Policies aren't being applied to programs run from network (V3.0.14 - .25 X32)

Firewall and Defense+ policies aren’t being applied to any executables run from a network. In my case, the network location is a FAT32-based share using the Shared Folders feature in a VMWare virtual machine. Perhaps the issue happens on any executables run from any network location? Can anybody else give feedback on whether this is the case?

Version: V3.0.14.276
CPU: 32 bit
OS: Win XP SP2
Other security programs running: Returnil, NOD32
Defense+ Security Level: Train with Safe Mode
Firewall Security Level: Custom Policy Mode

This is a follow-up on my own post. When I discovered this issue, I was using a program not on the Comodo whitelist. Be sure, if you’re testing this issue, to use a program not on the Comodo whitelist. One such program is the leaktest available at GRC | LeakTest -- Firewall Leakage Tester  .

Issue still exists in v3.0.16.295

Issue still exists in v3.0.18.309.

Issue still exists in v3.0.20.320.

Defense+ and firewall both blocked the Exe while adding the application thru Running process and given Isolated\Blocked application privilege… I mean to say that- its using Device name(File path) for the Network Exe’s… ??? Am i Right??

This happens using the shared folders feature of VMware. It’s a mapped drive. CFP will never give any alerts for a program run from this mapped drive.

Hi,
I have attached the snapshot of the alert and the UNC path rule for the network exe’s. Please verify this.

OS:Win XP x32 SP2
CFP:3.0.20.320

Thanks,
Vicky.

[attachment deleted by admin]

Thank you hiddenstar for your testing :slight_smile: It appears that in your case CFP is working correctly. However, in my case I am using a mapped drive, not a UNC path. I gave the following command at the command prompt: ‘fsutil fsinfo drivetype s:’ (without quotes) and received the answer: ‘S: - Remote/Network Drive’. Volume S is the volume with the problematic behavior.

Issue still exists in v3.0.21.329.

Issue still exists in v3.0.22.349.

Thank you for responding :).

Host OS - Windows XP2 with all patches
Guest OS - Windows XP2 with all patches
VMWare Workstation v5.5.6
Returnil not installed in the virtual machine.
I didn’t try to uninstall NOD32 in virtual machine but perhaps I will soon, just to rule it out as a possibility.

It works for me. Even the executable is in Safe list, I still get the alert…

MrBrian,
NP. Hopefully developers will provide some feedback.

What are your system details? Do you also use latest CFP on VMWare on Win XP SP2 x32 host and guest?

Have you also tried it with a mapped drive which is not inside a VM?
Maybe it is a visualization issue. There are several anomalies reported in the forums connected with virtual drives.

Issue still exists in v3.0.25.378.

In case this helps any, when I try to run an executable from the network location, CFP does alert that Explorer.exe is trying to execute System.