What protection if CPF crashes?

I wonder what is the protection in case CPF crashes (I mean the front end app)?
From what I noticed with previous beta (3.3.2.21), it sounds like my PC was becoming wide open. Indeed, the kind of “NIDS” feature of my AV (avast) was fired up to let me know some kind of DCOM attack was pending…

In summary, is there some low-level driver ensuring a failsafe mechanism blocking any incoming connection in case some parts of CPF is not properly working?
This sound to me as a critical feature to be implemented ASAP, if not in 2.3.3.33…

TIA

Well from the experience that had during a crash, all programs that were allowed comunicated perfectly with the net but apps that had not been approved before the crash could not go online. But I don’t know what happens if you’re pc is under attack

Hi,

CPF has protection against termination and if parts are turned off I believe it will block connections in and out just in case parts are closed. It will also display numerous different warnings if parts are not working or if it being shutdown.

Mike

Hi Mike,

what do you mean by “I believe”? ???
Does CPF actually blocks all incoming connections?
From above reply, it sounds that’s not true for outgoing connections…
Concerning the warning, I saw it in previous beta, but it times out after a (short) while, while it should be displayed forever FMPOV (moreover color should be more distinctive from other popups: eg. red instead of the usual blue)

BTW, this is really essential, as even if CPF has protection against termination (great), as any other piece of SW, one can’t guarantee it is bug free and won’t crash one day!

Hi TerDale,

I’m not sure what CPF blocks (I think it is both incoming and outgoing) if it is terminated or off. It was on another thread, but I can’t remember exactly the details.

If you contact egemen on the forums he should be able to verify this.

Mike

Hi guys,

Let me clarify :

1- If CPF.exe is closed by some malware, unless the application is approved before and there is no leak, it will be able to connect
2- If CmdAgent.exe is closed by some malware, no application will be able to connect.

In any case, inbound protection, shall always remain intact from the first time your computer starts booting.

There is no way to disable CPFs inbound protection by closing anything. And it is not quite easy to close any CPF related processes without user’s approval.

cmdagent.exe = lsp???

just curious.

ewen :slight_smile:

Nope. It is the core which is responsible from everyhing. Watching system activity, analyzing threats etc.

CPF does not use LSP.