i dont know whether this has been discussed before, sorry if so. But when u run the program for the first time it takes a long time to “learn” the same application sometimes. But some of the other firewalls learns the same programs with less time. For example it displayed messages from Avast so many times that i almost uninstalled the product ( as u can see in the end i did not :). Do u have some kind of an explanation for this or is this normal. Now it 's fine. And it s not giving me any trouble.
And another problem is i once ran this .exe and Comodo dint recognize this. But the previous firewall recognized all exe s i tried.
There are a lot of different modules to some applications, especially AV - such as updater, email, webshield, etc. Each one of these requires a separate application rule to allow it to communicate in the context of the network rules.
If you have your alert frequency set to High or Very High (security/advanced/miscellaneous) you will generate an alert for every detail of the traffic: Application, IP Address, IP Protocol, Source Port, Destination Port, Direction of Traffic, etc. If you don’t pay close attention, these may appear to be the same, but they are in fact different.
You may also have remnants of a previous firewall on your system, which can cause problems.
If you go to Security/Tasks/Scan for Known Applications, follow the prompts, reboot when finished, this should help with a lot of your Application Alerts.
U forgot about the .exe part (even i did Smiley )
The firewall doesn’t detect , say like a ■■■■■.exe or a keygen…
This is a huge prob since some hav viruses n stuff!!!
shouldn’t it alert us when an exe is trying to execute
Thanks for the PM, Damitha; sorry about overlooking that part of your question.
If an application is trying to connect to the internet, and has not been allowed by the existing application rules, CFP will alert you that it’s trying to connect.
If a malware is trying to use a known application to connect to the internet (a hijack attempt of some sort), CFP will alert you that there is a change in the way the application is connecting (a different Parent, a different Component, or a Suspicious Behavior).
However, CFP is not currently a HIPS; it is not monitoring your system for suspicious activity in general. Just because an executable runs on your machine, doesn’t mean that CFP is going to tell you. It’s only job at present is to protect against unauthorized internet connection attempts. Version 3 will have a full-featured HIPS included, that will provide this, but that’s not out of internal testing yet…
If you feel like you have a situation with an application connecting, and CFP not telling you so, please provide more details about that.
Hopefully version 3 will enter beta-testing soon and hit the streets with a final version by April. Comodo is very excited about this product, and very confident that it will be the premiere first line of defense against all malware.
The idea behind it is that in order to run, malware has to access the CPU (as all software does). If it cannot access the CPU, it cannot run. Thus, CFP’s HIPS will be able to stop malware from accessing the CPU, and thus keep it from running. If it can’t run, then it can’t infect the system…
While a number of firewalls seem to be trying to implement HIPS characteristics, I think this will probably be the first of its kind (at its level of protection). Since CFP is already the premiere software firewall at preventing leaks, and is highly rated to prevent termination, I expect great things from the HIPS.