Prevent applications from launching browser

Searching the forums produced one result from several years ago and no reply to the question.
https://forums.comodo.com/empty-t25190.0.html;msg181091#msg181091

I’m using the latest version of CIS and despite trying all settings, no matter what I do, some programs launch my browser without my permission. One of the common scenarios is uninstalling a program which then launches browser and takes me to their web site to answer questions why I removed their program and what I didn’t like about it. Very annoying, of course.

Is there a simple way to prevent this? Needless to say, it’s driving me nuts.

In defense+ settings, all boxes under Monitoring tab are checked.
In defense+ rules for my browser the box in “Ask” column for hooks is checked. I thought that should prevent programs from launching browser, but it didn’t.

CIS operates in Safe mode, but even going to paranoid doesn’t solve this problem. How do I set this up?

P.S. I should add this question - if I’m surfing the web, i.e. the browser is already launched (open), how do I prevent programs from connecting to their desired web sites, by setting up one generic rule, rather than having to set it up for each program individually.

You’ll need to create a Defence+ rule that prevents Windows messages between applications and your browser(s). You could create a generic ‘block all’ messages or you could make it selective by choosing which applications are allowed to communicate and which not.

Try the following:

Open CIS and navigate to:

Tasks\Advanced Tasks\Open Advanced Settings\Security Settings\Defence+\HIPS\HIPS Rules

In the Main Window:

  1. Right Click and select Add
  2. Browse to the browser executable
  3. Select Use a Custom Ruleset
  4. Select Windows Messages
  5. Either select Block or Modify. Use modify to be selective.
  6. Click OK back to the start screen

[attachment deleted by admin]

Thank you for a prompt reply. The only problem is - I don’t have any button or menu option labeled “Tasks”. At the very top of CIS there are five tabs:
Summary
Antivirus
Firewall
Defense +
More

None of the above has “Tasks” option. My version is up to date 5.12.256249.2599

What I did, however, is select browser from Defense + rules, then under Access Rights tab, checked box “block” Windows Messages. Unfortunately, the program that was doing the above described is still doing it. While my browser is open, it connects to its web site without my permission.

No worries, when you said you were using the latest version, I thought you meant version 6. The process is exactly the same as described above, just choose:

Defence+\Computer Computer Policy\Defence+ Rules

Then select Add…

[attachment deleted by admin]

My browser was already on that list and custom policy in place. I explained in my previous post that the solution you proposed is not working. I have blocked all Windows Messages to no avail. The browser gets launched no matter what. I’m really puzzled.

You must have made the edit to your post whilst I was adding mine. Can you tell me the name of the application and browser you’re having problems with.

I’m using Firefox 17.0.1 and the application with annoying behavior is Total Uninstall. You can find it here:

Install the application, then uninstall it. As soon as you uninstall it, it launches the browser and connects to the web site. Or if the browser is already open, it opens that web site in a new tab.

As I mentioned in my original question, I wouldn’t like to have to block every program individually, because there’s no way to predict which program will launch the browser and which one won’t. Total Uninstall does that only if you try to remove it from your computer.

Instead of checking Windows Messages on the Access Rights tab, try using the Windows/WinEvent Hooks on the Protection Settings tab and making it Active. Click OK all the way out to the main screen and try your software again.

The Access Rights tab is for what the application can access itself; the Protection Settings is what the application is protected from (the first is app → rest of computer; the second is rest of computer → app).

The only problem you will have with this is that url links may not automatically open your default browser BUT no other programs will be able to ‘hook’ open your browser(s) by themselves.

All four options under Protection Settings tab were already checked, even before you suggested it. Seems like we’re running out of options here… LOL

I just tried the software install you linked earlier and it was blocked (on the uninstall) from opening a web site in my default (Firefox 17.0.1) browser. I have the Windows\WinEvent protection active in the HIPS rules for Firefox before installing and uninstalling the test software. I have not tested this out on a system with v5.1x on it so this may be a bug in that (those) version(s).

Did you click OK all the way out of the settings / configuration screens before testing? CIS may have an issue with not saving / loading changes until the option / configuration screens are closed.

I know this is probably an obvious question but you have enabled Defence+?

