Programs first permission THEN act

Hello,

finally Comodo 3.0 is out. So what I want to say it’s very handy to password protect the ‘whole’ thing. But… only if the programs that where started would ask for permission??!

For example I hate uTorrent, but I know someone who uses uTorrent and sometimes he downloads Viruses! So I want to prevent this. I made a password, but a problem is… the program uTorrent is simple. He downloads this and runs it, it works smoothly with Comodo!

I already used Sygate, and that worked perfectly. I’ll say why:

I installed Sygate. Went to the ‘user’ profile and there I disabled: pop-ups AND the icon (below). So the user doesn’t know that Sygate is working, hehe… But If he downloads uTorrent, there is no problem with it. Then the user installs it, also no problem, but then… he (trys to) run(s) it. And he will be very disappointed because uTorrent won’t run. Why? Because uTorrent waits on permission. The permission can also be given at the user-profile, but there I disabled the pop-ups AND the Icon-tray. When I log into my account, I see: uTorrent wants permission to connect to the internet. Y or N? And then I do No, off cource.

So, this story… is this also in Comodo? Because what I did is I secured it with a password. And went to the user-profile. Then I ran uTorrent without problem, and this must not happen. The only thing I had to do is to block it manually with the Comodo-center in the user-profile, and this is way to late, if you guys understand me.

So what I want is to LEAVE the Icon tray because the center is allready secured with a password. And the Comodo has to ask permission at my account, because at the other accounts I disable the pop-ups.

Greetz,

I.

[Topic Closed: If issue returns PM an online mod to open]

Eezy peezy!

Set your torrent client as a blocked application (FIREWALL - COMMON TASKS - DEFINE A NEW BLOCKED APPLICATION) and then apply a password to the firewall config (MISCELLANEOUS - SETTINGS - PARENTAL CONTROL) so it can’t be unblocked.

You can even totally disable alerts when password protectioin is enabled. :wink:

Ewen :slight_smile:

Hello, Eezy Peezy

erm… but if I block the program at my account. For example Torrent. Then it is simple to go around it, not?

I just download the program again then it is not blocked anymore. Or when I just change the name, right? Because it is not a program that needs to be installed, but it is a simple program without installation. It just runs as an Icon-tray, below (next to the clock). You can check it on their site uTorrent.com.

But I’ll ask it in an other way:

Is it possible to block ALL the programs that want acces to internet (incoming as outcoming) except the ones that you give permission?

Oh, yeah, you said I can block all the pop ups and password protect it. I see that this is a difference with Sygate-Firewall:

Sygate seperates the configuration from the user profile and my account.

But Comodo has 1 configuration: If you change it at the user profile or at my account, it’s no difference. But it is a handy tool, because again: the password protection.

So Comodo rules at this point, but my only question is:

Is it possible to block ALL the programs that want acces to internet (incoming as outcoming) except the ones that you give permission? Because this thing does Sygate without problem? It blocks uTorrent for connection, till you give it permission.

Greetzee peezee,

I.

utorrent.exe is an application that doesn’t require installation, but it does need to run. If, the first time you run it on a system, you BLOCK it, it’s blocked the next time you run it. Renaming it won’t bypass the BLOCK rule either.

Is it possible to block all applications other than those you expliticly permit? Good question, very good question.

The only way I can think of to do this would be to run all the apps you want to grant access to and set up the rules accordingly. Once these are done, set the firewall mode to “Custom Policy”, set the Defense+ to “train with safe mode”, password protect the configuration, disable alerts and make sure that everyone other than you is logging into this PC with a non-administrator account.

I’d be interested to hear if there is an easier way to do this.

Ewen :slight_smile:

From CFP help document:

[b]Suppress Firewall alerts when password protection is enabled[/b] - [b]...[/b][u]Checking this option will block the connection but will not generate an alert[/u]
So if this option is checked [u]all[/u] programs/executables/processes that have no permissions will be blocked without any pop-up (of course firewall must be in [i]Custom Policy Mode[/i]).

Great!

I’ll try this at home, and let you guys know about it.

Please let us know how this works out.

Thanks for asking this - it was a good question and others undoubtedly would ask it in the future and will hopefully benefit, providing it works as expected.

Cheers,
Ewen :slight_smile:

  1. I do not find this option. Where is it?

  2. And I get the following ‘error’ when I go with the previous explanation of member ‘Panic’:

http://img229.imageshack.us/img229/8585/sp3220080106124404vw2.gif

Down left it says: Defense + is not working properly!

GUI->miscellaneous->settings->parental control->enable password protection->place a tick (or ticks) supress…

Try to run diagnostics (GUI->miscellaneous) to fix this. If you are running windows XP, then login as administrator before you do this.

Ok, it’s all fixed now. Thanks.

Ok, now I blocked all the apps that I don’t need and I downloaded the sneeky uTorrent app and left it on the Desktop and it ran smoothly. But I’ll try this again. This was the first attempt.

But why was it said that

Greets,

I.

Non-admin accounts cant install certain types of software, and can’t allow drivers, ActiveX components etc. to be installed. This severely limits the impact of malware, as it generally can’t do it’s stuff under a non-admin account, unless they have some means of elevating their priveleges, which CFP would block.

Hope this helps,
Ewen :slight_smile:

Try this config:
Password is set and 2 options “supress…” are checked.

Firewall is in custom policy mode. Network security policy contains only records for known and allowed apps. No records for blocked apps at all.
D+ is in paranoid mode. Computer security policy contains only records for known and allowed apps. No records for blocked apps at all.

Result: any program/executable not listed in CFP’s policy can’t launch. And there are no any pop-ups.
For my system this approach works just perfectly.

OK, I’ll try that, and let you know. But is it also possible when the account is not a non-Admin? So I just leave the rights that are for the account?

Maybe an off-topic question (I really know it’s off-topic). But I visited some cybers where they got a lot of computers, and if I’m right, all the PC’s that are in that room are Admin-accounts. For example you can install some programs, you can download MP3, video, etc… etc… And if you log out and you come back to the same cyber then everything you downloaded and installed is on the PC (but you still got some restrictions). But if you shut down the PC and restart it, then ALL Mp3’s, video’s, documents and installed programs are gone.

Is this a special option in XP Professional? I think it’s very interesting.

Greetings,

I.

Sure.

You can do it. But running non-admin account is common practice for system’s security.

Yes, I understand the danger. Thanks for clarifying.

But can anybody say something about the following?

https://forums.comodo.com/help_for_v3/programs_first_permission_then_act-t17843.0.html;msg123244#msg123244

Greetz,

I.

This is more than likely controlled by the Cybercafe controlling software. Most cafe control applications have the ability to “swipe” a workstation on logout or on reboot. The degree of “swipiness” varies from one application to another. ccAutosoft does a good job of controlling the O/S and its capabilities but not a lot at the application layer. Others do it the other way around.

Windows servers can exert control at the O/S layer by preventing installation. Add ons, like Novells Zen, can exert additional control at the application layer.

Hope this helps,
Ewen :slight_smile: