Problem Handling Program Updates

I have a program PC-Com, that permit one to access from the keyboard, websites, files on the computer, etc. You select a default browser, for use of the program, and it makes use of that to open websites in a browser tab or window. I had selected the Opera browser. Regarding my initial use of the program, everything was working fine with the Firewall, after I granted my permissions for connection to the internet through the parent program PC-Com.

I recently download a beta update, that had very slight changes to the PC-Com program. When I tried to connect to the internet via keyboard, utilizing PC-COM, to trigger Opera, I got a message asking whether I wanted Opera to act as server, and another whether I wanted it to access the internet for the Parent application PC-Com, with the following: “Opera.exe is a safe application. The Cryptographic Signature of the Parent Application PC.com.exe has changed. This could be because you have recently upgraded/reinstated this application. If this is not the case, then this could be the sign of a trojan/spyware/virus activity.”

Every time I tried to click “approve,” and click also that I wanted Comodo to “follow this advice for the future,” the firewall because torturously slow to act. At times, seemed almost frozen. >:( This PC-Com program operates through keywords, that link to web sites. As it is, I have about 25 keywords, to different web sites (At some point, I could have 50 or 100, as it makes accessing a wide range of sites on the internet easier for me). Now, every time I used a keyword to access the internet, the Firewall required from me an initial approval (and sometimes there were four or sometimes more approvals per keyword – when I tried to use the PC-Com keyword to access the internet. (And that was for Opera) (If I wanted to use a keyword to access the internet with Firefox, the process was duplicated). Comodo wanted approval from me for Opera to act as Server, for Opera to connect to the internet, For Opera regarding a particular port, and then regarding another one, regarding a Listen Port, etc. etc.) (And for Firefox, when I used the same keyword, the same approvals all over). Every keyword I set up to access the internet had to receive a approvals for the firewall initially. Still, I had pretty much gotten Comodo on board with the program, and keywords I wanted to use for internet access (as well as for each browser I was using per keyword with PC-Com.

However, the update was impossible to handle because the Comodo Firewall essentially froze, even though I was giving approval. And for the very first keyword. Since every keyword to access the internet through the PC-Com process would require multiple approval, and for every update, the process has to be repeated all over again, and given that Comodo was essentially freezing with each requested approval even when I gave it, it has now become near impossible for me to get updates to a very good program. I tried rebooting the computer to see if it made a difference with Comodo, and it made no difference.

I have two questions here: (1) Doesn’t this constant need for re-approvals with each keyword, linked to a browser, and with each update (the process has to be repeated), no matter how slight the update, ultimately slow the Firewall down, because it will have a huge list of approvals for cryptographic signatures that it will have to go through, many of which will be irrelevant because the program might have changed many times (For just the PC-Com program, for 20 keywords, maybe 80 approvals per browser, so imagine how much Comodo will have to keep track of, if the program has many many updates over the years); and (2) Why did the Firewall essentially freeze on me, when I granted my approval, and instructed the firewall to remember it in the future. No matter how much I clicked “approve,” it seemed frozen. Then it might finally accept one, and the torturous process moved to the next approval. I’d be giving approvals just for this one update, till Christmas.

According to the developer of PC-Com, “The only thing that I changed in PC-Com (regarding the beta update) is the setting to open web pages in tabs, which basically opens all web pages in the Windows default browser. But if you turn this setting off, PC-Com opens web sites the same as it did in the previous version.”

I’m concerned about: (1) Comodo becoming a hassle in treating each program update as requiring consent all over again, and then over a number of years, having to keep track of all the consent, even for the earlier versions of programs. It seems like the firewall could really slow down my browsing then. (2) The Firewall ought to let me just consent to using PC-Com for accessing browsers, and not require a multitude of consents per keyword used to access the internet; and (3) I’m very much concerned about why the Firewall froze, making it impossible for me to use the beta update.

Any thoughts ::)are appreciated here. I’ve had Comodo for about three weeks, and the PC-Com progam is the only one that’s become an incredible hassle. I wish there were a way to say, just leave that program alone (stop asking for consents).

Right now, Comodo is freezing me into not getting program improvements/updates for PC-COM, a good program, that the firewall is ruining for me.

I’m not sure about CPF slowing/freezing your system, since I’ve not experienced that.

But, we do appear to have opposite views on one item. I would be really miffed if I changed a component & CPF didn’t notice! After all, that’s what a virus/trojan/malware would do… it would change things (just like an update). Each to their own, I guess.

BTW Someone is bound to ask (since they’ll need it), which version are you running?

