SOLVED: Defense+ blocking firefox from creating plugin-container.exe

Hi All,

Environment:

  • Windows 7
  • Firefox 13.0.1
  • Adobe Flash Plugin - 11.3 (and earlier versions)
  • CIS 5.10.228257.2253

For the last couple of weeks I’ve been having a problem with defense+ blocking firefox from creating any plugin-container.exe processes. Whenever I open firefox and go to a page that requires flash (which needs to spawn a plugin-container.exe process) it causes firefox to hang and then crash. When I look in the defense+ events I can see corresponding entries for firefox:

Application: Firefox
Flags: Create Process
Target: plugin-container.exe

I believe that the issue may have started since I upgraded to the latest Firefox (13.0.1) and/or flash but I’m not 100% sure. I may have also ugpraded Comodo within the last couple of weeks as well so that may have also been a factor. Overall though I know that the issue is definitely being caused by Defense+ as if I disable defense+ firefox can then spawn a plugin-container.exe process and it then works without issue.

Steps taken so far to try and resolve this issue include:

  • Uninstalling and reinstalling Firefox 13.0.1
  • Uninstalling flash 11.3 and downgrading to 11.2 and 10.3.
  • Confirming that both firefox.exe and plugin-container.exe are in Defense+ trusted files.
  • Purging invalid entries in the defense+ trusted file list.
  • Adding both firefox.exe and plugin-container.exe as exclusions in the execution control settings.

The Defense+ security level is set to Safe.

I’ve also been scouring the internet via google, these forums and others and I still haven’t been able to find a solution.

Do any of you guys have suggestions? Thanks.

Hi All,

It looks like I’ve managed to solve this issue. I came across another thread on this forum that put me on the right track.

https://forums.comodo.com/defense-sandbox-help-cis/defense-in-clean-pc-mode-is-blocking-flash-uploader-in-firefox-3612-t64628.0.html;msg459022#msg459022

As mentioned in that forum its definitely not obvious finding things that are being blocked by Comodo. The other thing that I’m still wondering about is why this ended up getting on to Comodo’s block list in the first place. When I found this I also noticed some other apps in my custom policy list that I’ve never setup so it explains some other strange behavior I was seeing with those apps as well.

For everyones benefit here are the steps with screenshots that I took to resolve the issue.

Step 1 - I opened up the CIS control panel and under the Defense+ tab opened “Computer Security Policy”.

Step 2 - I got a warning that this is for advanced users only. I clicked “Yes” to continue.

Step 3 - In the Computer Security Polucy window under the Defense+ Rules tab I could see firefox.exe in the list of applications and it had a custom policy in the “Treat as” column.

At this stage I could probably have resolved my issue by just deleting the custom policy entry for firefox but I decided to edit it instead to see what was there.

I selected it and clicked “Edit”.

Step 4 - This opened a new window called “Application System Activity Control”. In this window I clicked “Customize”.

Step 5 - This opened a new window called “Customize Policy”. In this window I could see that in the “Exclusions” column for “Run an executable” there was Modify (0\1). I clicked on the Modify (0\1) in this line.

Step 6 - This opened up a new window called “Run an executable”. In this window under the Blocked Applications tab I could see plugin-container.exe listed. I removed this and then clicked ok → ok → apply → ok to accept the changes and close all of the windows back down.

Firefox now works as expected and pages with flash that require the plugin-container.exe to spawn no longer cause my browser to crash.

[attachment deleted by admin]