v3 fails CPIL tests [Merged Threads]

Lucky for you, your accidental block didn’t lock up your system…

But yeah problem with hips like defense+ are like that either you get too paranoid and you accidentally block something a while ago, and then later you find something not working and you have a heck of a time figuring out why, until you remember you blocked some werid behavior a while ago,

or the opposite where you accidently allow a bad guy to do bad stuff…

Personally when using HIPs and firewalls, i have also adopted the “don’t check remember” strat , but it gets really annoying when you keep getting the same prompts…

What i want to see is a better way of managing all these answers you give.

A listing by day/week of the rules you created (via prompts), would be very helpful… Similarly, a listin by process of the rules you created (via prompts).

Then you can see, oh on monday 4:15 pm, there was a prompt about X doing Y and i disallowed it…

Some security software, has a nice option, where you get set your answer to be remembered temporaily for example until your next reboot, that would be nice…

I would personally like something like this, but for a longer time. You could say ask the hips to remember your answer for X days, and after that time has passed, it will ask you whether you want to commit those changes permentantly. If you have suffered no ill effects in the mean time, you will say okay.

This helps makes it easier to manage the rules you create. Right now, i create a rule, and then i don’t remember that i did…

Yes, I did all that but with Comodo having that whilelist, things like the leaktest can get through because it sees it on your system. So if you let something through accidentally, then the firewall will see it on the system and think it is ok. I have them both set at Train with Safe Mode and the GRC leaktest will get through if I leave it on my system. I can block it the first time with no problem, but it seems to get through after that.

??? :o i didn’t have that issue. as long as i don’t tick “remember” on train with safe mode, the pop up message will always shows up.

I got the pop-ups great the first time I ran the leaktest and it never got through. Running it anytime after that is when it always got through.

(:TNG)

heey, that’s a good idea. :BNC
especially for a novice like me who doesn’t really know what they’re allowing/blocking. have you put that on CFP wish list?

this is soooooo weird ??? on the first leak test, did you allow it or you block it? have you checked the computer security policy?

I blocked it the first time. I remove it from the computer security policy and it still gets through the next time. If I delete the file from the hard drive, reboot and redownload it, as long as I don’t put it in the same place as it was before and I rename it, then it will not get through, until I repeat the test.

so you blocked & remember it (it’s listed on comp security policy). why did you remove the rule then? how about: block & remember, and after that, try to run the app one more time. it’s supposed to be blocked automatically since you’ve blocked & remembered it in the first place

I do the block and remember on the first try. But it still gets through after that if the leaktest file is left on the system. I only remove the policy when I do a fresh test after it had gotten through the firewall.

i thought you had that issue resolved before :o
have you tried to submit a support ticket.
i think there’s no point of having a HIPS if a “remembered block” rule doesn’t actually remembered ???

The issue is resolved as long as I delete the file off my system, reboot and re-download the file. It only doesn’t seem to work right if I keep the file on my stsem and try it again later.

Hi everybody!

First of All!..

Thanks for your (all) fast answers and ideas!

You have reason!
I have the leaktest software in the PC.
Now I put the Defense+ in “Train in Safe Mode” and I removed the CPIL from the authorization list.

After that I did repeat the test. Now I receive a authorization question from Comodo before can write anything in the field for text of the software.
See the file attahed…

I prefere receive messages than do not receive anythng and can’t see wath is hapenning.

[attachment deleted by admin]

cool! welcome to my world. i set D+ to Paranoid mode

Today installed CFP 3.0.15.277 and try it with LT-leak test from Gibson Research Corp.
Result is :
Firewall is penetrated.
Firewall security level is set to Train with Safe Mode.
Can I do something to improve security or…
Apps is installed on XP Pro.
Thanks,

what about the Defense+ setting? try “train with safe mode” or “Paranoid mode” instead of clean PC mode

Please realize that if you have your proof-of-concept test application (leaktest, etc) already on the computer when you install CFP, the leaktest will fail. A default installation of v3 puts Defense+ in Clean PC mode - this mode considers that all executables on the machine are safe, since it shouldn’t be installed on an unclean box.

Once you run the leaktest, v3 will automatically create rules to allow it. Go into the Security Policy, remove all rules for leaktest and browser (because of the integration). As ganda says, change to Train with Safe Mode or Paranoid. Reboot. Run your browser, so it has necessary permissions.

THEN try the leaktest. You will get different results.

LM

Thaks for your assistance.
LT apps before Comodo installation was situated in other partition- not in Win XP Pro and I put it on the Desktop of C:\ Windows only after Comodo was installed.
Installed Comodo as a “Basic”.
Firewall Security level is set to Train with Safe Mode
Defence+Security Level to Paranoid Mode
Result of LT test was again “Firewall is Penetrated”
I am very sorry to ask you again for one tutorial how to secure my PC from intrusions .
I repeat I am not an advanced user, just common PC user.
Thanks in advance for any your help.

horn,

If you installed v3 as “Basic” that means firewall only; HIPS (Defense+) did not install (even though it still shows in the interface). Look at the Defense+ section of the Summary page. I think you’ll find that its status is “Inactive.”

I had thought that if installed as the FW only, D+ was still there, just disabled. I have test-installed it as FW only, and find that D+ is inactive, though showing at Clean PC mode. I can change the slider, but it doesn’t change the inactive status.

Please let me know if this is what you’re experiencing.

LM

Yes , the situation is as you stated , status is “Inactive”
As I mentioned ,during instalation I decided to install “Basic” version, without Defnce+ to avoid my machine to be slow down more then necessary.
Try to change “Inactive” status to be “Active” but failed - just receiving remainds, nothing else.
Seems to me that adjusting CF in right way is very complcated thing for one common user.
At the moment I have KIS 7.0.0125 , plus Windows firewall and I hope this is enough protection from intrusions.

Thanks for the update, horn. I will pass along a report to Comodo.

KIS has a firewall, correct? If so, it’s probably best to disable/turn off Windows FW; having it running is unnecessary.

And yes, that should give you sufficient protection from intrusions (unless you walk on the dark side, that is… ).

LM

Thanks for your support and assistance Little Mac.
I’ll wait for some other new version of CF.Seems very nice and efficient application, but nedd some improvement and I have no doubt that the Comodo team will solve this small bugs in near future. (V)