had the problem with PowerISO. However, others did not. At the same time people such as you are having problems that on my system I cannot reproduce. What causes these variations are unknown to me, perhaps an admin can answer. However, when it adds the 2nd 8.3 rule, does it pop up any alerts? Also delete both entries for Firefox and see if it still happens, though my guess is that it will. The program isn’t “adding its own rules”, the firewall is adding them due to a glitch. I’m guessing that results vary. For example in my case it would add a 2nd entry in which a certain COM interface wouldn’t be allowed, while in your case it’s adding a network rule that is allowed. My only guess is that the buggy rules allowed/forbade by CFP are dependent on the program in question(PoiweISO was trying to access a COM, so COM was denied, FF is trying to access the network, so network is fully allowed).
Perhaps I used the wrong phrase regarding reproducible. What I meant is that you delete the erroneous rule, do some browsing with FF for a while and back comes the bad rule. I think I should have said “easily repeatable”.
There are no pop up alerts.
I have tried deleting both rules which didn’t help much.
As its snowing a blizzard here I spent some more time looking at this - my initial reaction was to chuck CFP as I can’t trust it. A further thing I have uncovered worries me even further. When the bad rule is added (always at the top of the list) the number of attempted unsolicited incoming connection reported in the firewall events rockets up significantly in volume. After I delete the bad rule the volume drops dramatically.
I have tried a deep virus/rootkit scan (Bit Defender 2008) and this reports no problems. All my ports are fully stealthed (according to ShieldsUP).
Unless COMODO come up with some answers fast I will have to uninstall. I just don’t trust it any more.
Let me ask: When you change it to Web Browser Property are there still custom rules? I deleted all custom rules before choosing Web Browser and it sticks properly. If it defaults back to Custom policy, the rules as defined by the Web Browser option appear in the custom frame or don’t they? If they do, it’s a bug, but no compromise to security is happening.
Hi Sekerob
I’m not sure I entirely understood the question so forgive me if this reply rambles on a bit.
I have rules for about 20 or so applications in Network Policies. One of them is for Fierfox - I use the “standard” Web Browser option for it. The path is properly (and fully) specified to the correct Firefox executable.
Firewall security level is set to Custom Piolicy Mode so no futher rul;es etc should be added by CFP itself.
What is happening is that (after browsing for a while) I regularly get a second set of rules relating to Firefox added to the network policies list without being asked. The second set of rules always appears first in the policies list and point to Firefox using 8.3 names. This second set of rules for Firefox is either to allow only outgoing or allow both incoming and outgoing traffic. The original (and valid) set of rules defining Firefox as a Web Browser are not touched. Hence Firefox appears twice in the applications list.
I beg to differ but I think adding network policies unbidden and seemingly at random (when not in training mode) is a major security issue. What else may be added or deleted to policies without my knowledge or approval?
An update.
I have now also noted that there are duplicate entries (with 8.3 filenames) also being created in the Defence+ policies.
I believe this was a known bug which was allegedly fixed in version 3.0.18.309. Seems to me that they have reappeared in 3.0.20.320.
Is there are reversion testing issue here for COMODO to comment on?
I just thought I would update this post.
To recap. My original post way back when concerned additional FIREFOX entries (using 8.3 filenames) being inserted into the network rules even when in CUSTOM POLICY MODE. This was done by COMODO in a seemingly random manner and I end up with 2 sets of rules for FIREFOX. No matter how many times the 8.3 rules were deleted they keep coming back. Also occasionally FIREFOX would not work unless the 8.3 rules were present.
I note that others have reported this and similar issues and then my wife’s laptop suddenly started to exhibit exactly the same behaviour. Her lap top uses the same software versions of COMODO, BitDefender and Firefox as my desktop.
At that point my confidence in COMODO (already at a low point) hit rock bottom. I view any application that arbitrarily changes settings to be worse than useless as a security system. At that point I resolved to uninstall COMODO and return to the safety of Zone Alarm. However the problem then is the near impossibility of removing COMODO especially if you are an average user. If it were not for the efforts of Ragwing and others on these forums, I venture to suggest that it would be nearly impossible to remove COMODO. I believe that the thread covering the issues around safe removal to be one of the most viewed posts on these boards. I think that says it all.
Before I could pluck up enough courage to attempt removal Firefox stopped working permanently even though the 8.3 rules were present. So I tried the various things shown below eventually arriving at a set of rules that is providing some sort of stability (thus far!!!). I post them in case they are of some use to others – note that I have written this up in “shorthand” but I’m sure you will get the drift:
Initial rule set:
- Rule for Firefox (8.3 names) naming it as a WEB BROWSER
- Various other rules for other applications
- Rule for Firefox (using proper full path) naming it as a WEB BROWSER
- Rule to stop all incoming/outgoing connections for any other application
The above worked fine for a while, but as noted, Firefox suddenly stopped working. So the rules were amended to
Second rule set:
1 -3. As above
4. Rule to allow all incoming/outgoing connections, but LOG them.
The network events log reported that Firefox was constantly appearing as an 8.3 path, and was passed through under rule 4 rather than rule1 as would be expected. Very strange.
Third rule set:
- Firefox 8.3 entry was deleted.
- As above
- As above but rule for Firefox changed to TRUSTED APPLICATION
- New entry created for C:\progra*\mozill*\firefox.exe. Rule is Log and allow IP Out from IP any to IP any where protocol is any.
- Revised entry to for all other applications = C:*.* . Rule is Block and Log IP Out from IP any to IP any where protocol is any.
Since deploying the third rules set I’ve not had any 8.3 names appearing and Firefox appears to work every time (so far !). Note that the log indicates that Firefox is passed through by rule 4 rather than rule 3 as you would expect. Changing rule 3 to WEB BRWSER has no effect on the firewall behaviour.
I would urge novices who are considering COMODO to be their chosen firewall to consider their choice very carefully. My experience has been that whilst this has some potentially clever features it should be considered very much as “work in progress”, and is only suitable for the advanced user. Also if you ever reach the conclusion that CFP is not for the product for you, then be prepared for significant grief when attempting to uninstall.