After upgrading to the latest version of Comodo Firewall (3.5.54375.427) I have a lot of new D+ messages coming up which is quite ok. However, certain applications (e.g. PSPad) ask every time i start them, although I’ve allowed the rule and its saved in the “Comodo D+ database”. After allowing again (and saving) I have the same entry twice (in the D+ “Computer security policy” under “Protected Files/Folders”.
The dlls mentioned are allways the same: C:\Windows\System32\cscui.dll and C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll.
Using Vista 32-bit.
Thanks for any ideas how to solve the problem.
kind regards
Ha
Same here too. I updated to the same release (3.5.54375.427) this morning and Defense now pops up with warnings about modifying DLL’s like audiodev.dll, shdocvw.dll and PhotoMetaDataHandler.dll.
I use CircleDock and Pan which spawns these pop ups. And yes, I know CircleDock is alpha.
UAC, AERO is off. OP mentioned cscui.dll. I had that as well but not as frequent as the ones above.
I don’t mind the extra messages but it seems Defense is not learning.
I’m running D+ in paranoid mode, too. And to describe it a little bit more specific: D+ IS learning - whenever i say “Yes” and “Save rule” a new entry stating exactly the same dll is added to the respective entries. After starting one and the same application several times i have a lot of identical entries.
Update: It looks like as for me this problem only arises after UPGRADING to the newest version (I removed the firewall and installed CIS) - when CIS is installed an a clean system, everything looks fine for me.
I am running Windows Vista Ultimate 32-bit with UAC enabled.
In the Defense+ tab, under Computer Security Policy, I have Minefield\Firefox.exe listed. When editing this entry, if Application System Activity Control\Access Rights\Protected Files\Folders is set to ‘Ask’, cscui.dll will be added every time Minefield starts, because Defense+ asks me for permission every time I start Minefield, even though I have ‘Remember this action’ checked. The only way I found to get Defense+ to stop asking me when I start Minefield, and to stop adding another instance of cscui.dll, was to change the Protected Files/Folders setting under Process Access Rights to ‘Allow’ from ‘Ask’ for Minefield\Firefox.exe. Minefield is the only program that I have this problem with. Defense+ remembers all other actions when it opens a popup and asks for permission, just not this one when Minefield starts. I thought it might have something to do with the fact that Minefield is just in pre-Beta.
I am testing CIS 3.5.55810.432 right now and I have the same problem described here.
Below are the information requested in the “how to submit”.
CPU 64bits
Vista SP1 32bits
used concurrently with Kaspersky Internet Security 2009 8.0.0.454 (only file/mail/web components, no Proactive Defense)
Specific symptoms : some file paths accesses are asked every time I start some applications, file paths are duplicated in the Defense+ “Protected File/Folder” access right of the application.
Specific steps you have taken to try to resolve it : I purged thunderbird files access list allowances, I deleted completly thunderbird from the rules, to no avail (thunderbird is just one example, Firefox does the same for instance).
Brief description of your Defense+ and Firewall+ mode : D+ is in paranoid mode, everything checked in Defense+ Settings.
Workaround:
Change the path for the file from:
C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
to
C?\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
There is a problem with the : char in the paths with checking .dll files
See also my screenshot, i’m running Vista SP1, x32, Normal Users, Modified ProActive Security.