The only useful suggestions I can make is to remove the parent-check from the PC-Com & the browser concerned. But, that means anything could, in future, use the browser in without your knowledge.

Kail,

Do you mean, set up as an Application Rule for the PC-Com program, “skip the parent.” I think that would solve this headache.

Comodo is doing multiple checks for every keyword I create to access the web (let’s say 30 keywords x4 (approve Opera as server here, Opera going to the internet, this port, that port, etc.) or hypothetically 120 approvals required, per browser I use) (I use 2 or 3 browsers). And this whole approval process is all duplicated for every minor update. (And this isn’t even address that “freeze issue,” where Comodo was ignoring my approval actions.

I agree with you generally that I would want Comodo noticing if I change a component. Except for this particular program, where it’s doing multiple checks on every keyword per browser, ad infinitum, and every time I update the program. And keeping a record of all of those cryptographic signatures (which could get into the thousands). The checking seems excessive, might even slow down my ability to browse on the internet.

When you said, anything could in the future “use the browser in” without your knowledge, I’m not sure I understand the risk. The PC-Com program (which I would be approving across-the-board if I say “skip the parent”) will only trigger the browser to go to web sites, where I’ve specifically created or approved a keyword, linked to the web site. Well, I want those approved anyway, so what am I risking? Am I missing something? :-\

It really does depend on what CPF is saying to you. If you can, it’s best to post some examples of the CPF pop-ups.

That aside…

Do you mean, set up as an Application Rule for the PC-Com program, "skip the parent." I think that would solve this headache.

Firstly… you shouldn’t need to create an Application rule for PC-Com. If you’ve used it, CPF has mentioned it & you authorised it, then it should already be there.

Secondly, having not run PC-Com myself and not knowing what CPF has reported, I guess this will not work. Mainly, because it was probably parented by explorer.exe.

I agree with you generally that I would want Comodo noticing if I change a component. Except for this particular program, where it's doing multiple checks on every keyword per browser, ad infinitum, and every time I update the program. And keeping a record of all of those cryptographic signatures (which could get into the thousands). The checking seems excessive, might even slow down my ability to browse on the internet.

OK, I didn’t really pick-up on your point concerning the muliple detections for each keyword you used. It’s probably something to do with how PC-Com is talkiing with the browsers. So, examples of the CPF pop-ups for PC-Com for these keywords would be very useful.

When you said, anything could in the future "use the browser in" without your knowledge, I'm not sure I understand the risk. The PC-Com program (which I would be approving across-the-board if I say "skip the parent") will only trigger the browser to go to web sites, where I've specifically created or approved a keyword, linked to the web site. Well, I want those approved anyway, so what am I risking? Am I missing something?

What I meant was that if in the Application Monitor rules the parent check is omitted from any of your browsers, then another program could use the browser without your knowledge (since the parent check is off). This is risky, since it means that a virus/trojan/malware/spyware program could open an invisible browser session without you even knowing it & communicate with the out-side world. Remember, that the browser itself would have already been authorised in CPF (unless you’ve never used it).

IMHO, the parent check is best left on for browsers & other communication programs (FTP, chat programs, Email, etc…) that can be called by other programs.

PS Don’t forget to mention which version of CPF you are using.

[Editted to correct typos & trying to make thing clearer]

I’m using Comodo 2.2.0.11.

On your saying, I didn’t need to create an application rule, as it should already be there. The problem is that I don’t think there was such a rule under PC-Com. Instead the approvals would be under the browser in question that I was using with PC-Com (and didn’t seem to be operating across-the-board for PC-Com.

Now in creating an application rule for PC-Com, I haven’t said, ignore parents, in general (in cases beyond PC-Com). I sincerely hope not, or I’ve really messed things up. All I did was go into Security, clicked on Application rule, and then put a dot in “skip parent,” but browsed to select the PC - com.exe program (which is what the dot to skip parent was supposed to relate to). So it seems, I’m (hopefully) not telling Comodo to skip the parent across-the-board, but only for PC-Com. The way creation of the application rule is set up, one can select the program (through the browse feature) to which one wants the rule to apply. (You had expressed a concern here about too broad a treatment of “skipping the parent” when you said:

 "What I meant was that if in the Application Monitor rules the parent check is omitted from any of your browsers, then another program could use the browser without your knowledge (since the parent check is off). This is risky, since it means that a virus/trojan/malware/spyware program could open an invisible browser session without you even knowing it & communicate with the out-side world. Remember, that the browser itself would have already been authorised in CPF (unless you've never used it)." [Query:  but the way I've dont it, isn't my "parent" check only off for this one program].

