CPF 126.96.36.199, XP Home sp2 with the last updates. For many applications I have checked the Skip parent and this usually works. But for Firefox, this does not work. When I enable Skip parent for FF, first of all CPF retains 3 rules (while usually only 1 in and 1 out are kept). Then CPF starts asking about enabling internet accesss again and when I check the rules I discover that “Skip parent” has reverted to “Specify a parent”. Furthermore, I currently have 10 identical rules for FF, with the SAME parent, 4 In and 6 out! This happened before I updated FF from version 1.5.something to version 2.0, and it has happened since too. Please help, FF is one of the applications I load the most often in an ordinary day and I am tired of telling CPF that it is okay!
I suppose there is something special in what I have done (although I just installed CPF 2 weeks ago, I didn’t delve in it’s depths yet). All my other application rules skip their parents without any problem and I am certainly not the only CPF user using FF! So before doing anything drastic such as clearing all my application rules (there aren’t so many of them) or reinstalling CPF, I wanted to wait to see if there was something to put aside from my current buggy installation in order to help finding what the exact problem is. If the registry contains everything that could be used to find the problem, I can use your script to save it (or do it myself manually) then start solving my problem myself.
I know I’ve read other users saying that the Skip Parent doesn’t work properly (?) and that CPF constantly asks. I think I tried it once, and in retrospect, it may have resolved to Learn Parent, which was ok in my situation.
You might do an Advanced Search for “parent”, “firefox” or something that seems to be crucial to your situation, and see what you find. Using Advanced will allow you to “Choose a board to search in” thus you can uncheck “select all” and only select the Firewall-related Help/FAQ boards.
Now what exploring the forum taught me is that Skipping the parent is most of the times a bad idea that comes from laziness. So I will avoid Skipping the parents from now on. Still, I believe there was a bug here…
I just did a “Scan for known applications” (which I think I had already done upon installation, but now I will be sure). And I unchecked all the Skip parent. We’ll see…
Yeah, I had thought that “Skip Parent” would be useful for blocking an application; block no matter what parent was using it. But then the flip side would be to allow no matter the parent, which would be less secure. I guess individual rules is the trade-off; I can live w/that.
On the other side, I only have three rules for FF: One w/explorer.exe as parent, TCP/UDP out; the other two for FF as the parent, one for each protocol. CPF created these itself. The only time it ever alerts me is if something else is trying to use FF as the parent, or modify FF in some way. Now, I have quite a few instances of connections by FF in Activity/Connections, to & from the local host, with different connection types than those listed in my App Rules. Perhaps your is alerting because of something like that…
If it keeps bugging you about CPF, now that you’ve run the Known Apps wizard (for sure…), you might make certain that in Security/Advanced/Miscellaneous you have the box checked for “Do not show any alerts for applications certified by Comodo.” I also have both “Skip Loopback” items checked in that same section (so it doesn’t alert me on those local host connections).
Hopefully that clears up the problem. BTW, I’m using FF 2.0, CPF 188.8.131.52 (I’m testing the CAVS Beta, so not doing CPF Beta at the same time).
Wel, for now it seems to be working as expected: two rules per parent (I have more parents than you because some of my programs go online to display help or some other info). It seems it was the Skip parent which was breaking things. And I suppose I didn’t do the Scan when installing CPF. I’ll report back in a few days. This week-end I don’t expect to be using my computer much.
Me neither… ;D
I changed the subject there…
It had nothing to do with your skip problem.
It was just a (bad) idea that you could make a application rule that overrides network monitor rules. With a big warning sign of course…
There are a lot of users that think when they set “allow all” in app mon, it allows their program to get free internet access. But that’s not the case, since the app needs to pass net mon too.
So I really don’t want that myself, because it doesn’t take long to learn how CF works, and it’s layered protection is great.
There are a lot of users that are familiar with application based firewalls, but not so many with rule based firewalls. Since Comodo is a kind of combination, some users get confused. It’s not that hard to forward a port in network monitor for your P2P app or similar. The default rules cover most of the needs.
So in short…
It would be a better idea to have a wizard for, lets say P2P apps in CF.
Sorry for any confusion davitof.
My first reaction was to say: “Of course FF wants to use internet, that is what it is for. And of course many other apps use FF to display web pages, that is why I set FF as my default browser.” Then I realized that this was precisely what parent checking was for. You open a door by declaring that FF is the default browser, then you put CPF as guardian. So CPF has to learn when this is ok and when it is not, this can’t be avoided. Of course, in a clean system, this is always ok, so users get the feeling the question is useless. Some users would like to avoid this learning stage. But I think this would amount to removing the guard.
But would a wizard be the answer? Maybe because often the p2p are shifted?
I think a wizard would be nice, and it would be a few hundred questions less here in the forum… ;D
This thread must have some virus in it… (alertvirus32.exe) ;D
Now, Thunderbird has started to create alerts about connections I already have rules for… Every time I start it, I have to allow about 5 alerts… hmmm…
No, I checked that and they didn’t. There where a few “allow invisible…”, but I removed those.
It may be a “thing” with the latest beta…?
I doesn’t happen right now, and it may be just when the PC is started and the first time I open Thunderbird.
I will check it out the next time I reboot.
Strange. I am not using a beta. At least not that I know of and not intentionaly. I usually wait until I get familiar with a software before trying betas, and I tested comodo a few months ago and I had to revert to kerio because of the problem with avg’s mail scanner, so that I still feel a little unsure about comodo, I tend to restrict myself to final versions.
So either our two problems are distinct, or the problem was already in my version and is still there in your beta. Anyhow, until now, I don’t have any strange behaviour since I unchecked all Skip parent. Currently all my rules are just what is generated automatically when you tell CPF to remember your answer (except for the rules to open eMule and Azureus’s ports)
Ok. One week later, I have kept Skip parent unchecked in all my rules and nothing strange has happened. Of course, I’ve had to teach CPF quite a few rules, but now this has almost subsided. I just checked all the rules in the list, I found no strange duplication. So the problem was probably with Skip parent. It is still there, but since I won’t be using this feature I don’t really care. BTW, I think the documentation should insist on why it is not a good idea to use it. Now if someone from the tech staff wants me to reactivate it to help find out what the problem is, just ask me.