After upgrading to the latest version of Comodo Firewall (3.5.54375.427) I have a lot of new D+ messages coming up which is quite ok. However, certain applications (e.g. PSPad) ask every time i start them, although I’ve allowed the rule and its saved in the “Comodo D+ database”. After allowing again (and saving) I have the same entry twice (in the D+ “Computer security policy” under “Protected Files/Folders”.
The dlls mentioned are allways the same: C:\Windows\System32\cscui.dll and C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll.
Using Vista 32-bit.
Thanks for any ideas how to solve the problem.
Same here too. I updated to the same release (3.5.54375.427) this morning and Defense now pops up with warnings about modifying DLL’s like audiodev.dll, shdocvw.dll and PhotoMetaDataHandler.dll.
I use CircleDock and Pan which spawns these pop ups. And yes, I know CircleDock is alpha.
UAC, AERO is off. OP mentioned cscui.dll. I had that as well but not as frequent as the ones above.
I don’t mind the extra messages but it seems Defense is not learning.
I’m running D+ in paranoid mode, too. And to describe it a little bit more specific: D+ IS learning - whenever i say “Yes” and “Save rule” a new entry stating exactly the same dll is added to the respective entries. After starting one and the same application several times i have a lot of identical entries.
Update: It looks like as for me this problem only arises after UPGRADING to the newest version (I removed the firewall and installed CIS) - when CIS is installed an a clean system, everything looks fine for me.
I am running Windows Vista Ultimate 32-bit with UAC enabled.
In the Defense+ tab, under Computer Security Policy, I have Minefield\Firefox.exe listed. When editing this entry, if Application System Activity Control\Access Rights\Protected Files\Folders is set to ‘Ask’, cscui.dll will be added every time Minefield starts, because Defense+ asks me for permission every time I start Minefield, even though I have ‘Remember this action’ checked. The only way I found to get Defense+ to stop asking me when I start Minefield, and to stop adding another instance of cscui.dll, was to change the Protected Files/Folders setting under Process Access Rights to ‘Allow’ from ‘Ask’ for Minefield\Firefox.exe. Minefield is the only program that I have this problem with. Defense+ remembers all other actions when it opens a popup and asks for permission, just not this one when Minefield starts. I thought it might have something to do with the fact that Minefield is just in pre-Beta.
I am testing CIS 3.5.55810.432 right now and I have the same problem described here.
Below are the information requested in the “how to submit”.
Vista SP1 32bits
used concurrently with Kaspersky Internet Security 2009 126.96.36.1994 (only file/mail/web components, no Proactive Defense)
Specific symptoms : some file paths accesses are asked every time I start some applications, file paths are duplicated in the Defense+ “Protected File/Folder” access right of the application.
Specific steps you have taken to try to resolve it : I purged thunderbird files access list allowances, I deleted completly thunderbird from the rules, to no avail (thunderbird is just one example, Firefox does the same for instance).
Brief description of your Defense+ and Firewall+ mode : D+ is in paranoid mode, everything checked in Defense+ Settings.
Change the path for the file from:
C:\Program Files\Mozilla Thunderbird\extensions\firstname.lastname@example.org\components\FULLSOFT.DLL
C?\Program Files\Mozilla Thunderbird\extensions\email@example.com\components\FULLSOFT.DLL
There is a problem with the : char in the paths with checking .dll files
See also my screenshot, i’m running Vista SP1, x32, Normal Users, Modified ProActive Security.