Reprompted for existing app rules

Trel · August 11, 2006, 4:29am

Using the current beta, I found that I often get reprompted for applications with existing rules. Most notably, my browsers. For example, I had firefox working fine and then in the middle of using it, I click and link and am asked if I want to allow it to use the internet.

Normally I’d be satisfied with the different parent explanation, but as I said, this happend in the middle of browsing. I clicked a link and it randomly asked permissino again.

pandlouk · August 11, 2006, 4:29pm

Just activate “automatically approve safe applications” and reboot. It is not a bug. It is related with the options you chose during installation of the beta

Trel · August 11, 2006, 7:24pm

I don’t want to automatically approve anything. That doesn’t make sense because it’s already approved. In fact it was in the middle of working when it prompted me.

EG:
Seamonkey wants to access the internet (approve + remember)
Browsing site 1
Browsing site 2
Browsing site 3
Click link on site 3
Seamonkey wants to access the internet

mike6688 · August 11, 2006, 7:26pm

Hi,

Can you post images of the two popups which are the same?

Mike

Trel · August 11, 2006, 7:59pm

It hasn’t happened again yet, but when I checked the rules, I still only have the two initial rules, In and Out for TCP/UDP.

egemen · August 11, 2006, 8:02pm

They may seem the same but probably their security considerations section were pointing to different threats. Let us know when you can capture the screenshots so that we can see why you are receiving them.

Thx,
Egemen

Trel · August 11, 2006, 8:09pm

I’m not sure I understand that. If they were made for an other reason, why wouldn’t another rule be added since I checked the remember box?

egemen · August 11, 2006, 8:12pm

It does add another rule, possibly an IPC rule but since current versions of CPF do not have an interface to see IPC rules, you could not see. Future versions will have it.

FYI, they are kept under HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\IPC key.

Trel · August 11, 2006, 9:20pm

Well I do have an IPC rule, so I’ll guess that’s it.

One question though, what exactly IS an IPC rule?

egemen · August 11, 2006, 10:29pm

It is about remembering the leak requests. For example, APPx has modified the memory of APPy. If you remember this type of popup and allow, then CPF will think this is a legitimate inter process communication and wont ask you about this relationship further. The same is valid for all application behavior analysis options.

Egemen