Still repeatedly asking for me to authorize programs

I have last version (2.1.1.1) of CPF installed in my Win 2003 Server (small install, with just 2 network cards and half a dozen contemporary users from the net).
I succeded to configure it quite well and it seems to be working fine. I just have a couple of problems …

  1. even if, as far as I read, it should have been fixed in last version, my CPF continues to ask me to authorize programs accessing the net … even if I have already authorized and selected the REMEMBER box. This happens even with it’s own updater (CPF updater).

  2. a user here told me that it is possible (i’d need it badly) to see a log of all the Blocked events (hopefully with time/date, reasons and action taken as it was in Sygate) … but I could not find this option. I mean i could not find how to see such a log file.

Thanks for any help and best regards

Can you show us the types of popups you are seeing and the ones that CPF do not remember?
Your logs can be seen in Activity->Logs section. You can right click, export them to HTML sand send us so that we can understand what is going on.

Egemen

It is not remembering the authorization (with remember option selected) about several programs … including:

it´s own updater
MS Antispyware updater
NOD 32 Updater
Some Explorer instances (not always)
Some Eudora instances (not always)
Kazaa and Emule

It is however remembering, apparently, the server software running (IMAIL SMTP,POP… and IIS) and some other things like Analog X NetStat Live, MSN etc…

If you want I can capture the windows when a popup will appear next time and send the captured image to you … just let me know to which email.

Best regards

I’m having the same problem, only for me it is Google Desktop that is causing the problem. I’m running XP Pro, with CPF 2.1.1.1 installed. I’ve even gone into the configuration and set “GoogleDesktopCrawl.exe” to be a trusted application. Another application causing this problem is the file “Gunbound.gme”, the application file of the online game Gunbound. I’ve created a log of today’s entries, if someone would assist me that would be awesome!

Thanks!

//Edit// Incidentally, the game Gunbound works, and as far as I can tell, Google Desktop works also, they’re just repeatedly asking for authorization. //Edit//

Yeah, the same with me … ALL programs work fine, after I authorize.
The problem is just that CPF does not rememeber that I’ve already authorized and keeps on asking me the same authorization every now and then.
Today it happened again, this time with Eudora, Svchost (twice), acrobat reader …

If you need any log or image of the popup or anything else to help you find the bug, just let mek now. I’m 100% available to help.

Best regards

Hi,

Can you attach some screenshots of the popup windows that CPF does not remember?

Thx,
Egemen

Here are two examples (fresh ones, just happened) … one for kazaa lite and other for svchost (system). Remembe that on my system I’m running IIS and Imail servers.

Stay totally available for anything more you need to fix it. I like CPF and am willing to keep it as my default FW, so am keen to help in any improvement.

Best regards

[attachment deleted by admin]

Here’s my log from today. I don’t have any pictures, but Lorenzopar’s pics pretty much cover my situation too (just a different application)

[attachment deleted by admin]

I had to edit each application and check “allow invisible connections” on my well know apps. Google desktop was one of the main one.

I agree, it doesn’t remember.

Just putting in my 2 cents.

Seems like I get popups for applications that I thought once remembered I would never hear from my them again. This was so with my previous firewall Kerio PF.

I know CPF does a lot more checking but with so many unexpected (and harmless I might add) popups it is making me immune to a real danger if it ever occurs.

…kind of a “boy who cried streetwolf” scenario :slight_smile:

Sorry, I couldn’t resist!

Good point, though…

I’ve learned never to use a witty line more then once. ;D

Well almost a fair point!

First we built the technology to catch all “possible” suspicious activity! Now we are making sure that the impact on the user is minimised by increasing the size of the “safelist” we have so that “in theory” you would never see a popup as long as the app is safe, yet we catch all the suspicious activity on the background! Best of both worlds!

So now we are creating the ability for users to submit multiple files for addition to safe list (after we checked it), and also optimising the code so that it will work efficiently (as we have a huge safe list it requires optimized method)

Give us some time :wink: and enjoy the ride…

Melih

Speaking of ‘safe lists’.

Do you ever see the possibility of malicious software taking advantage of the fact that a firewall program deems a particular program/component ‘safe’ automatically?

In other words could a piece of ‘evil’ software get hold of a ‘safe’ program and modify it to do it’s dirty work?

I once read an article on firewalls in general where the author stated that having any firewall predetermine what was safe was asinine. Nothing should be automatically considered safe he stated.

Your opinion please?

One of the behaviour analysis or something else (depending on type of attack) would detect this as a change - so CPF should alert to this change, right? If the user has not updated / modified this program they should realise it is suspicious.

Mike

Well I would agree that letting the firewall to determine what is safe is madness! We don’t let the firwall determine it, we let our Malware Research Dept who analyses these executables to decide whether they are safe or not. If they are found to be safe, then it gets added to the safe list.

Melih

I don’t think the issue is that there aren’t enough programs in the ‘safe list.’ I think the problem is that CPF isn’t remembering programs that the user wants to put on the safe list.

Bucknasty, did this fix the problem? If it did, that sounds like a good workaround (if a little tedious) until someone can look at this. Anyway, thats just my opinion. Cheers!

Sygate was clever in this aspect … it made a sort of Checksum verification on “safe” programs at the moment in which they where identified as such … any change from that moment on (which could be a normal update or a virus attempting to take advantage of a “safe” program) was immediately alerted with full details and asked for a new authorization.

What I did not understand yet is why after I have authorized, say Eudora, and no update was applied, it keeps on asking me for authorization every now and then … not remembering i’ve already authorized that particular app !!

Best regards

Lorenzopar

CPF does have this functionality too. I am not sure why you are receiving those popus. It could be a bug in the code. We’ll have a look at it…Can you pls provide us full details.
thanks

Melih

After popups Comodo freeze my PC for some seconds. This is a very annoying problem for me; I’m thinking to uninstall Comodo and swithc to another firewall :-[