Request help regarding application 'parents' [Resolved]

Another question, if I may.

This concerns the parent of an application.

Having read a comment to a post by Little Mac here: https://forums.comodo.com/index.php/topic,4719.msg34791.html#msg34791
I am still confused.

Let us consider my Thunderbird configuration to illustrate the problem.

Currently I use Y’z Dock as my application launcher. If, in Application Monitor, I configure my Thunderbird rules to ‘Learn’ the parent, which it believes is Y’z Dock, I receive this ‘pop-up’


http://img184.imageshack.us/img184/7161/tbyzys1.th.jpg

If I change the parent to Thunderbird.exe I receive this ‘pop-up’


http://img254.imageshack.us/img254/3716/tb1fw9.th.jpg

As mentioned in my previous post regarding ‘loopback’ rules, these problems ‘go away’ if I enable ‘skip loopback (127…)’ for TCP and UDP under Advanced\Misc. Which is strange in itself.

So, My question is, how do I configure the rules for Thunderbird to cancel these ‘pop-ups’

Thanks for any help.

The parent of ANY application is what is causing hte application to execute. If you double click an icon on your desktop, the parent of the double clicked app will be EXPLORER.EXE, as this IS the desktop (actually the shell, but let’s not get too nitty-gritty :wink: ).

If you’re using yz’s dock as your app launcher, then yz’s dock will be the parent. When you click on a docked icon, you’re actually telling yz’s dock to start the application associated with the dock icon.

If you create a thunderbird rule that specifies thunderbird.exe as the parent of thunderbird.exe, you can expect pop-ups, as the “real” parent will not be “thunderbird.exe”, it will be yz’s dock, or explorer.exe or whatever method you used to actually start thunderbird.

To eliminate almost all pop-ups

  1. delete any current application monitor rules for thunderbird.exe
  2. start thunderbird from yz’s dock and click “remember” and “allow” when prompted
  3. you should now have one thunderbird rule with yz’s doc as the parent
  4. start thunderbird from the desktop icon and click “remember” and “allow” when prompted
  5. you should now have one more thunderbird rule, but with explorer.exe as the parent

If these are the only two methods you ever use to start thunderbird, and you remembered to select “remember”, then you shouldn’t have any more pop-ups. If you do, read them closely and post the full details back here.

Hope this helps,
Ewen :slight_smile:

Hello Panic, thanks for the swift reply.

I have done what you suggested, although I passed on launching Tb from the Desktop as I never launch apps from that location. As an aside, the only way I could launch Tb, other that via Y’z Dock, would be from the directory in which I keep the executable. The reason for this is that I install TB by extracting the contents from the archive and placing the contents in a folder of my choosing, as opposed to using the installer. Old habits from the early days of using Tb and Ff.

So, having removed all the entries for tb from Comodo I launched Tb from the dock. This gave me four entries in Application Monitor. Two with Y’z Dock as parent and two with Tb as parent. I assume I would have had four more had I done the same thing from the Desktop.

The entries I now have, however, are far to general. Two for TCP Out ANY ANY and two for TCP In ANY ANY. What I want is more specific rules for controling which servers and ports Tb can connect to, eg.

Thunderbird DNS1 UDP Out 53 Allow
Thunderbird DNS2 UDP Out 53 Allow
Thunderbird Mail server 1 TCP Out 110,995 Allow
Thunderbird Mail server 2 TCP Out 110,995 Allow
Thunderbird Mail server 1 TCP Out 25,587 Allow
Thunderbird Mail server 1 TCP Out 25,587 Allow

Etc.

In addition I wish to avoid enabling the ‘Skip Loopback’ option in Advanced\Misc, so I guess I will need rules for that too?

Finally, I also test new versions of Tb so in fact I have at least two different versions of the application resident at any one time. Using the method described above I am going to have a great many rules for just one application. Is there not some more simple but equally secure way to provide for this?

Thanks for your help.

Ummm, that would still have explorer.exe as the parent, as explorer.exe is the windows shell.

So, having removed all the entries for tb from Comodo I launched Tb from the dock. This gave me four entries in Application Monitor. Two with Y'z Dock as parent and two with Tb as parent. I assume I would have had four more had I done the same thing from the Desktop.

The entries I now have, however, are far to general. Two for TCP Out ANY ANY and two for TCP In ANY ANY. What I want is more specific rules for controling which servers and ports Tb can connect to, eg.

Thunderbird DNS1 UDP Out 53 Allow
Thunderbird DNS2 UDP Out 53 Allow
Thunderbird Mail server 1 TCP Out 110,995 Allow
Thunderbird Mail server 2 TCP Out 110,995 Allow
Thunderbird Mail server 1 TCP Out 25,587 Allow
Thunderbird Mail server 1 TCP Out 25,587 Allow

Etc.

In addition I wish to avoid enabling the ‘Skip Loopback’ option in Advanced\Misc, so I guess I will need rules for that too?

If you want to have very tight rules, down to port/application levels, delete your app rulesa, adjust the alert slider to HIGH and start TB again. This time it will create port specific rules. do the same by double clicking the TB icon in a folder to ensure you have rules which nominate explorer.exe as the parent.

Finally, I also test new versions of Tb so in fact I have at least two different versions of the application resident at any one time. Using the method described above I am going to have a great many rules for just one application. Is there not some more simple but equally secure way to provide for this?

Unfortuantely not. Several users have asked for grouped app rules, but they aren’t here yet.

Cheers,
Ewen :slight_smile:

Thanks for another swift response.

Following on from your post, I did what you suggested, as you may suspect a great many rules were created. The results of this little test are quite interesting but somewhat confusing.

When launching Tbird from the dock I received a number of prompts form Comodo. Some of the prompts identified Y’x Dock as the parent and some identified Thunderbird as the parent.

I then launched Thunderbird.exe directly from its home folder. This time the prompts identified either Thunderbird or Explorer as the parent.

In both cases I left unchecked the ‘Skip Loopback’ option in Advanced\Misc

So now I have to condense the rules, as most of them are for loopback. This then brings me back to my original question, albeit slightly modified, which was, what do I need to specify in Application Monitor by way of rules so that I can leave the ‘Skip Loopback’ option unchecked and to eliminate ‘pop-ups’

It seems, at least from inference, that I will need multiple rules for each application that I use. One set to define the ‘Dock’ as the parent, one set to define the ‘application’ as the parent and another set to define ‘Explorer’ as the parent?

Would you agree this is the only approach or am I missing something?

Thanks again for the help.

LOL. When all you have is a hammer, make everything look like a nail,m and you just hit it on the head. App Monitor rules are very specific to their settings. You need to have a separate rule to cater for the varying ways an app can be invoked. Each of these rules need to have the loopback settings fiddled.

Yes, it makes dfor a longer list, but equally it gives you precise control.

Cheers,
Ewen :slight_smile:

:slight_smile:

The hammer approach it is then

Thanks again

NP. I’ll mark this as resolved and lock it.