Need to prevent Firewall affecting one user

I’ve got an HTPC which auto-logson as user “M” which loads Mediaportal. I don’t want Comodo Firewall to load for this user, as if it produces any popups the user has no way of clicking on them and they get in the way of Mediaportal.

A second user “S” will login via RDP and I want Comodo Firewall to load for this user. I can set cfp.exe to load under this user, rather than under Local Machine, but then it seems all network/LAN access is blocked by Comodo for user “M”.

So is there a way to prevent Comodo affecting user “M” at all and just have it available for user “S”? I notice there’s a cmdagent.exe service, so maybe there’s something I can do with that which will do the trick?

It is not possible to have different setting for different users with CIS. In short user M and S will use the same settings.

I don’t actually mind if they share the same ruleset, I just want to prevent Comodo running (or at least the parts that produce popups/requests) for user “M”. So to not have it load when the PC boots and auto-logs in as user “M”, only when user “S” logs in.

This is precisely the answer.

We do not yet have any such feature. There is already a feature request, pending implementation. Hope we get it soon…

So what would happen if I disabled the cmdagent.exe in Services and only loaded this and cfp.exe when user “S” logs in? Wouldn’t that prevent any request/notification popups appearing for user “M”?

Not starting cmdagent.exe and cfp.exe won’t disable the firewall as the actual job is done by a driver but it will prevent any notification messages from being displayed as this is done by cfp.exe.

What you can do is to set the firewall in training mode and do everything user “M” does that requires Internet access. After that log in as user “S”, return the firewall security level to whatever you had before and disable cfp.exe for user “M” (disabled cmdagent.exe isn’t really necessary). This will make sure user “M” can do everything necessary without any notification messages being displayed.

Thanks Ragwing, that sounds like it would work for me :slight_smile:

user “M” only really runs Mediaportal and it’s associated TVService.exe plus a couple of other things like DVDfab Passkey, so once I’ve created rules for those it should work OK.

The only issue I can think of is if e.g. DVDFab Passkey auto-updates and then Comodo Firewall or Defense+ needs to update the rule because the files have changed. If user “S” is logged in, he’ll get the notification and be able to Allow it, but if he’s not logged in I imagine that Comdodo could prevent the updated programs from running or accessing the Internet. Can you think of a way to deal with this?

For constantly updating programs you can add the rule by path rather than trust. this would solve the problem.

In Defense + > Trusted Files > Add > Browse to the file/folder, check “Use file names instead of File Hashes”

Hope this helps you.

Thanks SivaSuresh, that’s very helpful. However, doesn’t that only apply to Defense+ and not the Firewall?

It applies to D+ for sure. If you check “create rules for safe applications” in “firewall settings”, then a rule will be created for your firewall as well. Hope this helps.

I’ve got rules for the applications thanks, it’s just I assumed that if the applications were updated and thus the file hash changed, then Firewall would alert the user and require them to re-allow the updated application.

Is it only Defense+ that uses file hashes and Firewall always just uses the filename?

I do not know such behaviour, I am surprised to hear that too…

I will check it and let you know.