REACT 2.0.akku.b04 Defense+ .Bat File Rules

I am using the REACT plugin for EAC to rip my CD collection to the drive. When I start the encoding a .bat file is created with all the encoding commands for the first track of the CD. The naming scheme of the .bat file is always “Artist” - “Album” [TRACK NUMBER=1].bat.

Since I encode to FLAC, MP3 and NeroAAC the .bat file calls those tools one after another from the traget directory. Once finished with the first track on the CD a new .bat file is created for the second track, again with “Artist” - “Album” [TRACK NUMBER=2].bat.

This continues throughout all of the CD, for each new track a new .bat file is created.

So now since I don’t want to allow all .bat files system wide I want to make particular rules for the .bat file with wildcards preferable, since the naming of the .bat file always changes according to the “Artist” and “Album” and TRACK NUMBER. For each new track of course the content of the .bat file changes with regards to calling the encoding tools in the target directory, so ideally I would need rules for those as well but as you can see from the included log those do not change so there are no wildcards needed for those rules I would expect.

I have included the Defense+ log in this post with all the details of an encoding process of the first three tracks of a CD. That should be enough information to be able to make Defense+ rules in Comodo CIS for REACT I hope.

Anyone that has any idea how to tackle this task without letting .bat files system wide being run, but only those created by REACT please do get in touch and let me know.

So far when encoding a CD I either have to turn off Defense+ completely or sit through the entire encoding process to accept and confirm the Defense+ alters. Since REACT is a task manager for EAC and meant to automate all these encoding tasks with the single click of a button, ideally I like to have those rules in place, encode the CD and leave the computer and when I come back later it is all done without Comodo interrupting the encoding process.

Thanks for any help. This is much appreciated.

If on the other hand any of you have questions about REACT I am happy to help you set it up and running.

[attachment deleted by admin]

Try giving the executable that is doing the work the Installer/Updater policy.

Thanks, this solved the Defense+ alerts.

Is this a safe method though?

Is “Installer and Updater” not only used during the installation of new software or specifically only for updating?

Like for example [PATH]Ariva\update.exe uses the “Installer and Updater” rule on my system.

Generally where could I read up about creating rules with wildcards for such .bat files in specific paths/folders please?

It is safe to use even though you give the program a lot of rights. D+ has a safe guard. In case an unknown program would want to start or access React in memory you would get an alert and that would give you the opportunity to not allow React to be run by unknown application.

The policy is meant for updating or installing but can also be used for “tricky applications”.

Like for example [PATH]Ariva\update.exe uses the "Installer and Updater" rule on my system.

Generally where could I read up about creating rules with wildcards for such .bat files in specific paths/folders please?

I could not tell where you can find a read on wildcards. I usually use the trial and error method…:slight_smile:

Thanks for your reply. Much appreciated.

Sorry I have no clue where to start with this Trial and Error method. Have you got an example or something similar considering .bat files with changing names?

How do I allow a process that is only inside a folder for example? Is it possible to whitelist certain folders and all their contents .exe, .bat, etc for example?

How do I allow a process that is only inside a folder for example? Is it possible to whitelist certain folders and all their contents .exe, .bat, etc for example?
That's definitely possible.

You can use file groups to do this. I just mentioned how to do this for another user earlier today.

BOINC (renderfarm.fi config?)

Eric, thanks for your informative reply. Now where is the Comodo official documentation about rules, configuration, D+, Firewall etc, I want it all, where can I find that please? I am sure Comodo does have an official documentation of CIS, including detailed explanation of how to configure CIS with examples for setting rules in D+, does it? I hope so!

Sorry but perhaps you can understand that a simple “That’s definitely possible…” won’t do the trick for me. Certainly not with Comodo. If this would be some cracked warez site, sure I could take a reply like that and have a laugh myself, but this being Comodo and all and on top you being even Global Mod here I would at least expect a link to some helping documents.

No I do not expect you to do the work for me. Happy to learn it all by myself, but what I would find helpful is guidance in consideration of where I have to look to narrow down my search.

Don’t take this personal please, this is just my opinion and I do thank you again for your quick initial help with the “Installer or Updater” method!!

Thanks for your reply and taking the time to read through my initial question.

Thanks, will have a look at that and report back. I am sure other people might be generally interested in how to make such rules for .bat files with variable naming schemes in D+.

I have been trying to see where the “Installer or Updater” policy is defined in CIS but I could neither find it under Predefined Policies in under Firewall nor D+. So where is it defined? Is this a default rule that comes with CIS setup?

Thanks.

HeffeD,

just had a quick look at post in the BOINC (renderfarm.fi config?) thread. Thanks for that, however this again uses the “Installer and Updater” method, just on a folder level.

Ideally I like to find out how to tell D+ to allow REACT to create .bat files with variable file names in [PATH][FOLDER]. Then I will create an individual predefined policy to my needs. I am sure that can’t be too hard.

If yes just point me to the official documentation, not the help file but the documentation of how CIS works, like I said before, including all setup and configuration methods, making rules for the Firewall and D+ hopefully accompanied by some examples. Comodo does have something like that or similar? I would hardly believe Comodo throws the CIS on the market without a detailed documentation, no?

Again, thanks for all this help I am receiving here, this is wonderful! I will also try and see if there is a similar case in this forum. Also, perhaps over at Wilders Security might know more or has had a similar task. Thanks so much!

edit: bb code corrected by mod. kail

Create the file group with the path below and then create a application rule with that group in Defense+

The path you would have to use would be D:\MUSIC\EAC 0.99pb5\Temp\Artist- Album[ * ].bat

Dennis

Edit Had to include a two spaces forum changes [ * ] to this without spaces [*]

If you want to look at CIS’s documentation, just select the More tab and click Help.

Excellent replies. Thanks a lot. Documentation is helping a lot!

Only thing missing now is: Where in CIS is the “Installer and Updater” policy defined? Where can I have a look at that policy’s rules please?

It is not visible in the interface anymore.

Speaking from memory. It is allowed the same things as Windows System Application which is allowed all. Added in Installer/Updater is the ability to start other applications several layers deep. I hope that’s about right.

Thanks for your reply EricJH.

This is interesting, so there is policies CIS comes with that the user has no way of actually seeing the policy’s rules? Why is that so? Personally I like to see the exact rules of every policy that my firewall runs. Is this something absurd to ask or common logic?

This is taken a bit far now so don’t quote me on it, what if such invisible policies send data about the user or its computer’s contents to Comodo, of course only to “improve” the software and of course not to “mine user data”??

It is only the Installer/Updater policy that is no longer visible. I remember egemen, the head developer, commenting on it but I can’t remember why that was nor can I find it…

The installer/Updater policy is from D+ so it does not have any bearing on network traffic. Having your firewall set to Custom Policy mode gives you the control you need over traffic. Unless of course a rootkit got installed of course.

Thanks again for all your replies! This really did help a lot and is much appreciated!