I'm hoping that all I've done is said that when I use PC - COM to call up --via a keyword -- a browser to go to a website, there's not a need for Comodo to get an approval from me for the use of PC-Com.  When I look at my Application Monitor in Comodo, I now see for PC.exe an "allow."  I don't recall seeing that before, so I think it came from my setting up the application rule.  Previously, I would get approval for PC-Com, under the name of the browser being used, with the parent path to the PC-Com program, being listed under that browser.  

On the type of pop-ups I was getting (and the freezing of Comodo on the upgrade was what made dealing with every individual approval impossible), it would say for example, (and this is sort of a rough synopsis . . . )Opera wants to act as server, or maybe, wants to connect to the internet, and the cryptographic signature of the parent PC-Com.exe has changed. This could mean a program update, or trojan/spyware/virus activity. Sometimes, it would list ports being checked, to wit: Remote p. 10.10.72.1; Port: dns (53) - UDP; IP: 10.10.72.248; Port 1101-TCP, and on and on . . . When I’d click approve, and don’t ask again, a torturous pause, sometimes, nothing . . . for minutes. Then it might move to another popup. I mean, I don’t have hours to deal with this. Even if it responded to my command, the fact that it was seemingly going through this exercise on every keyword I use that calls up a browser for Opera, Firefox, and IE 7 was very very time-consuing. But it wasn’t responding well, was freezing, so maybe it was just repeating messages, because it wasn’t registering my approval. (Now because I didn’t fully notice the problem until the program upgrade, it’s possible, I must confess, that Comodo wasn’t going through every keyword I used with PC-Com, but just throwing the same popups at me when I shifted keywords, making it seem like it was checking every keyword. It was the freeze of the program for the upgrade that made it impossible for me to use the upgrade.

My main concern is, I think I’ve just limited the approval on the parent check to the PC-Com application, not to letting browsers be used in other cases. And again, I did that by going into “create an application rule,” and putting a dot in skip the parent, for PC-Com (there was a place for me to browse and locate the parent). Does that seem reasonable, and relatively safe? I don’t think I gave a broader approval to use of my browsers by other programs. On PC-Com, as I’ve said, I create keywords, or (for program upgrades), get to review keywords provided in the upgrade. The program scans my computer to create keywords for executable programs. To trigger the browser, the keyword needs to relate to the internet (and be typed by me after using a hotkey to start the program), and the vast preponderance of those keywords, I create.

I changed a tiny bit the Application rule for PC - Com. I highlighted and edited the rule that now shows up in the application monitor. I list the application, have a dot now in “specify parent,” not “skip parent,” then specify the application, PC-Com.exe, and for “apply the general criteria,” list for the action, “allow.”

I’m not sure that changes much, but . . .

[Query: but the way I've dont it, isn't my "parent" check only off for this one program]

If you mean PC-Com, then this probably OK. I say only “probably”, because I know nothing about how PC-Com operates. I thought initially, for instance, that PC-Com was probably being parented by explorer.exe & nothing else. This is due to my ignorance of PC-Com. But, you seem to have got a positive result (ie. less pop-ups) from the parent specification for PC-Com. Is that right or are you still getting, in effect, a CPF pop-up for each PC-Com keyword?

Does anybody else have experience of PC-Com? Since, I think we may need your input/advice here if there still a problem.

It’s possible that the pauses you’re seeing are something to do with whatever wanted the Net access having timed-out since it didn’t get immediate access & that it is merely waiting to retry. But, that’s a total guess. I assume the rest of the your system is still functional (responding) when you encounter one these pasuses/freezes?

..Remote p. 10.10.72.1; Port: dns (53) - UDP; IP: 10.10.72.248;..

The IP range (10.10.something) doesn’t look like a remote IP address to me, it looks more like your LAN or, perhaps, your providers local sub-net. Can you confirm this?

On PC-Com, here’s a review of the program on CNET/Download:

http://www.download.com/PC-Com-Basic/3000-2344_4-10555008.html

The editors gave it a five star review.

I got 7.53 final of PC-Com today, and once again the Firewall gave me problems because it was detecting a new cryptographic signature (therefore was ignoring the old application rule I set up a few days ago to deal with the beta). And again, the pop-ups were freezing on me, and they were impossible to deal with. I don’t understand why the freezes happen with Comodo and each update of this program. Still, it limits my options in terms of how to deal with the Firewall and PC-Com (since I want the updates).

