Updated! CPF 2.3.1.20 BETA is available!(Removed CPF 2.3.0.19 BETA)

I would like to announce the availability of the CPF 2.3.1.20 BETA for download at http://www.personalfirewall.comodo.com/download/CPF_Setup_2.3.1.20_BETA.exe

What’s New in 2.3.1.20 BETA?

  • New! Windows XP Fast User Switching support
  • New! File submission to Comodo (“Security->Tasks->Miscellaneous” interface can be used to submit multiple files to COMODO.)
  • New! Popup frequency level(During the installation of CPF, users will be able to define the frequency of popups, which will affect created rules),
  • Improved! Self defense(protection of self registry keys,more resistance to process termination attacks)
  • Improved! Application monitoring(smarter act as a server handling, options to skip loopback TCP/UDP)
  • Improved! Performace of the firewall is much faster than before(This improvent solved AVG email scanner issue as well)
  • Improved! Memory usage of CmdAgent has been decreased by 3MBs
  • Improved! Interoperability of CPF with sandboxing software
  • Improved! Default network monitor rules
  • Fixed! Bug causing repeating “Signature changed” messages
  • Fixed! Bug causing CPF not to remember some popup
  • Fixed! Bug causing BSOD if secure boot option is selected

Edit : The version 2.3.0.19 has been updated to CPF 2.3.1.20 to address the BSOD bug.

Hi egemen, does this version have OS mode =3 also? thanks

Great improvement!!! (R)

Uninstaller:

  1. I had the CPF installed on “P:\Comodo Personal Firewall”, and the uninstaller didn’t removed the folder “P:\Comodo” and “P:\Comodo\LaunchPad”, but they are empty.

Installer:

  1. Now I can’t install the CPF where I want. I want on “P:\Comodo Personal Firewall” and not on “P:\Comodo\Personal Firewall”

After Windows Start:

cmdagent.exe : 4.5MB
cpf.exe 27MB

The Self defense works very well ;D

Still haven’t the CPF tray icon instead of the Comodo Agent… :cry:

Problem:

I tested the CPF on GRC Shields UP!! and it pass very well.
Then I changed the rule “ICMP in > Fragmentation Needed” to “Echo”.
Made the same test on GRC Shields UP!! and fails on echo request, of course!
Finally I change that rule to “Fragmentation Needed”, but know it fails on echo request, on GRC Shields UP!!.

I tried with another browser to see if was the cache but nothing…

Only pass again when I restart the Windows…

[EDIT:]
I checked the log and didn’t appear any entry saying that the echo request was blocked.
Then I deleted the rule and made a new one and works.

Something is wrong on the rules changes…

Suggestions:

1 . Change the “Icmp Echo” to “Icmp Echo Request:wink:

  1. And always put the protocols in uppercase. Should be “ICMP” and not “Icmp” :stuck_out_tongue:

Shiledup gives you incorrect results sometimes. Please test it with another site or tool and let us know.

I edited my post before you reply… :wink:

I just installed CPF 2.3.0.19. In the process of uninstalling the previous version, Comodo Backup also got removed. That’s not what I expected. I was able to re-install Comodo Backup and fortunately all of my settings were still there.

G’day,

A couple of small points on the new beta:

  1. If the CPF window is resized to the smallest size possible, the “Set to Default” button at the bottom of SECURITY - ADVANCED is almost entirely off screen.

  2. When submitting a file under SECURITY - TASKS, the submission activity doesn’t show in the Connections window. Huh? :wink:

  3. If we have an unknown file we want to submit, wouldn’t it be better to be able to submit it from A) a submit button on the firewall popup, B) from the context menu of the application as it appears in the SECURITY - APPLICATION MONITOR window or C) from the context menu of the log entry pertaining to the app.

Re. file submissions in CPF, am I correct in assuming that this is for submissions of both malware caught by CPF and for “Safe” applications that CPF doesn’t yet know about (but hopefully will be added to the “Known Apps” list)?

More later.

Cheers,
Ewen :slight_smile:

Hi Panic,
A) a submit button on the firewall popup
B) from the context menu of the application as it appears in the SECURITY - APPLICATION MONITOR
C) from the context menu of the log entry pertaining to the app.

We have all the above in our design and you will see all that in next release.

1. If the CPF window is resized to the smallest size possible, the “Set to Default” button at the bottom of SECURITY - ADVANCED is almost entirely off screen

We are going to make few changes on GUI side, will be taken care in next release.

Whatever files are submitted will be anaylysed by our AV lab, in that process we will be able to identify if it’s a virus/malaware/safe application.
If it is found to be virus/malaware, we are going to make sure that our Virus DB of CAV is updated,
and we notify user accordingly.

If we find that file is safe, we are going to make a thorough anaylsis as with which package it comes and if that is safe to add in our database. Once we add a particular file to our safe db and make db live, we will inform the users, if e-mail provided, that it has been added to safe list.

Thanks for the info.

Are you looking fro any specific info when users are submitting files for analysis - known parent, etc.?

Ewen :slight_smile:

Looking in the registry, it seems to be set to this from default now. I had deleted all reg keys before installation and now OSmode is set to 3.

