View blocked applications & undo blocked process [SOLVED]

Sorry, but can anyone tell me how to view/edit/remove blocked applications added please. I can’t for the life of me find this?

Also, I had blocked an update app in accident, and now the main app won’t start up properly. Is there a way to reverse this via comodo?

???

https://forums.comodo.com/help_for_v3/how_to_view_trustedblocked_application_list-t15800.0.html

Sorry, I found the answer here…

Hello Dtomzi,

You can remove them from the network security policy, Firewall, Advanced, Network Security Policy.
Now look up the application, select it and click remove, apply the policy and do the same for Defense+
Go to it, Advanced, Computer Security Policy, find, select, remove and apply.

Now it should be running fine again, and or asking for permissions (possibly after a reboot).

Thanks Ronny…

All the advice I have seen about ‘unblocking’ has focused on 'simply go to Security Policy and fix it.

I have well over 500 ‘applications’ in my Defense+>Advanced>Computer Security Policy. There is no way to sort it (that I can see) which would allow a manual search. There is no way to search it that I can see. What is worse, I don’t even know what I am looking for if I could search!!?!

Anyway, I inserted a USB memory stick, that launched a ‘driver update’ effort. I blocked it (not realizing at the time what it was). And, it remembers that I blocked it. So, further attempts simply fail, reporting that the attempt was blocked. But I have no clue what ‘application’ does driver updates. My log showed: HKLM\SYSTEM\ControlSet001\Services\wudfsvc whatever that means. Any help would be appreciated.

According to the systems registry it’s related to svchost.exe

ImagePath
%SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted

So maybe you can verify that application?

Thanks for the reply, but I still have several problems. How does one find anything in Defense+>Advanced>Computer Security Policy? On my PC, there are over 500 unsorted and unsortable entries. Very annoying. Anyway, the application on my log is shown as C:\Windows|System32\services.exe (vs. svchost). Going to Defense+>Advanced>Computer Security Policy under a folder labled Windows Updater Applications, I do find %windir%\System32\svchost.exe. However, it is grayed out. I have looked for services.exe but do not find it in that folder or any other folder. So, here are my problems:
What am I looking for? (svchost.exe, services.exe or something else)
How do I find it?
Once found, how do I ‘verify’ it? (you suggested I should ‘verify’ svchost, but I don’t know what that means. Having found it, grayed out, I doubt that I could do anything with it if I wanted to)
And if if ‘fails verification’ (whatever that means) - how do I unblock a blocked application (which is where this post started)?

I know how it got blocked (I did it, inadvertently). But I don’t know what ‘it’ is (whatever automatically updates device drivers) and how to unblock it. Browsing Defense+>Advanced>Computer Security Policy has not been of much help. I feel this has to be simple, but it sure beats me.

At least under xp (and i don’t know for 64 bits), some registry cleaners like Regseeker provide you the comprehensive list of comodo defense+ entries.

Not totally sorted, but still easier that to check manually every group, every application and every process.

There is some sort of “search” option in the Defense+ policy, if you open it and click twice on the “Applications” bar and press CTRL-F after that you can start to type a path and it should make it a little more easy to find some stuff faster, I know it’s not perfect but better then manually browsing such a large list.

Can you try to reboot and after that insert the USB and after it fails, can you verify the Defense+ logging to see if it records something and post a screenshot of it?

An other option is to use the config reporting tool located here:
https://forums.comodo.com/help-cis/comodo-firewall-procis-configuration-reporting-script-latest-version-is-0723-t20950.0.html

It will output a txt or html result of your current config and you can “search” trough that file to see where the “blocked” entries are…

Wow, Ronny, thanks! This was by FAR the most useful info I have found here. The USB driver update problem is not (yet) solved, but ‘searching’ has been solved. For those as inexperienced as I - when you double click per Ronny’s suggestion, nothing happens, but when you then CNTL-F, the find bar appears and you get the effect of a sorted DB. Wonderful! You say ‘not perfect’ but it is darned close to perfect. I was losing my mind thinking I am missing something.

But I wasn’t - the item called out again is services.exe and it is nowhere to be found in the Computer Services Policy. Per your request, I rebooted, inserted the USB, and it did the same old routine. I used Snipping Tool to capture screen images, but have been unable to sort out how to include the screen images in this post. There is ‘insert image’ but when I copy/paste, nothing happens. So, if you can coach me through how to post a screen image, I’ll get it here. But the log entry was the same as the previous.
c:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\Services\wudfsvc

Sorry, I should have read more before posting that ‘I don’t know how to do a screen shot’ - now I do (I think).

http://s783.photobucket.com/albums/yy118/rmunson1/Comodo/

Well, it isn’t working for me, but maybe someone else can see the screen shot? Rather than the screen shot, I get an icon just like the one in the instructional post which is telling you how to post a screen shot. So, maybe I have to have some other option turned on to see it. Or, maybe I need to post it differently.

Here is the raw URL, perhaps you can use that for a screen shot?
http://s783.photobucket.com/albums/yy118/rmunson1/Comodo/

Perhaps this will work.

I think it’s named

%windir%\system32\services.exe

Maybe that works instead of c:\windows

Perhaps. When I use CNTL-F and begin typeing % etc. it does show services.exe. However, when I highlight it, for some reason, it no longer shows %windir%\system32\services.exe but, instead, goes to the very top of my Computer Security Policy file. It takes me to:

I don’t think ‘Flash Player’ has anything to do with ‘USB driver update’ and don’t know where to go from here.

In other words, %windir%\system32\services.exe would appear to be in my Computer Security Policy file, but after ‘finding it’ using CNTL-F and highlighting it, all of a sudden I am looking at the screen above with no clue where to go next.

Try to run the “Purge” operation to remove all invalid entries, maybe that cleans out the Policy a bit, for the rest It should be close to the bottom as the “users answers” are added to the top.

Purge probably cut the DB in half.

Now, for some reason, when I CNTL-F, and select services, it allows me to select it. I find it near the bottom of my Computer Security Policy, but it is there, it can be highlighted, edited, removed, … - now, all I need to know is what to do! Thanks for getting me this far. I have no idea why I couldn’t highlight/edit it before the purge, but at least now I can.

Here is the DB:

I should add, upon double clicking, I can also look at access rights and protection settings.


Under access rights - nothing is blocked. Two choices are ‘ask’ (Run an executable and Protected Registry Keys) the rest are marked ‘allow.’ Under protection settings, all ‘active’ are marked ‘no.’

Please double click on it, and go to Protected Registry Keys, switch to the “blocked” tab and the thing you like to remove should show up… select it and press Remove.

Sorry if it’s a bit cryptic but I’m testing version 5.x and they changed that GUI part :wink:

Wow…success!!! Thanks so much. You are incredible to persevere with me through all of this. While I’m at it, I’ll include the screen shots of the success for posterity and offer some other hints that other newbies might stumble on (like me).
Purge - easy to do, but it doesn’t take effect until you click ‘apply’ (it looks like it does, but it doesn’t)
Remove (final step in fixing my USB driver update problem) - click it, looks like it works, but unless you click OK and apply and apply until you are all the way out, you haven’t really removed it. It took a few trial/errors prior to final success, but it works.

Here is screen shot showing the blocked item:

For what it is worth, here is the screen shot showing the device driver did, in fact, finally update.

Glad I could be of assistance, and thanks for reporting back :-TU