Last year I had a problem running the electronic version of the OED (Oxford English Dictionary) concurrently with Comodo Firewall Pro (188.8.131.520) on my system (XP SP2).
The OED uses an anti-theft software called “CD-Cops”. Each time I launch the OED, “CD-Cops” is actually launched first and creates a temporary file with a different number to keep track of how many times I launch the dictionary before I have to reinsert the original installation CD-ROM into the drive. So these “.TMP” files all have different numbers and their extension is not “EXE”. But they behave as executables: they change local files, inject processes into memory, run other executables. They are all named in the same way, for example, “~crf2422.tmp”, but the actual number is different each time the dictionary is launched.
Last year I found a workaround by registering “C:\Windows\Temp*CRF*.TMP” as “Windows System Application”. And “C:\WINDOWS\system32\cmd.exe” also as “Windows System Application”.
This did the trick. The OED was launching and running normally.
But now that I have updated my XP system to SP3 and Comodo Firewall Pro to version 3.9.95478.509, this is no longer working. It is no longer possible to register wild card items and applications as “Windows System Application” with Comodo.
I have tried allowing everything relating to “C:\Windows\Temp*CRF*.TMP” and “C:\WINDOWS\system32\cmd.exe” to no avail.
Each new “C:\Windows\Temp*CRF*.TMP” file with a different “counter” number is detected as “malware” by Comodo. And I have to be quick to allow it to execute otherwise the dictionary fails to launch.
Can anyone suggest a solution?
It is still possible to add wildcarded policies and AV exclusions.
I don’t remember if previous versions allowed to add wildcarded policies from Application System Activity Control dialog. Did you write the wildcarded path directly in the Application path: textbox or you used Select button > Browse… ?
Writing the widcarded path directly doesn’t work but if you use Select button > Browse… you can navigate up to C:\Windows\Temp\ using the “Select the Application” dialog and input ~CRF*.TMP in the File Name: field.
It is still possible to create a file group containing wildcarded path (Defense+ Tasks > Common Tasks > My Protected Files > Groups… button; Add a new group + Select from > Browse…)
Or selecting any application using “Running process…” from from Application System Activity Control and then editing the path soon after the selection dialog is closed (before it becomes grayed out).
[attachment deleted by admin]
I did manage to enter “C:\Windows\Temp*CRF*.TMP” or “C:\Windows\Temp~CRF*.TMP” in the Application System Activity Control dialog and in other dialogs. But that did not help. Each new “counter” TEMP file named “C:\Windows\Temp~CRF*.TMP” is detected as possible malware and duly registered as an authorized application each time I allow it. But this does not make sense.
I have tried allowing absolutely everything to “C:\Windows\Temp~CRF*.TMP” and also to “C:\WINDOWS\system32\ntvdm.exe” which makes changes to “C:\Windows\Temp~CRF*.TMP”. To no avail.
It seems that we can enter wildcarded paths like “C:\Windows\Temp~CRF*.TMP” and allow everything for them but Comodo simply ignores them.
Also I can enter “C:\Windows\Temp~CRF*.TMP” in “My Own Safe Files”. But as soon as I click the “Apply” button, the entry is automatically removed. Apparently, Comodo doesn’t allow wildcarded TEMP paths in “My Own Safe Files”. It only allows executables. But these “C:\Windows\Temp~CRF*.TMP” files do behave as executables in many ways. Catch-22…
Any other suggestions?
what CIS configuration are you using? Did you apply any change to its defaults?
(In Comodo Internet security folder there is COMODO - Proactive Security.cfg default, it could be imported and activated just in case for further troubleshooting.)
Do you have other security apps installed along CIS? What OS, SP level are you using?
It looks a complex chain of events and actions and thus is not possible to figure out the complete dynamic.
Can you post a complete set of screenshoot of the alerts (at least for run an executable and Protected file/folders) you are having after launching OED?
As for wild-carded paths in “My own safe files” indeed it doesn’t look it is allowed.
I have installed Firefox 3.5 and rebooted my system. This did the trick! Comodo has no longer any problems with the “C:\Windows\Temp~CRF*.TMP” files when I run the OED.
Windows works in mysterious ways.
Thanks for your help anyway.
Glad OED is working fine as it looked like a PITA to troubleshoot.