Hello. I would like to report that that Comodo Firewall Pro fails to DETECT Comodo Parent Injection Leaktest when Firefox Preloader is running. I didn’t get the connections alert from the firewall. I tried this many times and after several restarts. After uninstalling Firefox Preloader, CF Pro detects the leak. Maybe this leak would failed to detected by other firewalls when FireFox Preloader running…
I don’t know if this is already reported and I’m sorry if I reported it again…
(V)
Anyone else test it? Am i right? someone pls…
I stopped using that ages ago as I found it to be quite buggy
and it didn’t seem to make much difference anyway.
Version 1.0 Build 366 - Final February 9, 2005
Instead I have 2 FireFox profiles, one a clean FF-install
the other with a bunch of extensions.
Once you have created your FF-profiles you just make a shortcut for each profile.
The target should look something like this :
“%drive%:\Program Files\Mozilla Firefox\firefox.exe” -P “default”
“%drive%:\Program Files\Mozilla Firefox\firefox.exe” -P “Custom”
(%drive% is the drive-letter where your FF was installed .just substitute the “default”/“Custom” with whatever you named your profile .)
Thnx for the tip Gordon but I have already thought that. I have just added 512mb memory on my laptop and now everything starts faster. (:WIN) What I want to say is that if this is a bug of CFP and the comodo experts doesn’t know it, to be fixed at v3 that we all can’t wait a few more weeks to use it :SMLR
salohcin,
Will you please provide a step-by-step process with screenshots, for this scenario. That way the dev team will know exactly what actions you have performed, and what you saw at each point as well.
Tnx,
LM
What I meant was that I think it’s FFpreloader that has the bug .
I think is not needed a step-by-step process screenshots. Its too simple.
(but if it can help better just tell me to upload screenshots)
download and install:
Version 1.0 Build 366 - Final February 9, 2005
Firefox Preloader download | SourceForge.net
Restart computer
Run FPreloader (and wait until loads firefox components to memory)
Run CPIL.EXE
After running CPIL.EXE and write something and press enter key then firefox opens webpage http://www.personalfirewall.comodo.com/leak/cpil.html?thetext and CFP don’t show any prompts for the connection so the leak is not blocked.
Then uninstall FPreloader, restart and run CPIL again. CFP shows the prompts for the connection so you can press block to deny access to firefox with injected dll.
I agree with Gordon. I think its a vulnerability or a bug of FirefoxPreloader…
The reason I asked for screenshots is to see the popups you receive from each test. Each time you run the test, you will get a popup for the DLL injection (provided you haven’t disabled alerts or Application Behavior Analysis). If you choose Allow you are letting the test run its course. By choosing Deny you will block it. You need to reboot in between rounds to clear the memory.
I installed FF Preloader just to test it. Tests 1 & 3 call Internet Explorer anyway. A simple Deny on the popup closed that out.
Test 2 called FF. Due to the DLL injection, a Deny on the popup stopped that as well.
Wouldn’t matter if FF Preloader is buggy or not. CPIL injects into the parent process for the browser; this generates an alert. You read the alert, you see it’s CPIL, and you deny. Same thing you should do with malware, and it will stop it. It does require some user interaction.
LM
I know for the required user interaction LM. But i tried the test before not on the CPIL Suite just on simple CPIL. I installed FFPreloader again and this time i made the tests with CPIL Suite and I rebooted in between rounds to clear the memory. Im running WINXP home Edition SP2(updates until Feb2007). I have FF as the default browser.Latest version of Comodo Firewall with the default settings
except the “Do not show any alerts for application certified by Comodo” which i disabled and “How many alerts at a time Should be displayed” which i set it on 1 instead of 20.
So i did the tests again.
Tests 1 & 3 called Internet Explorer and a simple Deny on the popup closed that out.
Test 2 called FireFox. Due to the DLL injection, normaly I supposed to have a popup like on test 1 & 3. But I didn’t. This didn’t generates an alert.
Sometimes when I dial Up with my ADSL connection (some ISPs give a dialup usb adsl modems here in greece) i have an Alert popup. I will attach a screenshot of the popup. This might be relevant with the reason that I’m not getting a popup with the test2…
[attachment deleted by admin]
Yeah, you’ve got a problem there. There is not a positive scenario in which the system should refuse to communicate with the firewall. Perhaps a faulty firewall install.
I’ve seen strange things occur when users install this firewall with an active security product running (AV, AS, HIPS…anything with real-time protection). It is best to disable/turn off such security products prior to installing CFP.
You might uninstall and reinstall. As it stands, there is some issue…
LM
The only security product besides CFP that I’m using with realtime protection is the latest version of NOD32. I have disable it from running on startup (and the NOD32 kernel service too). I made a clean install of CFP and i restarted after each (un)install. These annoying alert popups are not going away… 
I have to press allow several times or else my internet connection hangs… Anyway this won’t stop me using CFP.
One more thing. I have noticed that if i manually run Firefox(2.0.0.3) and then another program launches Firefox CFP doesn’t detect the parent application and it is allowing the connection without any prompts. I have tried this to another 2 friends computers and it happens too. But why is that? Isn’t this a security problem?
I and others notice the same. Doesn’t matter which browser, as long as it’s running and another program launches it, CFP doesn’t alert.
Makes me wonder if this applies to any program that allows multiple instances of itself.
Yeah me too. I will try some tests with other programs to see. Btw if anyone has an idea for the cause of the strange alert popup that i have uploaded the sscreenshot earlier pls let me know. Its very annoying :-\
Yes, I have solved my problem with the annoying alert popup :BNC I disabled NetBIOS over TCP/IP for my dial up connection and now no more popups 
(L)
So…does that mean this topic issue is resolved or you’re just jubilant that a popup is now dead ??? ;D. Netbios has long been disabled on my pc. It’s simplies things and secures my system.
Yes i know about Netbios, RPC and SMB. I had only Netbios open because i need the File Sharing to work when i make a LAN with friends… Anyway with my dial up adsl modem it caused CFP annoying alert popup and i disabled netbios and now the popups are gone.
This topic issue is not resolved yet. I will try again the CPIL test2 with firefox preloader and i will reply…
Check my other topic “A WAY TO LEAK…READ THIS” posted today about how easily can fool CFP and leak data. I want to help to make CFP better. CFP is by far the strongest personal firewall and it can be more stronger with everyones help. (L)
CFP still fails to detect cpil test2 when firefox preloader is running I dont get any prompt to block firefox I don’t use ffpreloader anymore and I think ffpreloader is responsible but If it is a bug of CFP i hope to be fixed in V3.
I think it must be something specific with your system (or maybe with mine), but CFP did quite nicely on cpil #2 and Firefox, for me. It popped and I blocked, and that was that… (with preloader, as I posted earlier).
Are there any log entries at the time the test failed?
LM
Hi LM. No there wasn’t any log entries. If CFP detects the cpil test2 on your system then that means tha it isn’t a CFP bug. :BNC The other realtime security product i use is NOD32. I will figure out why CFP fails to detect cpil test2 when firefox preloader is running on my system. Soon i hope.
Nikolas
When you installed CFP, did you have NOD actively running? Or any other active security product?