Windows XP/SP2 - Internet Explorer 8
After updating to 477 I have noticed that the process access rights pertaining to the web browser default to “Allow”, with the exception of Run an Executable, Protected Registery Keys, and Protected File Folders which are set to “Ask”. Making any changes to these setting gets lost during the system restart. Am I missing something? Why have a firewall when your browser has practically the same rights as those of the System? Wouldn’t this be equal to opening the System to all incoming and outgoing requests under Application Rules? And what is resetting the changes made in Process Access Rights? Can someone explain this to me?
Hello. 
I’m sorry, but I don’t quite understand. ‘Process access rights’ refer to Defense+. There is no default configuration for ‘Web Browser’ in D+, but there is in the firewall. Are you talking about the firewall or D+?
I’m sorry about the confusion. Let me narrow it down to one question void of any “clever” analogies. Why is it that I am not able to change the Default Action settings pertaining to iexplore.exe (or firefox.exe) using the Process Access Rights panel? Whenever I do make changes, these are overwritten during system restart. Thanks for taking interest in my quesiton.
What is your D+ security level set to?
Are those web browser entries set to “Custom Policy” in the D+ policy list?
D+ security level = Safe Mode. Entries set to Custom Plicy.
Does this only happen with ‘iexplorer.exe’ and ‘firefox.exe’?
Try completely removing them from the policy. Then try recreating the rules.
Steps taken:
Deleted the iexplore.exe from the Computer Security Policy List
Added iexplore.exe to the list
Checked Access Rights – All set to Ask – Applied changes in both, the Application System Activity Control, and the Computer Security Policy panel
Closed Comodo
Shut down the system
Restarted Windows
Checked iexplore.exe settings – all set to Ask
Started Internet Explorer (off line) – Checked iexplore.exe settings – all set to Ask
Logged into ISP server – started Internet Explorer – home page displayed
Checked iexplore.exe settings - Run an exacutable, Protected Registry Keys, and Protected Files/Folders set to Ask. The rest set to Allow.
This also happens when running Firefox 3.0.7. Java behaves in a similar manner. When I change java.exe settings to Ask, these stay in effect until I go to a site that is using Java apps, such as sites providing streaming quotes.
IE8 is signed by MS, which is a Trusted vendor.
‘System’ (in Firewall) should only have ‘Outgoing Only’ as a rule.
Executables are not run without your knowledge and at some point, permission.
You are talking apples and Oranges here in that you are running your program and dealing with the firewall, but are talking about D+ rules (this is how it seems to me, my apologies if I fail to see what you are trying to point out).
The rules that are created for IE8 are perfectly fine and secure in that nothing without your express consent will run.
What is the real issue here?
No need for apology. Forget the firewall and Oranges (see Reply # 2 and #7), talking about D+, apples only. It seems to me that I should be able to make changes, regardless of the consequences, to any security policy and these changes should be preserved by this application. To say that the rules created for IE8 (and consequently for Firefox, Java, and who knows what other applications), are perfectly fine has little substance and gives no explanation. Why not build an application called, let say, FirewalAll with one big green GO button and leave it at that?
Thanks for your time.
If you want to make these changes please change Defence+ to Paranoid Mode
Safe Mode is set at a secure level with ease of access and reduced alerts, which is were I have mine set.
Thank you
Dennis
The problem is you cannot run under clean PC mode to get a basic rule set and then switch to paranoid mode. You have to OK every single pop-up.
This is so bad I consider it a bug. Setting almost everything to allow does NOT reduce pop-ups (as far as I can see) and reduces security. If you do not want paranoid mode you have to have reduced security.