multiple XP users of CPF

I have XP-SP2-Home with one admin acct and several limited rights users. This is my first experience with Comodo. Please advise on the following issues:

  • when logging on to a second user, an error message pops up (approx wording): xxx is using the gui. your computer is protected. You must wait until he shuts down. What does this mean and why does it show?
  • when logging off a user I get a close prgram dialog box for netbroadcast. I never saw this before. What does it mean and why does it show? Why do I have to press “end program” for it to close?[- when logging off a user the screen goes black and it takes several minutes to return to the entry screen. I consider this rather unreasonable. Please comment
  • Also there seems to be some conflict with Kaspersky antivirus. How do I resolve this?

Can you try the beta, this should fix some of these issues. You can download it here:

Information here:

https://forums.comodo.com/index.php/topic,1047.0.html

If you still have problems, let us know so we can help you further.

Mike

Where can I find instructions for installing the beta? Is it considered an upgrade? Do I just install it over the existing installation or do I have to uninstall first? If so are there any special procedures for uninstall?
Thanks.

G’day,

To install the beta you MUST uninstall the previous version. Reboot after uninstalling and then install the beta version. If you are familiar with setting up a firewall and other IP-type stuff (not too onerous) select POWER USER during the install and you’ll be able to fine tune the installation and the default options, including setting up the zone for your home network.

In the period between uninstalling the previous version and installing the beta, you will be unprotected, internet-wise.I would recommend you temporarily disable your internet connection before you unistall the previous version and enable the connection after you install the beta version.

If the beta fixes your issues or if you just want to comment on it or have suggestions for its improvement, please post back here in the appropriate forums.

Hope this helps,
Ewen :slight_smile:

Mike6688: Thank you for your response. I installed the beta and the situation is much improved. ;D What I do not understand is why in the limited rights users accounts the Windows Security Center does not identify the functioning firewall and reports that no firewall is active, even when I actually have it open on screen and see the running process in Task Manager? ???

Also, why do I get the Windows Security Center Warning in my admin acct for a minute or two every time I switch back?

Why do I get a popup everytime Kaspersky Antivirus accesses the internet, even though there are several lines for Kaspersky Labs in component control and all are marked allow, and why is there no “remember” checkbox in the popup?

G’day,
The Windows Security Centre receives advice on what security components are running by intercommunicating with them via what is known as WMI (Window Management Interface).

Hmmmmm … Is it possible that the Security Centre only acknowledges WMI components under the login that installed them? I wouldn’t have thought so.

Anyone got any ideas?

Ewen :slight_smile:

It didn’t happen with Zone Alarm

Hi r2baruch,

Is the message you get about kaspersky that it cannot communicate with CPF? This shouldn’t have any checkbox. Also, Comodo were woking on this issue as it’s come up previously if this is the case.

If not can you post screenshots where CPF has popped up more than once.

Mike

Hi Mike,
Yes I believe that is the message at least sometimes. So I understand that there is no problem and I should continue to expect to continue to receive periodic popups. Is that correct? I guess I can live with it for the time being at least until I get more familiar with the program.

Hi,

The following was a quote from egemen about the issue:

Kaspersky AV does not allow any other program to control its behavior so that CPF is raising "... refuses to communicate popup" each time. Since it refuses to communicate, CPF has no way of knowing if it is a rootkit or a legitimate program.
What CPF warns you about is exactly the case. Kaspersky AV places kernel level hooks to intercept NtOpenProcess function so that it prevents any application to communicate with it. CPF detects this and informs you. Since CPF can not detect the FULL path, it can not remember this popup and it can not know if this is a legitimate application or not(Although soon coming CPF beta works differently in this case). Try updating your AV to the latest version and retry. I am not sure but the latest KAV with proactive defense worked ok with CPF here.

There is no problem with the program, but perhaps if you find ‘kavsvc.exe’ in your application monitor>>click it>>then select edit>>click ‘miscellaneous’ tab>>tick the box ‘skip advanced security checks’>>click ok.

Also, can you make sure that your AV is the latest program version.

This may work, but I can’t guarantee it.

Mike

Mike, hi:
Thanks for your response. I manually created an application control rule for kavsvc.exe to skip advance security checks. The program insisted on also designating a parent application so I designated kav.exe. Was this the correct action? Now kavsvc .exe appears in the application monitor with permission “Allow”. Is this what you had in mind?

update: After doing this I still got a popup for kavsvc with services.exe as the parent application, so I in application monitor changed the parent application for kavsvc.exe to “C:\WINDOWS\system32\services.exe”. Is that OK?
2nd updateThis didn’t help, even with kavsvc.exe and parent application services.exe given full privileges and marked skip advanced security checks, I still am getting the popups. Do you have any other ideas?
What is the difference between designating kavsvc.exe as the application with kav.exe as the parent and kav.exe as the application with kavsvc.exe as the parent? Should I create this second rule as well?
Note: I am running KAV ver. 5. I know they have already issued ver. 6 but I do not intend to upgrade until my subscription expires in a few months time. If you can help me define the question for Kaspersky I will write to them and ask their advice also.

What you did should be fine. Can you also try skip ‘allow invisible connection attempts’

If does not work I’m afraid I’m out of ideas, other than upgrading Kaspersky. The latest version of Kaspersky seemed to work fine with CPF, like egemen said.
I will be happy to help you define a question for Kaspersky to ask them their advice.

Mike

Allow invisible connections did not solve the problem.
What is the question for Kaspersky?

If you asked Kaspersky the following:


Dear sir / madam,

I have been having problems with Comodo Personal Firewall in that it says Kaspersky Antivirus (version 5) refuses to comunicate with it. I was wondering if you had any information regarding this, and whether an update to version 6 may solve this problem, although my subscription to version 5 is not yet expired.

Thanks in advance,


Will this do for you?

Mike

I will see what they say. Thanks.

Ok. There is some information here about upgrading from version 5 to 6, if you are interested:

Mike

Thanks again. My releuctance to upgrade is only because my KAV version is an OEM version that came with the computer and I am concerned about finding the license key necessary to activate the new installation. I asked Kaspersky about that also.

Hi r2baruch,

Did Kaspersky get back to you about this issue and upgrading?

Mike

Yes. I received the computer with KAV already installed and there seems to be some problem with the way KAV was installed so that I do not have the full license details and therefore cannot receive support. I will just have to wait till the license expires and when I renew I will be able to upgrade. For now I will have to live with the popups generated for KAV and just allow them.

I am a little more concerned about the behavior of the Windows Security Center. When I logon or return to my (admin) acct after somebody else used the computer, I get a WSC icon warning that there is no firewall. After a minute or two it goes away. In the limited rights users accts the WSC icon is permanently in the sys tray even though I see the CPF program and process in the task manager. Does the presence of the WSC icon mean that CPF is not protecting the computer or just that WSC doen’t see CPF? In my admin acct does its presence for 1-2 minutes mean that for that period of time I am not protected, or again is it an issue of of detection?
Thx.

Hi r2baruch,
I’m having the same problem with the Beta version for 5 days or so. Since CPF shows up as a running process, I’ve gone with the assumption that it does indeed function properly. I believe it’s a glitch with WSC. There’s supposed to be a new Beta version shortly, maybe that’ll take care of this problem.