What you did:
Boot Windows 7 64-bit computer
At login screen, logon with USER1
Return to login screen, without logging off (ie select “switch user” and not “Log off”)
At login screen, logon with USER2
Add or change a rule for CIS firewall or Defense+ (for example prevent notepad.exe to be run by explorer.exe)
Check the rule works (ie double-click on notepad.exe no longer works)
Return to login screen, without logging off
Return to USER1 session previously opened
Observe that the new rule is NOT applied in this user session. This is the issue!
What actually happened or you actually saw:
A new firewall or defense+ rule is not applied for other already running user sessions
What you expected to happen or see:
I wish that the rules I create or change be taken into account by all user sessions, even if users are already logged
How you tried to fix it & what happened:
Every time I want to change a rule, I first logoff other user sessions (with sysinternals process explorer) before applying the rule
Details (exact version) of any software involved with download link:
CIS 5.0.163652.1142
Any other information (eg your guess regarding the cause, with reasons):
I guess that CIS configuration changes are not propagated to all running cfp.exe processes
Files appended:
none
Your set-up
CIS version, AV database version & configuration used:
CIS 5.0.163652.1142
Whether you imported a configuration, if so from what version:
Installed from scratch (ie not a migration)
Defense+ and Sandbox OR Firewall security level:
Firewall custom policy
Defense+ paranoid
Sandbox disabled
OS version, service pack, no of bits, UAC setting, & account type:
Windows 7 64-bit
UAC on
Other security and utility software running:
Avira AV
Virtual machine used (Please do NOT use Virtual box):
none
Thanks for taking into account the issue I reported.
Thanks also for your suggestions.
Indeed it appears that “sometimes” the issue doesn’t occur.
I ran several tests and I’m currently unable to determine the conditions for which the problem happens.
So I need more time in order to discover the triggers and post a more precise bug report.
I’ve found the root issue: comodo graphical user interface (GUI) is not in sync with rules currently applied!
For example if you apply a rule in one user session and switch to another user session previously opened, then the new rule is correctly applied BUT doesn’t appear in GUI (this is the issue). And so, if you close this GUI, the rule is removed.
Here’s an updated scenario (run with Avira disabled):
Boot Windows 7 64-bit computer
At login screen, logon with USER1
Return to login screen, without logging off (select “Switch user” and not “Log off”)
At login screen, logon with USER2
Double-click on notepad.exe and check it works
Open comodo GUI
Add a rule for preventing notepad.exe to be run by explorer.exe
Close comodo GUI
Check the rule is correctly applied: double-clicking on notepad.exe no longer works
Return to login screen, without logging off
Return to USER1 session previously opened
Check the rule is correctly applied: double-clicking on notepad.exe doesn’t work for this user either
Open comodo GUI
Observe that the rule is NOT present. This is the issue!
Close comodo GUI
Observe the rule is no longer applied: double-clicking on notepad.exe now works. The rule has been lost. This is also an issue!
This scenario has been replicated with USER1 and USER2 as standard users and also for USER1 as admin user and USER2 as standard user.
The Defense+ rule is only an example: firewall rules or other settings (such as parental control) are “managed” the same way.
In fact the configuration settings are read only once for a user session (when it’s created) and never reloaded, even if they are changed in another user session.
What you did: Changed Firewall Rules in one user account, other users did not see the changes. Last man logging out had his configuration saved, so any changes made by other logged-in users were lost.
What actually happened or you actually saw: Each user has his own firewall configuration state, independent of other users. Users each seem to have own firewall ruleset in memory, which won’t change if other users change firewall rules.
What you expected to happen or see: When a user changes firewall rules, they are reflected in all logged-in users.
How you tried to fix it & what happened: Uninstall, re-install. Behavior remains same.
If its an application compatibility problem have you tried the application fixes?: N/A. Could be Windows 7 Fast User Switching. I have UAC cranked up to Maximum.
Details (exact version) of any application involved with download link: N/A
Whether you can make the problem happen again, and if so exact steps to make it happen: Can vary logins / logouts / rule changes , and it happens every time. The last user logging out has his firewall configuration saved. I don’t know whose rule configuration would “win” if multiple users are logged in and the machine is re-booted.
Any other information (eg your guess regarding the cause, with reasons): Each user has an in-memory copy of the rules.
Files appended
A step-by-step recreation of the problem, with Comodo screenshots.
Your set-up
CIS version: Firewall + Defense+ 5.0.162636.1135, base out-of-the-box configuration with Stealth Ports wizard run to enable LAN access, and removing ICS check box (running behind a NAT router, no ICS):
Have you updated (without uninstall) from CIS 3 or 4, if so have you tried reinstalling? No update, have tried reinstalling. No Effect.
Have you imported a config from a previous version of CIS, if so have U tried a preset config? No. Using nearly-vanilla configuration.
Defense+ and Sandbox OR Firewall security level: Firewall is Safe Mode, Defense+ is Safe Mode, Sandbox is Enabled.
OS version, service pack, no of bits, UAC setting, & account type: Windows 7 Professional x64, UAC is maxed, User A is Administrator, User B is normal User. (Users A and B are the two users doing this, in the attached document.)
Other security and utility software running: AVG Antivirus 2011. No Windows Firewall, no Windows Defender.
Virtual machine used (Please do NOT use Virtual box): None (except I used VirtualBox simply to create a firewall rule from a triggered Firewall alert, but I’ve replicated this with manual method of firewall rule creation)