What you did:
I am trying to allow a program to connect to internet with a firewall alert.
Check “Allow this request”, check '“Remember my answer” ==> OK.
What actually happened or you actually saw:
An alert is displayed every time for the same connection to internet for this program.
Again and again.
What you expected to happen or see:
No more alert for this connection to internet for this program.
How you tried to fix it & what happened:
The only manner to bypass these alerts is to uncheck “Remember my answer”.
But in this case my choice is not remembered …
Details (exact version) of any software involved with download link:
The program used is Netviewer from www.netviewer.com.
The only difference with other programs is the program is with an UNC path (llike \DistantMachine\XXX).
I have tried the same program, but installed locally on my machine (in C:\Program Files\Netviewer by example) and all is working correctly.
So i think the problem comes from the UNC path …
Files appended
Screenshots illustrating the bug: 2
1 for the alert, 1 for the result in Application rules.
Your set-up
CIS 5.0.163652.1142 (only firewall & Deense+)
Defense+ and Sandbox OR Firewall security level
Defense+ : Safe mode, Firewall : Custom policy
OS version, service pack, no of bits, UAC setting, & account type:
Windows XP SP3 (+ full updates), Administrator account.
Other security and utility software running:
Avast 5 free.
Well this should work I think, so I’ll transfer it to verified issues.
Strangely I think if you make this file a trusted file in D+, it may resolve the problem D+ uses hashes to identify a file, and allows outbound access in some configs for trusted files.
Also note that the IP seems to be within your LAN zone, so creating a local network zone for your LAN with appropriate allow rules may prevent this.
Thanks for the effort, but …
For FW, i have a local network zone, but the problem occurs also. Even if i trust NetViewer.
And you are right for D+ : if i trust NetViewer, it’s ok (for D+ operations only …).
So why FW does not use hashes to identify a file ???
Regards.
With latest cis firewall. This used to work before.
For the Debug Crew a test case:
App1 on HOST1\folder
App2 on HOST2\folder\
execute App1
App1 calls \Host2\folder\App2
Popup Allow Deny?
Click Allow & Remeber -------------> nothing happens, popup keeps showing up again till the app is killed
Workaround: Settings->secure files → add
choose current processes
app is listed there as \host2\folder\App2
select and ok
the funny thing is that even if being added as \host2\folder\app2
next you open the list it will show up as mapped_drive\folder\app2
What you did: start shared application on a netwok disk
What actually happened or you actually saw: receive some alert from firewall & defense+, click on remember and accept all connections. A rule is created first time with “P:/proeco.exe” where P: is the network disk. Launch again application, same alert coming on screen, click again on remember and accept. A new rule is created with “//server/proeco$/proeco.exe”. Strange that the created rule use one time //server format and another time P: (network disk). Set all to accept everyone from everywhere. Add manually running process “proeco.exe” to rules. Always give alert for this software.
What you expected to happen or see: no more alert but not working
How you tried to fix it & what happened: impossible to fix, need to deactivate defense+ & firewall when launching apps
Details (exact version) of any software involved with download link: special application called ProECO. Can’t give a download link because it’s commercial software
Any other information you think may help us: I think that need to occurs with any other application
Files appended
Screenshots illustrating the bug:
Screenshots of related event logs or the active processes list:
A CIS config report or file.
Crash or freeze dump file:
Your set-up
CIS version, AV database version & configuration used: comodo firewall 5.0.162636.1135
Whether you imported a configuration, if so from what version:
Defense+ and Sandbox OR Firewall security level: advanced mode (secured defense+)
OS version, service pack, no of bits, UAC setting, & account type: Win7 pro, 32bits, uac activated, administrator
Other security and utility software running: Avira AV
Virtual machine used (Please do NOT use Virtual box):
re: CIS 5 specifically, issue does not appear to affect CIS 4
The bug/issue
What you did:
Tried to run an application directly from a windows based network file server
What actually happened or you actually saw:
Application was unable to access the internet, CIS asks whether the application should be allowed repeatedly, even if told to “Remember my answer”
What you expected to happen or see:
Expected CIS to ask once, and for the application to be able to connect after choosing to allow.
