Unacceptable Ignorance

Comodo Defense+ has decided that my system programs are about to kill my computer and it won’t listen to me when I try to calm it down.

I use an OQO tablet with Vista Business. In interpreting pen actions, the program wisptis.exe accesses the keyboard. Also, as part of the power scheme, the program oqomanager.exe obtains an elevated shutdown privilege.

I have repeatedly told Defense+ in both cases that it should “Treat this application as a Windows System Application”. It is as if I did nothing. Defense+ keeps asking the same question despite my answer and keeps ignoring it.

I have now lost pen input and a number of the specialized keyboard keys no longer function.

I have used Comodo Firewall 2.x on an XP machine and was pleased. No longer.

Releasing a version such as this has made me doubt all of Comodo’s product suite.

It’s back to ZoneAlarm for my firewall, Spybot S&D for my malware, and McAfee SiteAdvisor for my site authentication.

I just hope it uninstalls more easily than it installed.


It doesn’t look good. Since shutdown goes through the oqomanager, I can’t even gracefully turn the thing off, much less restart. I had to do a hard shut down.

(:AGY)

Change the setting to Training Mode for Defense+. Click Defense+>Advanced>Defense+ Settings. On that window, move the slider down to “Training Mode”. Programs that access the keyboard and terminate processes look like viruses or keyloggers. You may have to re-install to get rid of the permissions that have been recorded for those conflicting programs, but try Training Mode first.

That’s not the point. I told Comodo to treat it as a system process. I should have to do that once and only once.

The fact that Comodo ignores my input is unacceptable.

It should assume that I know what I’m talking about when I select an option.

Have you checked the permissions of a system process? You may need to call it an “updater/installer” if it needs to run other executables to operate.

No, an installer should not need access to the keyboard which is the access that Comodo blocked the wisptis from gaining.

I tried calling both of them trusted processes and system processes. Neither of those worked, both of them should have worked. Calling them updaters or installers might be a workaround but, if it is, it is a bad one. I don’t want to be able to give an installer access to my keyboard. That’s just a lure for a keylogging trojan.

Are you sure that your app does not create a tmp.exe every time that is executed?

I have just had some experience of the CFP ignoring the elections from the pop-ups. It was happily creating rule after rule for the same application and ignoring every rule that was created. I finally solved it by deleting all the rules for that app (it was happening in the Firewall section), rebooting and then defining the rule manually. If you are having the problem with your pointer driver, you would have to shut down CFP before rebooting and start it from the Start Menu to get into the interface. The rules have to be defined in the Defense+>Advanced>Computer Security Policy page by clicking Add and Browse to the file. Once selected, click Edit and give it “Access Rights”. For a pointer driver, the only unusual privileges would be Screen, and possibly keyboard, although it really can’t hurt to give it any privilege you want just to be sure that it can do its job. It really can’t be used to harm any system files

For those who might still want to use Comodo, first I would suggest that wisptis.exe is a Microsoft Windows process used by XP Tablet, possibly XP, and Vista. It is also installed and activated by Microsoft Office (2003 and later). Comodo should recognize it “out of the box”.

Second, if Comodo is ignoring elections from the pop-ups it should tell the user that his input has been ignored. Furthermore, rules should be hierarchical. If I first select the default permission and later (maybe after googling the app) decide that an application is trusted or a system application, that later election should supersede the original election or, at least, Comodo should ask if it should supersede it.

These are merely the problems mentioned in this thread which were the straw that broke the camel’s back. Comodo Firewall also had conflicts with Comodo BOClean. The problems I noted here were in the course of a simple uninstall of another program which ended up taking over an hour, literally. Furthermore, as one who has a UMPC the inability to resize windows, Comodo’s inability to properly interpret what a maximized window would be on a particular PC, and the lack of scroll bars are indicative of a program that was released too soon with too little testing.

I don’t know if the wisptis.exe you mention is actually signed by Microsoft. They currently have a policy of signing all their applications, but there a surprising number of unsigned applications, especially ones written before 2006. Even so, CFP should properly write the rules for programs that are approved by the user. There are some possible conflicts with other security software that might prevent it from working properly and it seems that there is a flaw that results in multiple copies of the rule for a program being created and when that happens, none of the rules for that program are recognized. The solution is to delete all the rules for the program in the Firewall or Defense+ and reboot. The next time the problem program is picked up by the alerts, define it as “Trusted” or whatever class of permissions you are confident will let it do its job.
I was surprised that there is not a default rule for BOClean in the firewall myself. It is another unsigned application, so I guess that is the reason. It needs “Trusted Application” status to work properly. Another problem with BOC is that it tries to inspect the firewall processes and that generates alerts when CFP protects itself. To fix this, you need to put the CFP processes on the BOC Excluder. Open the Excluder and the File Explorer and drag the 4 CFP exe files that have the shield icon and Cfpagent.exe to the Excluder window. That will stop the alerts.