rather annoying bug (cpu locked at 100%, computer entirely unresponsive)

let me start to describe what happened just now…
after pasting a link copied from firefox (address bar) to MSN, i went to navigate to another page in FF, and got a CPF popup asking me if i wanted to allow msn to ‘hijack’ firefox through OLE automation, or whatever the exact wording is, which i really didn’t understand (how can it be that MSN does something when i’m doing something solely in Firefox? It seems to me that something is wrong there with the OLE hook detection thing, either in a false-pos way or something more fundamental with the whole heuristic scanner).

In any case, i decided to press ‘deny’ (without the ‘always do this’ selected). this caused CPF to deny firefox all access to my internet connection, and when i first opened CPF configuration (to go to app monitor to see if some sort of silly rule had been created), and at the same time decided to close Firefox to eradicate the problem that way (through the Sysinternals Process explorer/Taskmanger), i got 3 unresponsive windows, that after a while also caused explorer.exe to hang.
the CPF main program became nonresponsive when i went from the ‘activity’ tab to the ‘security’ one, Firefox couldn’t be killed from the ProcMan (because it was in use by CPF and as such locked somehow??), and the task manager didn’t work afterwards anymore either.
while other programs that were already in the taskbar continued to respond normally (i could go to them using alt-tab), whenever i tried closing any of them, they also became unresponsive, and this went on until nothing in my computer was left responding to input.

all in all, this behavior is fairly annoying, and although this is the first time i actually got something that looked like a real crash, it wasn’t the first time i denied an OLE hook access to firefox/iexplore that resulted in the browser (or other internet-enabled program like skype/outlook/msn) to lose internet access until it was restarted.

what is going wrong here exactly, and can you please fix it?
(using v2.4 final, any rules that exist created yesterday after reinstall of the program)

was this the wrong forum to put it in, by the way? i got a bit confused choosing between feedback & help… it seemed a bit of both…

boombaard,

I’ve moved it to Help; it seemed like a better fit there…

Welcome to the forums, and sorry you’re having such a problem with CFP.

I know Comodo has made some significant changes to the OLE Automation issue, inasfar as how CFP is monitoring and reporting it. I have only had one instance of it since installing 2.4 final. You may be able to reduce the frequency some by going to Security/Advanced/Miscellaneous and checking the box “Do not show alerts for applications certified by Comodo.” OK. Reboot.

Here’s a little overview of the situation: COM/OLE is a legitimate means for programs to share resources and communicate. A completely benign example is if you link a table in Excel to a document in Word, so that the table updates every time you open the Word doc. However, it can also be used by malware, so CFP monitors applications using OLE in regards to an internet application (such as your browser, email, and other windows services that connect for IP updates and whatnot). If both applications are “Certified by Comodo” you should not see an alert (unfortunately, I’ve been told that Firefox is not on that list yet).

Comodo’s lead FW developer has told me that if you know both applications involved, you may press Allow and not worry about it. The time to worry, he said, is if you are not aware of one of the applications, or are not using it at the time (ie, you haven’t even opened it…). The Allow (without “Remember”) is only for that instance/session; it will not create a rule. With Deny (without “remember”, you may need to reboot to re-engage the internet with your browser (or email); again, a rule will not be created.

As for the other part, I’m uncertain. At times, certain combination of actions can cause computers to freeze up. It is certainly possible that just the right combination in this instance has engendered this result. If this happens every time you take the same set of steps, then you may be on to something, and I’m sure the developers will want to know more.

LM

I have the same problem now whit 100% CPU use by CPF.exe when playing Warcraft 3 ???

It happens whit the new 2.4 version but whit the old version all was perfect for me and gaming. Now it is not funny to play. I have to disable comodo to play.

But i only use the Network rulls and disable all other featurs in Comodo. I only had the block fragmented ip datagram aktivede. Now I will test gaming whit comodo and Warcraft 3 whit out this option. If it dossent apear again then it will be the fragmented ip datagram option witch is making this happen. But i will report back if i works or not.

Ravelab,

I highly recommend re-enabling the other features in Comodo; without them you have greatly decreased your security. And you can still play Warcraft 3. Check out this link: https://forums.comodo.com/index.php/topic,5099.0.html

LM

I think all people on the forum are having the same problems as me. found this forum tread. Were other people are talking about 100% CPU use. Little mac i was just talking about the things i have tested whit on and off to find the problem whit my 100% CPU use. But i think it has somthing to do whit the datafragmented ip option. Which can be put to off or on. Iam not stuppid to disable my firewall. but i had to locat the problem. And found it to be comodo and not my GFX card hehe.

https://forums.comodo.com/index.php/topic,5499.0.html

i’ve had the ‘certified by’ option on since install, however it doesn’t seem to do very much (i get requests for outlook/office 2007, ie7, MsnLive, uTorrent)…

I understand what the parent selection/approval is for, but the detection system seems to make quite a few mistakes, and having to reboot because CPF doesn’t ‘release’ the ‘deny’ even after closing the browser (or other process that was hooked) and restarting it seems like undesired behavior.
I know killing both processes and restarting them works, but it’s not a very elegant solution, nor is it always possible. also, because the program will just cease to function if i deny what seems to be a ‘weird’ request, it’s less likely that i will actually deny access, since it’s generally such a hassle to get my pc back in working order afterwards. that is, i don’t consider downtime to be a good thing.