How you tried to fix it & what happened:
Works fine if I copy the .exe to my computer and run it locally, just not if I’m running it straight off the file server.
If its an application compatibility problem have you tried the application fixes?:
Details (exact version) of any application involved with download link:
I first noticed with putty ( PuTTY: a free SSH and Telnet client ) but it appears to affect anything that I try to run from the file server.
Whether you can make the problem happen again, and if so exact steps to make it happen:
Run an application exe which is located on a windows file share, eg. \server\share\putty.exe
Get putty to try to connect
Click OK (with “Remember my answer” checked) as it pops up in CIS but putty eventually gives up trying to connect
If I try again, CIS continues to keep asking whether to allow the connection
Any other information (eg your guess regarding the cause, with reasons):
CIS 5 does not appear to be able to match executables that are running from a network file share against the security policy list. This worked fine with CIS 4.
Your set-up
CIS version, AV database version & configuration used:
CIS 5
a) Have you updated (without uninstall) from CIS 3 or 4, if so b) have you tried reinstalling?:
This issue does not appear to affect CIS 4, but is affecting CIS 5, both from an upgrade and as a fresh install.
a) Have you imported a config from a previous version of CIS, if so b) have U tried a preset config?:
Have not imported a configuration, and have tried with a fresh install as well as current settings.
Other major changes to the default config (eg ticked ‘block all unknown requests’, other egs here. )
n/a
Defense+ and Sandbox OR Firewall security level:
Firewall is set to Custom, Defense+ is off
OS version, service pack, no of bits, UAC setting, & account type:
Windows 7 64-bit, tried with various UAC settings
Other security and utility software running:
None
Virtual machine used (Please do NOT use Virtual box):
None
If memory serves, CIS remember rules for local external devices accessed by a drive letter (including “Hitachi fixed” usb flashdrives).
If it does not for UNC paths, it definitely should in the next version, as well as being able to include these paths in network zones and firewall rules.
If that is the intended behaviour it should probably be made more clear.
At present, it asks you whether to allow the application or not, and clicking allow does cause a rule to be created in the network security policy, just that the rule doesn’t actually work, and clicking allow doesn’t allow the program to access the internet even during the current session, so there appears to be no way for any executable on a remote server to access the internet without disabling the entire firewall temporarily.
If the intention is not to save permissions for remotely located executables (which is potentially an understandable decision) it would ideally not offer the “Remember my answer” option. Clicking OK could perhaps at least let the currently running instance of the application access to the internet even if it plans to ask you again next time?
brucine: If it works with mapped network paths then I guess I can just map them as a workaround, thanks
For what its worth, in case it helps, running it from a mapped drive doesn’t appear to work. If you try to edit the network security policy assigned to the executable on a mapped drive, and then save the policy, it will have reverted back to the UNC path in the network security policy list.
Adding the executable to the Defense+ trusted files does get CIS firewall to list the file as “safe” in the dialog that asks whether to allow the connection(in custom policy mode), but it continues to block connection attempts on both “safe mode” and “custom policy” modes.
Tested with a mapped usb flashdrive: rules are correctly remembered in firewall and defense+ both for an offline application (Folder Lock, the flashdrive is protected) and a portable online application (Firefox portable, outside of Folder Lock) running on the flashdrive.
Now connecting my laptop to the ethernet LAN, the LAN is fully allowed in the firewall, and accessing the remote laptop from its computer name in the network neighborood and running a safe application (Notepad++): you are right, both of the alerts allowed and remembered are indeed not remembered, not only after reboot, but even in the same session if running it again a few minutes later.
Curiously enough, the 2 needed rules, both set to ask, are correctly written under their UNC path in explorer.exe executables and \Brucine\PROGD\Notepad++.exe protected files, but each time you launch the application, you are asked for the 2 same permissions, and they get written exactly the same, resulting in as many identical rules that you have launched the application, whereas if you transform the defense+ permission from ask to allow, it reverts back to ask the next time you launch the application.
Just to check - when the file is made a D+ trusted file are outgoing connection attempts blocked as well as incoming ones?
One thought is that perhaps you could map the drive and then use the MSDOS append command to append the drive to a local path to make CIS think the file is local. Might work?