So I went into Security, and again created an Application Rule (to deal with this update that had a new cryptographic signature). This time, I just set forth the address of the Application (D:\Program Files\PC-Com\PC-Com.exe), the address of the parent (D:\Program Files\PC-Com\PC-Com.exe), put a dot in “specify a parent,” under action, picked “allow.” Under protocol (TCP or UDP), and under direction, selected "out). Once again, (the pop-ups) quieted down, and all is well.

It seems like every time there’s an update to this program, the application rule I created for the prior version won’t work because there’s now an outdated cryptographic signature, so I have to repeat the process of creating a NEW application rule. When I take this action, I stop getting all the popups (although, in the present case, I could have selected (Under Security and Create an Application Rule, “skip parent” (for the PC-Com program) or “allow all activites for this application,” and would have gotten, the same result I think.

On PC-Com, my understanding is that IT IS the parent. It’s the program that gives you the ability to create keywords (linked to websites), which you can type into the keyboard, and then the browser can take you directly to a site (obviating mostly the need for the mouse to click on icons). This program is one that has major accessibility benefits Also, you can type keywords linked to internal files in the computer, to get you to them (by just typing a few letters or a keyword), or to shut off the computer, put it on standby mode, hibernation, start up the Control Panel, etc.

As with kail, I’m also interested if others have experience with this program and Comodo, and whether they’re had problems (with the freezing pop-ups) as I have. Also, being not that experienced yet with Comodo, I’m still worried that updates of other programs could mimic the problems I’ve had with PC-Com, causing freezes, and forcing me to create more exceptions.

Anyway, I hope what I’ve done with PC-Com and Comodo seems reasonable, :)and hasn’t compromised my firewall security.

kail said: “The IP range (10.10.something) doesn’t look like a remote IP address to me, it looks more like your LAN or, perhaps, your providers local sub-net. Can you confirm this?”

I’m not sure what it means. I don’t really have a LAN, so perhaps it’s the provider’s subnet. My provider is a DSL provider, who has wired the condo that I live in, to provide high speed access to anyone in the building who uses/pays for the service.

I believe that whole IP range (10.0.0.0 - 10.255.255.255) is reserved for private use (ie. you shouldn’t find them on the actual Internet). Since CPF is reporting IPs in this range, then I guess it must be your provider. Aside from corporate LAN, I don’t remember ever seeing a DNS on this range before. Anybody else like to comment on this?

Anyway, I tried PC-Com 7.50 basic with the CPF 2.3.2.21 Beta. But, I wasn’t really able to replicate what you’d been encountering. Since PC-Com uses OLE it did initially excite CPF quite a bit with various applications. I suspect that this is due to the way PC-Com implements it’s OLE hooks (yet another wild guess, of course).

So, I recommend that you try the CPF beta for yourself & see if that works better with PC-Com.

The CPF beta link can be found here… [url]https://forums.comodo.com/index.php/topic,1216.0.html[/url]

G’day,

The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets (local networks):

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

Also, IP addresses in the range of 169.254.0.0 -169.254.255.255 are reserved for automatic private IP addressing (used in setting up Internet Connection Sharing (ICS) in Windows)

Hope this hleps,
Ewen

I’m hesitant on the firewall beta, when I’m still new to te basic firewall.

On being able to duplicate the problem, I didn’t have that much of a problem on my iniital download of 7.50. It was only the upgrades, where I got the message of the different cryptographic signature and the freezes.

In any event, what’s wrong wilth my saying, essentially, the parent PC-Com is safe. I have to type the keyword to trigger the internet access, and I know where the keywords take me to. All I’m saying is “allow” for the purpose of this parent program.

That’s fine by me & there’s certainly nothing wrong with your approach.

I still believed it was causing you a major headache & that’s why I was still posting. If you’re happy, then so am I. ;D

Kail,

I very much appreciate your help. The freezes were a headache (and Comodo didn’t seem to be working well vis-a-vis PC -Com… But since I think PC-Com is safe for me simply to let pass as a “parent” (that is, to authorize it to do it’s “thing,” I’m happy. It’s working. Now if I were getting freezes from other programs, I would be more concerned. I mean if Comodo, asks for your consent, and you give it, then it should not just freeze, with the pop-up sitting on the screen leaving you in limbo. Still, heretofore, this is the only program w(PC - Com) where for updates, it’s done that. So I’ll let well enough alone, and go with my approach, of saying “allow” the parent activity.

Now I’ll watch Comodo and see if all else seems to work. And maybe even read more on this forum, so I can learn more about firewalls.

I just wanted to make sure my approach wasn’t destroying the benefit of a firewall, and endangering me. I think though, what I did is ok. Thanks again for the help.

No problem & I think you’ll be just fine.