I’ll grant that i’m no programming ■■■■, but i don’t really understand why denying an outside program access to another executable/process should result in loss of functionality of the entire targeted process/exec, even after restarting the ‘targeted’ process.
i hope this is something that can be fixed in the near future, as it seems mostly due to the fact that CPF is still a relatively young program.
Also, do you have any idea why the having the ‘certified applications list’ feature enabled is not having the desired effect?

other than that, keep up the good work :slight_smile:

ps. why am i receiving so many more log entries with the ‘Block All not defined above & Log’ rule enabled in the network monitor than before?
Most of the ‘new’ entries seem to be from ports 137-139, and the log entries are actually coming in ‘spurts’ now, that use up about 30% cpu every time a batch is entered, while it seems somewhat unlikely that suddenly someone is trying to connect on those ports all of the time now starting at the exact same time CPF 2.4 was installed

I’ve number items in the quote; I’ll take them that way…

  1. I see similar things, although not to that level any more. I don’t think it’s 100% yet. IMO.

  2. Me either. This whole issue is something I’m really trying to help them get “resolved” in a way that works for both sides. I have come to realize that they know things I don’t, in regards to why it has to work the way it does, but I also think that they’re just not “seeing” what we users see on a day-to-day basis; it doesn’t seem (to me) to work quite the way they say it does (as best as my limited brain can understand it).

  3. Me too.

  4. Not really. According to Egemen, if one of the applications is not on the safelist (I think he’s referring to the target) then it will negate that setting. In my example, Outlook tried to OLE Firefox (per the alert). I know Outlook’s on the list; he said Firefox wasn’t, and that of course it wouldn’t work any other way; it wasn’t about Outlook, it was about Firefox. That’s where I get lost… ???

  5. All those 137 to 139 port alerts are nbdgram items, are they not? I got a ton of those (from the network I’m on) after starting with 2.4 Beta; I don’t recall having them on 2.3. I know that CFP changed some things about how it monitors certain types of traffic, and I think that was part of it. What I did (since they were being blocked anyway), was to create a rule (above the bottom block & log rule), with no logging, to block the IP range that those were coming from. That way they’re kept out of the logs.

Hope that answers your questions,

LM

The thing is, I don’t think anyone wants to ignore those issues or anything. I just hope in the next version 3.0, it will provide more information to educate the end user. What frustrates me at times, it’s not the pop ups, but the fact I DON’T KNOW if to allow it or not. So I don’t know if it’s a Trojan or a mistake.

My 2 cents

An excellent point, Sonny, and one I’ve brought up myself as part of my push to get things addressed and changed. If we, the users, don’t know what to do, we may very well Allow things we should deny; at any rate, we give ourselves headaches mucking around with it. A little more user-friendly is a key thing.

Believe me, these have been listed in the Wishlist for the future. Comodo has shown themselves to be very diligent in listening to their users, and implementing changes; trying not to bloat the software, or cripple the security. I am confident this will be addressed as well.

LM

I am happy to hear that LM. One of the many things I like about comodo is the staff like your self, you guys seem like real life end users. By that I mean, you are knowledgeable about the product and security in general, but aren’t coming across as an expert who see’s no need for changes because they happen to be an expert in terms of security. I don’t consider my self a newbie at all, but there’s a difference between general IT computer knowledge and network security. I believe that’s one of the reasons Comodo has had such success, based on user friendly interface and yet one of or not the best security at the same time. If experienced users aren’t sure if the alerts are a real threat, how can the normal average user know?

(V)

If I seem like a real life user, it’s because I am! ;D I’m not Comodo staff, I’m a volunteer, as are all the Moderators in this forum. We may have a level of experience, understanding, or knowledge about the product and computer function, (and many are employed/trained in IT areas), but we are Comodo users, just like you.

LM

Yes, Umesh is part of Comodo as well. In fact, everyone who is a Comodo employee has a shiny ‘Staff’ avatar like mine.

<—

Everyone else (the vast majority on this board), are normal (or power) users like you - including several of the global moderators, like the honourable Little Mac.