Net Security - Comp Security - No consistency

I talked about this topic in another post but have now spent the last 4 hours tweaking and getting quite familiar with this new version and I’m seeing some inconsistencies.

Most importantly, if I can’t change a setting and see an expected result, I can’t have confidence in this version.

My issue, I don’t want Acrobat reader from accessing the internet without me giving permission each time. I don’t allow auto checking for updates so really the only time it needs an internet connection is when I open a PDF file from the Internet in an embedded browser tab. I use Firefox almost exclusively, though in the old version this didn’t seem to make a difference. I didn’t allow acrord32.exe access to the internet and I was asked every time.

I received a suggestion that I look into a dll file in the Firefox plugin directory. I did and it didn’t make a difference what I did with it.

Note, I’m using Avast, which as you’ll see below may be part of the source of my frustration.

When I installed CFP two or three days ago I probably allowed too much to begin with. It was frustrating getting loads of popups and over 2000 files in my pending files list. In the end I had made Mozilla a trusted vendor and way too many things trusted applications. So I went to my newly trusted files and removed the two files I wanted to tweak, firefox.exe and acrord32.exe. I then removed mozilla from my trusted vendors. I removed the two files from my Computer Security Policy and Network Security Policy lists (this was after changing their settings many times with no apparent impact). I then rebooted the computer.

Assuming I was starting fresh with these two programs I built a new Predefined Firewall Policy, named Ask for Internet Access. This required an ask for any IP or TCP/UDP. I then assigned that policy to both files (firefox.exe and acrord32.exe). I then changed my Firewall Behavior Settings to Custom Policy Mode.

Here’s how I tested. I opened a browser, and was immediately asked to OK Firefox.exe by CFP. I was quite proud of myself. I clicked OK or Yes or Allow or whatever that popup asked for. I then did a google search for 2008 W4 (a relatively small PDF file). When I clicked on the file it appeared to start the process of downloading the file and then after about 5 to 7 seconds I received another popup asking permission for acrord32.exe, which in all my newfound enthusiasm I clicked OK/Yes/Allow without unchecking remember my answer. It let the file open as it should.

All was fine, I thought, with the only thing left to deal with was to tell CFP not to allow acrord32.exe access again without asking. If I could do it once I could certainly do it again, I thought. No such luck. I did see that a new Computer Security Policy was added for both files. I immediately took out the adobe file. I then saw that my two Network Security Policies had Allow Incoming and Outgoing Requests added to it. I thought this was going to be too easy to be true as I removed that entry from the Adobe file.

I keep this book short and not explain all I did to attempt to replicate what I just did, with no luck. I even imported an old configuration (from before I tweaked anything) and the best I could get was to be asked for Firefox permission but never again could I stop acrord32.exe from doing it’s thing.

While troubleshooting I was once asked to allow ashwebsv.exe permission after I took almost everything out, but once I allowed it both Firefox and Adobe were able to do their thing.

Does anyone have any ideas about what else might be lingering in there allowing Adobe particularly access to the internet when I take out all instances of that filename (that I can find) from CFP? I’ve tried it with nothing entered for Adobe and sometimes one entry for Adobe in Network Security Policy with either an ask or a blocked, with no difference. Each time it works and each time I end up with a new entry in Computer Security Policy with limited access. It does say ask in CSP for all but DNS Client Service, but even if I make that Ask it makes no difference.

I’ll give Comodo the benefit of the doubt that there is something I’m missing but to not be able to replicate the outcome from a relatively simple set of procedures makes me wonder if CFP is always doing what I expect it to be doing.

My last hope will be to uninstall and reinstall to give it one last chance before going back to version 2.

Thanks in advance,


Maybe this will help:

Set D+ to paranoid mode. Remove all adobe’s executables from computer security policy. Repeat your tests. Allow or block only specific actions, for which D+ shows alerts (do not declare any app as trusted, windows system app etc).
There should be alert something like “acrobat.exe tries to execute acrord32.exe…” every time, unless option remember my answer is checked.

Hello goodbrazer, spasiba!

What a roller coaster ride. I did as you said, the big difference from what I did before was that I changed all the Windows system files to limited application. The next time I tried my test, it worked fine.

But then I received the message, “You don’t have permission to shutdown/restart this computer.” I looked that up and people suggested Uninstalling CFP 3, rebooting into safe mode and restoring to an earlier config. I couldn’t believe all that was necessary as I knew exactly what I changed. So I went back through all files in Computer Security Policy that started with C:\windows\system32 and changed them back to Windows System File. Actually I changed a group that I thought would be the likely problem and all worked.

Back to the issue I was trying to work out. When I was asked to allow adobe access there were four issues.

  1. Firefox.exe trying to run acrord32.exe
  2. Acrord32.exe trying to access Service Control Manager
  3. Acrord32.exe trying to access DNS Client Service
  4. Acrord32.exe trying to access a protected Pseudo COM Interface

I built a Computer Security Policy via a Predefined Security Policy for Acrord32.exe that allows access to Protected COM interfaces. That took care of 4. I responded with allow and remember for 1 and 2. That left 3, which I just allow without remembering whenever I want to allow adobe access to the internet.

Thanks again,


I don’t know what it is, but if ashwebsv.exe is a proxy server, it may be allowing connection to the internet via loopback connections. You can control this by going to Firewall>Advanced>Firewall Behavior Settings>Alert Settings tab and checking “Enable alerts for loopback requests”.