Some unintentional Block Everything niggles...

Hello,

Firstly congratulations to the developers for continuing to produce a great firewall. (B)

Now, sorry to trouble you peeps but I’m having a couple of persistent niggles with CPF (2.4.17.183). And I’d very much appreciate your thoughts on the following issues I’m having, please. CPF seems far too keen to block everything under certain circumstances. :-\

(1)If I turn ‘component control’ from ‘learn mode’ to ‘Turn on’ suddenly my internet access is completely blocked. I then tick it back to learn mode and all is perfectly well again. Why must I run component control always in learn mode? Why should there be such a drastic difference between learn mode and ‘turn on’?

(2) Even if I am using ‘learn mode’ as above, I have to run application behaviour analysis with everything except ‘Monitor DLL injections’ being ticked. Otherwise I lose internet connectivity. So when ‘Monitor DLL Injections’ is ticked I get a typical event logs as follows:

Description: Application Access Denied (firefox.exe: 216.XXX.XXX.XX: :http(80))
Application: D:\program files\Firefox\firefox.exe
Parent: C:\Windows\explorer.exe
Protocol: TCP out
Destination: 216.xxx.xxx.xx::http (80)

Please pardon me if this sounds stupid but I have tried looking everywhere for any rule for explorer.exe - and can’t locate even one. Nonetheless why should explorer be counted as the
parent for Firefox anyway? Surely firefox is its own parent application in itself! I can only presume that it’s a DLL related issue, but I’ve only a handful of DLL’s blocked anyway which seem to have no correlation to either firefox or explorer or anything else which becomes blocked (skype) when comodo mysteriously blocks everything (e.g., desktopsearchsystem2526.dll, IEhelp.dll, nrgmount.dll, pdimount.dll)

So I’m not sure what’s going on and how to rectify this situation so that ‘Monitor dll Injections’ can be ticked and I won’t lose all internet connectivity.

Many thanks for any help.

Hi serendipity, welcome to the forums.

I’m sorry you’re experiencing difficulties. I find it a bit worrying that you’re being forced to use CFP is such a manner (ie. with Monitor DLL Injections off & not being able to turn Component Monitor on). Can you please detail all the Applications & Components that you have listed as being “blocked” (just need the filenames at this point).

If you don’t wish to go through a diagnostic process, a quick way to probably resolve this would be to reinstall CFP from scratch.

G’day,

Your Windows desktop is actually a program called EXPLORER.EXE. If you double click an icon on your desktop, you are actually telling explorer.exe to start the icon you clicked on. Therefore, explorer.exe is the parent of any application started from the desktop.

If you use a launch bar (like Rocket Dock, for example), clicking on an app in the launch bar is telling the launch bar to start the app, therefore the launch bar app would be the parent.

The parent is what causes an application to start and the parent checking is one of the best features of CFP.

Hope this helps,
Ewen :slight_smile:

Many thanks for your responses. I very much appreciate them.

To simplify matters I removed any applications in ‘Application Control Rules’ which were blocked (only 5 in total were blocked including msnmsgr.exe) to see if that made a difference. But afterwards exactly the same as before happened when I turned component control from learn mode to ‘on’.

Strangely, I am running an earlier Comodo (2.4.14 RC4) on another machine, without same problems, and I noticed in the list of applications that explorer.exe is present whereas on the machine running the latest comodo (and giving the niggling issues above) it is not in the list of application control rules. Where could explorer.exe have disappeared to?

Another strange thing happened, I tried to replicate the fault on the other machine with RC4 running and the very moment I moved Component control from learning to ‘on’ - it immediately popped up a box asking me to approve two unknown components. I clicked show libraries and they were: Optimoz-mouse service and xpcom.dll. After approving both firefox browsed as normal. So no such problems with component control’s modes there.

However, I’m left wondering why it took changing the component control from learning to ‘on’ to pop up suddenly that box? And why did those components not need to be approved without moving from learning mode to ‘on’? Hmmmm. This does seem quite odd.

Anyway, I’m not much closer to understanding what is going on with my original query and any further comments are very welcome. Thank you very much.

Given the oddity of the situation, serendipity, you might want to follow Kail’s advice and uninstall then reinstall CFP, as it sounds like something went amiss during the original installation.

I would recommend that after you uninstall (and reboot), run a registry cleaner (like RegSeeker) to clean out anything left behind, then reboot again.

Before reinstalling the firewall, turn off any other security software - antivirus, antispyware, HIPS, etc.

Then reinstall CFP, and see if it doesn’t behave differently for you. Also, on the reinstall, be sure to choose “Automatic” installation, rather than “Advanced.” That way you take the guesswork out of it, and don’t inadvertently get a setting wrong.

First thing after rebooting, run the Application Wizard - Security/Tasks/Scan for Known Applications. Follow the prompts. Reboot when finished.

LM