Maxthon now connects without CPF reporting\asking anything, irrespective of how it was launched. I assume it was added to the safe applications. However, after disabling “approve safe applications”, there still is no pop-up for Maxthon (and not for IE and probably all safe apps).
Is this change not applied immediately?

Also the problem where “false” reports occur still exists, example:
D:\SOFTWARE\Maxthon\Maxthon.exe has tried to use the Parent application explorer.exe through OLE Automation, which can be used to hijack other applications. Maxthon.exe may be using explorer.exe to conceal its behaviour in an attempt to connect to the Internet with Pimmy.exe.

I had closed Maxthon (browser) a few seconds before this pop-up. After closing Maxthon I launched Pimmy (email) from a shortcut on the desktop, so Maxthon had nothing to do with it.

Another example:
D:\SOFTWARE\Mediaplayerclassic\mplayerc.exe has tried to use the Parent application explorer.exe through OLE Automation, which can be used to hijack other applications. mplayerc.exe may be using explorer.exe to conceal its behaviour in an attempt to connect to the Internet with Pimmy.exe.

On a more positive note: the system is more responsive now. There was a noticeable slowdown before(although only slight), but it’s better now.

cpf.exe ran at 15.460KB to 15.964KB at my system. Good!

Still…
Many things need to be sorted out, abit.
-. Like those useless “System Info” which kept reporting Pentium Pro for any AMD machine based. (…any chances Intel put their money on your product here, Melih?) …it has nothing to do with firewall’s core function. …simply replace that with the “LOG” tab or something like “This month’s most active application running around your network” or “The most port accessed/scaned”, and so on…

-. I get the feeling CPF’s Dev(s) HATE keyboard. …because I can’t make my keyboard scroll, move down/up, change focus, delete, HOME/END, hot-key-ing, whatever… at CPF.

-. Subscription validity, License type, bla…bla… leave that to “About” button.

-. You know why I kept say CPF, instead of Comodo Personal Firewall? …because I grow tired with CPF’s tittle redundant. There’s 3 of them at the main page. …not including the icon, launchpad, etc.

-. “Activity” tab can get an extra space (and detail), with “LOG” tab moves to the main page, or simply put one additional “LOG” tab after the “Activity” itself.

-. Put some sort of filter on the “LOG” list. ie: so we can see the log list by:port, date/time, source, remote, etc…

-. Try to remove the “Highlight” + “News” part from the main interface and replace that with additional icon before the “updater” with tittle like “The Forum’s ROCKS-HARD-YEAH!!” and some “easter-egg” if you like.

-. Put a nice glossy mouse-over at that “About” button.

-. The tag “Computer security level” on the main page, has nothing to do with whatever things under it’s tag. …did you mean “Security Configuration”? …or it’s there, just to provoke user to click those tiny-little line “Test your current security configuration”?

-. Clicking on “View more” at the “Traffic” column (main page) will get you to the “Activity” tab. While the “Activity” icon’s not selected/highlighted.

…that’s it for now.
…will try to submit some technical tough later.

Hi,

During the new beta install, I noticed a spelling error in the ‘High’ section for customizing alerts. If I recall correctly, the word should have been ‘different’. Also, once a selection is made of high, medium, etc., I don’'t see an option to change this selection once the system is booted. Why is this option only available during install?

The Registration Menu is a bit off. Some of it is transparent when displayed. See below.

I still see truncation problems in the fonts on different screens.

CPF still launching IE from the About menu.

Did you folks get rid of the IE HTML rendering engine for the GUI with this release?

Thanks, Al

[attachment deleted by admin]

hello. I was just wondering how safe and stable this version is for a novice like myself to use? I previously used version 2.2 and found it great, but had to uninstall it due to memory usage slowing down my 480MB RAM CPU. I feel this Firewall is far and above Kerio PF which I have also tried out, although it didn’t seem to slow me down at all. And liked Comodo much better than Look N Stop Firewall which although ran very low on memory, didn’t appeal to me in features and design like Comodo. I am on wireless Desktop CPU with Linksys router, and my dear son alternately turns off it’s firewall to play some game that he can’t configure to work otherwise. Anyway, I simply feel Comodo is safest bet for me to protect my computer along with Avast, and WinPatrol. I just need fast user switching for two user account, and lower memory usage that beta gives me. I had no trouble using 2.2 with it’s “Out Of Box” set up as advertised. (No problems with uninstall either by the way). I can deal with allow and deny, just not some major unknown beta problems. Any suggestions are welcomed, and thanks in advanced to Melih who I know is very much involved in this project. Sorry for long post, and I hope it’s in correct area.

The Basic popup logic (less number of popups) option under Adavnced Security Configuration does not seem to remain set between re-starts.

And the Max Log Size always resets to 5MB. Am I misunderstanding what this option is for?

Hi,

When sending ‘safe’ applications through the submit feature what information do you want us to supply to you about it?

Mike

I have installed the beta and after one day I don’t have any problems.

The only question is:
What are the two new rules for? ( I mean why you added them; since icmp incoming fragmented packets can be used for some type of attacks)

if you think there is some information we shoudl know about this then would be useful… or a website where u got it from etc… The whole idea is for the SafeList Research team to go download analyse this. So whatever u think will make it easy for them pls

Melih