I just finished installing v.6. Trying to find my way through this radically new GUI. I don’t see where you enable or disable Defense + ? It seems like it should be active, just like in v.5.

I enabled HIPS (Safe Mode). It was not enabled by default.

No luck. Even with v.6 and everything set the way you suggested, the program still launches the browser in a very rude manner, no questions asked. My PC is haunted.

What worries me even more is that with v.6 I’m not getting any requests from CIS for user input/feedback. For example, with v5 any time I’d install new software, CIS would prompt me to allow the installation, and it would prompt me if a program attempts outbound connection. With v6 nothing like that happens. I’m tempted to go back to v5, this does not feel safe. Or am I missing something?

Change the HIPS level to ‘Paranoid’ (sounds bad but YOU control the rules settings) and the Firewall to ‘Custom Ruleset Mode’. Both will have you building rules for applications as they come about on your system. If you have CIS set to ‘Create rules for safe applications’ (along with the ‘Safe Mode’ on both the Firewall and HIPs configuration screens) for the first few starts of your system, then the rules list will be started in both parts of CIS and you can have a starting point for when you take manual control of the decisions / configuration of rules.

With the HIPs / Firewall set to those levels, you should get alerts for any process / program that does not have a rule currently set yet.

I did all that so that I can closely monitor what happens when I uninstall the program in question and how exactly Firefox gets launched.

CIS detects that Firefox is being launched, but does NOT show which program is doing it! The only option at that point the CIS offers is to block the browser’s connection to Internet. Ideally, CIS should say something like “xyz.exe is attempting to launch your web browser, do you want to allow this?”. That is how some other firewall programs do it. I see no way to resolve my issue so far. After adjusting all the settings we discussed, all the prompts I’m getting do not indicate that CIS can prevent any programs from launching browser without user’s permission.

What configuration is CIS in - Internet Security or Proactive Security or Firewall Security? (This is in the Advanced Settings > General Settings > Configuration menu.)

Also, what OS (Win7, Win8, etc.), Service Pack level and 32 / 64bit is your system?

I’m sorry for asking what seems like redundant questions but I have done everything I suggested to you and got the exact results you are looking for.

Did you check the option in the HIPs for verbose mode in the popups?

It is in Internet Security.

OS Win 7 x64, no SP

Verbose mode is checked. I’m getting pop-ups now, even too many although I switched back from Paranoid to Safe mode. For same applications it sometimes asks redundant questions, apps that I already approved and checked “remember” box.

TO SUMMARIZE how I got Firefox and CIS setup in an attempt to block the program from launching Firefox:

  1. HIPS in Safe Mode w. popup alerts ON and Create rules for safe applications
  2. Firefox using custom ruleset, window messages blocked, all protection settings active
  3. Under HIPS Rulesets all allowed apps set to ask for window messages, protection settings active for windows messages
  4. Under Firewall settings Firefox treated as Web Browser, no other special rules there

I think I got it all covered, but Firefox still getting launched when I uninstall the program I mentioned earlier.

Here’s a curiosity, if I set the default browser to IE, then set a D+ rule for IE\Protection Settings\Windows Messages to Active, it works, do the same thing for firefox, it doesn’t…

Even more curious, I have two other systems here with v5.12 on them (Win7 64 and Win7 32) - on both of them the D+ setting does NOT block the browser from opening. It also does not seem to make any difference if CIS is set in Internet Security or Proactive security mode (as far as this problem goes).

(Note: on one system, however, I did get a OS error message of there being a problem sending the command to the browser but it opened anyway. I am still investigating that situation.)

Although the problem persists, I’m relieved to know that I’m not alone :slight_smile:

Years ago, before I established CIS as my primary and only protection software, I used another free product (can’t remember which one it was) that was diligently popping up warnings any time any program attempts to launch another program, whether a browser or something else. I can’t believe that Comodo fails so miserably. I’m also surprised that out of so many users over the years, very few noticed there’s a problem here (see my original post in this thread).

Perhaps Comodo engineers will take this seriously and address it as a major bug. If CIS allows browser(s) to behave like this, who knows what else might be going on in the background.