two newbie problems

chopinhauer · November 19, 2006, 10:39pm

Hi,

I’ve already made a couple of smallish posts in other threads but I thought it is about time to introduce myself and say that I think what comodo is doing is wonderful.

I am a refugee from ZA pro (and before that NIS). So far I really like comodo except for two issues. The first has been mentioned but not to my mind properly addressed in a recent thread headed “Firefox vs IEexplorer”. Sorry to cross post but I REALLY need a response!!

The poster, jorgeef, wrote: [QUOTE] "If I open Firefox after the opening of Internet Exporer (IExplore.exe), Comodo Firewall shows this alert:

…
Firefox is trying to act as a server. What would you like to do?

Details:
Application: Firefox.exe.
Local: IP 127.0.0.1 Port 2056 TCP

Security considerations

C:\Archivos de programa\Internet Explorer\IEXPLORER.EXE has tried to use the Parent application explorer.exe through OLE Automation, which can be used to hijack other applications. IEXPLORE.EXE may be using explorer.exe to conceal its behaiour in an attempt to connect to the Internet with firefox.exe

ALLOW DENY
…

If I allow, I can surf with Firefox
If I deny, all the surfing is blocked in Firefox (BUT NOT WITH I. EPLORER !!)" [END QUOTE]

Ok I have a similar problem, and so far I respond by just allowing internet explorer. The problem occurs even if I open firefox first, which I usally do since firefox is my main brower and I only use IE7 for my work webmail.

BUT worse the problem extents to utorrent. If I am running utorrent and then open internet explorer I get the same message except that it says that utorrent is trying to use the explorer.exe. Again, I have been allowing it, for if I don’t it shuts down utorrent.

Now I do not have any spyware or malware. I run nod32 antivirus and ewido antispy (paid version) plus spybot S&D and spyware blaster. The problem must be in my setting for CPF or simply a problem with CPF per se.

The second problem / issue relates to numerous “high severity events” that CPF logs when I run utorrent. Is this good, bad, or simply a sign that CPF is doing its job?. In the past using NIS and ZA I never got spware or malware while using bit torrent, but also I never to my knowledge racked up so many scary alerts.

Could somebody please comment or advise because both of these issues are experiences I have never encountered with any other firewall or security product.

thanks

AOwL · November 19, 2006, 11:00pm

It’s a known issue with CPF and it will hopefully get resolved soon…
I installed the latest beta today, and i haven’t had a single one of these strange pop ups yet… ;D
I have crossed my thumbs that the problem is solved.
You can do a search and you will find a lot of Threads/posts about the issue.

chopinhauer · November 19, 2006, 11:19pm

Thanks for the reply, but then until the issue is resolved how should I respond to the alerts that ask me to allow or deny. Can I merrily continue to allow the latter program without compromising security?

AOwL · November 19, 2006, 11:31pm

You ca block or deny without remembering if you 're not sure. If you block and loose your connection, just restart the browser. If that doesn’t work, restart CPF.
Read the message carefully, so that no malware is trying to use a known program to get out.
I allow the messages if i know what the program is.
Some of the alerts is legit, so they should notice you if you, lets say, click on a link in Microsoft Outlook, then you should get a pop up about Outlook is trying to use your browser to get out.
That’s normal and for your security.

panic · November 20, 2006, 12:33am

You can quite safely ALLOW Firefox to act as a server in this case, as the address it is using (127.0.0.1) is a solely internal address, known as the local loopback. This is an address range used solely for internal communications within your PC. It will not and cannot go outside your PC.

If you don’t ever want to see these alerts, click on SECURITY - ADVANCED - MISCELLANEOUS and select “Skip loopback(127.x.x.x) UDP connections”.

Hope this helps,
Ewen

chopinhauer · November 20, 2006, 8:37am

Thanks for you help. I’ve now searched the forums more fully and, besides seeing that I posted this question in the wrong place (should have been in the help section) I have seen numerous other people with the same issue (something I would have discovered had I seen the help section of the firewall forum). I must say, I’m still not sure what to do, particularly about utorrent piggybacking on IE7. but at this stage I am allowing it since I have lots of backup protection with NOD32 and Ewido.

Little_Mac · November 21, 2006, 8:59pm

You’ll probably see some of my entries on the OLE automation issue, searching thru the Help section. I have had success creating application rules to stop them from connecting thru the identified parent. Some of that may be helpful to you. I haven’t seen where anyone else is doing that, tho (not sure why not).

LM