I have last version (126.96.36.199) of CPF installed in my Win 2003 Server (small install, with just 2 network cards and half a dozen contemporary users from the net).
I succeded to configure it quite well and it seems to be working fine. I just have a couple of problems …
even if, as far as I read, it should have been fixed in last version, my CPF continues to ask me to authorize programs accessing the net … even if I have already authorized and selected the REMEMBER box. This happens even with it’s own updater (CPF updater).
a user here told me that it is possible (i’d need it badly) to see a log of all the Blocked events (hopefully with time/date, reasons and action taken as it was in Sygate) … but I could not find this option. I mean i could not find how to see such a log file.
Can you show us the types of popups you are seeing and the ones that CPF do not remember?
Your logs can be seen in Activity->Logs section. You can right click, export them to HTML sand send us so that we can understand what is going on.
I’m having the same problem, only for me it is Google Desktop that is causing the problem. I’m running XP Pro, with CPF 188.8.131.52 installed. I’ve even gone into the configuration and set “GoogleDesktopCrawl.exe” to be a trusted application. Another application causing this problem is the file “Gunbound.gme”, the application file of the online game Gunbound. I’ve created a log of today’s entries, if someone would assist me that would be awesome!
//Edit// Incidentally, the game Gunbound works, and as far as I can tell, Google Desktop works also, they’re just repeatedly asking for authorization. //Edit//
Yeah, the same with me … ALL programs work fine, after I authorize.
The problem is just that CPF does not rememeber that I’ve already authorized and keeps on asking me the same authorization every now and then.
Today it happened again, this time with Eudora, Svchost (twice), acrobat reader …
If you need any log or image of the popup or anything else to help you find the bug, just let mek now. I’m 100% available to help.
First we built the technology to catch all “possible” suspicious activity! Now we are making sure that the impact on the user is minimised by increasing the size of the “safelist” we have so that “in theory” you would never see a popup as long as the app is safe, yet we catch all the suspicious activity on the background! Best of both worlds!
So now we are creating the ability for users to submit multiple files for addition to safe list (after we checked it), and also optimising the code so that it will work efficiently (as we have a huge safe list it requires optimized method)
One of the behaviour analysis or something else (depending on type of attack) would detect this as a change - so CPF should alert to this change, right? If the user has not updated / modified this program they should realise it is suspicious.
Well I would agree that letting the firewall to determine what is safe is madness! We don’t let the firwall determine it, we let our Malware Research Dept who analyses these executables to decide whether they are safe or not. If they are found to be safe, then it gets added to the safe list.
Sygate was clever in this aspect … it made a sort of Checksum verification on “safe” programs at the moment in which they where identified as such … any change from that moment on (which could be a normal update or a virus attempting to take advantage of a “safe” program) was immediately alerted with full details and asked for a new authorization.
What I did not understand yet is why after I have authorized, say Eudora, and no update was applied, it keeps on asking me for authorization every now and then … not remembering i’ve already authorized that particular app !!