Undetected Parent Launching a Running Browser Instance [Resolved]

I think I discovered the reason why there’s no parent check alert while having a running browser and the new program can just easily open a new tab: the program is either a certified application in the database or you have allowed AppMon rules for it.
Example: I have uTorrent allowed to connect out and in (to my listening port) in AppMon, so it opens an Opera tab undetected. Then, with Opera still running, I tried to open another tab through SuperAntispyware (a program that’s doesn’t have any allowed AppMon rules) and CFP detects a new parent!

But if the above is true then I think I found an inconsistency. I have an AppMon rule to block everything in and out for Windows Media Player, which is a certified app but blocked AppMon rules is supposed to override this. Even if the certified database overrides AppMon in the parent check sense (which would be strange and not documented anywhere), cpf.exe is neither a certified app nor is on my AppMon list - why can it still open a new tab undetected with a browser running?

I must admit it seems a bit random to me :-\

Over the last few days I have tried numerous programs that launch through the browser. I did receive some prompts but, strangely enough, not for new parents.

I’m still baffled ???

It would be nice to see some info about which applications are CFP certified.

Toggie

You mean like this? This was tested with yet another program not in any approved list. Now I think it not only depends on being approved or not, but also how that program launches/connects to the browser.

[attachment deleted by admin]

I think it’s related to the fact that we’re not programers ;D
(btw Opera allows me to block your avatar

)

You mean like this?

Just like that…

By the way, love the purple tabs 88)

Opera can block any picture or site. I use to block ads (and lots of pics on this forum so that I don’t have to view them like that big red background at the top and it’s faster to load 8) as well as less confusing with less button functions to choose from). Those wildcard asterisks do wonders. Purple is one of the bulit-in skins ;D

There were a few times in my test that I had both the modify user interfact alert and the parent alert right after.

Yes, yes, but it can block your avatar too! :smiley:

Since it’s apparent that someone hates avatars, let me show you how it’s done:
Comodo Forum > Profile > Look and Layout Preferences > Enable Don’t show other users’ avatars.

I’m just kidding!
Anyway, the final test for this would be a clean install, no skip loopback, invisible etc., and certified apps, and try it. If it still behaves like you describe, it shows how leaktests are tricky.

I did 2 clean installs in the past. This last ver was only the help file update, so is it worth it to me to start over? Not really. Might as well wait for v3 to do that. Plus I’m not alone on this issue.

Someone, is yours working?

er, ahem, i’m trying Kerio… just to see what Comodo could do (wishlist).
I’ll try it when reinstalling. Which won’t take long, since Kerio pops strange stuff. Like a “new interface was found”, add to trusted etc, DENY! WHAT INTERFACE?! Inbound explorer- same address- BLOCK!
It’s a good FW note, if you can ignore the “payme” pop up ;D

It also found out one day too late that SandboxIE was different (ver. 2.80). I thought this was real time thingy.

bump This is still an issue, and I haven’t seen any official feedback on it. Spyware could effectively bypass the firewall this way, if you already had say a firefox instance launched.

Are there plans to fix this issue soon?

Hello,
CPF 3 will be out next month, they are busy developing it. Things will be different, it will have HIPS incorporated (if you want it). HIPS will take care of this in real time, and it should work better.
We’ll see.

Ah, thanks for your reply. :slight_smile:

Let’s hope it works indeed. ^^ I really love CPF.

Let me resurrect my old thread :P0l:

Anyone have sucess with v3 on this? I’m still not receiving any Defense+ alerts while having a running instance of Opera. I tested it out with a registry cleaner program that can open a new tab in Opera and go directly to its home page. If I repeat those steps with Opera closed, I get the Defense+ alert.

You realize that v3 doesn’t do the “parent” check of v2… However, you should see a D+ alert about an application attempting to control Opera. Depending to some extent, of course, on your D+ setting (CLean PC, etc).

Thanks. I know the parent check is still there (as part of D+), just that I forgot the program I tested was already on my PC and I had Clean PC mode on. However, even after switching to Paranoid mode, there was no prompt while Opera was on. So I had to remove the D+ rule on that program itself and then re-test to get the alert.

Case Closed.