Is it normal while windows xp is booting and loading apps and drivers that CPF shows BAD protection strength for some seconds and then changes to EXCELLENT ?
I thought since it claims to be a smart app the protection strenght will be at least good while booting…
Hi,
This is because in the short time that Comodo is showing bad protection that Comodo hasn’t finished loading all of its components, give it a few seconds to finish loading and your protected.
Although the GUI may be reporting as BAD, the kernel level stateful packet inspection driver (inspect.sys) is already active long before you can see the desktop. I’m only guessing here, but the GUI’s report of good, bad or indifferent is (I think) based on a combination of the SPI driver, the NM rules, the app rules and the component monitor.
Your PC is safe during the boot cycle.
hope this helps,
Ewen 
As Ewen said and is exact, the outgoing connections during boot are all blocked before CPF services are up and going. Perhaps a separate notifier that shows boot protection would be a good thing to throw in the next build as basic user can understandably get confused. However, it is explained in the help file but not to the extent it should be for new users as to the protetction issue as stated.
Paul
Ok I´m beggining to understand how CPF works. BUT there´s a black hole somewhere: I´ve noticed that NOD32 can indeed send and receive packets during boot and CPF soon after that loads it´s GUI and taskbar icon. Then consulting the summary, NO reference of those packets from NOD32 are there… CPF´s log is dummy?
There an option in the CPF that can let you secure it, is it enabled, the last time I saw it its turn off by default, the option is named as"Block All OutGoing Connections while booting", its turned off by default, you have to manually turn it on by going into the Advanced settings Menu and selecting the tick box, don’t tell me you can’t find it. Please avoid typing all words in caps, its rude. And that setting is in the → Security tab → Advanced → Advanced Attack Prevention and Detection → Select the configure button → then select the Miscellaneous, you will see it there(Chome Chome you dude.) Oh yeah, Inbound protection is always on, you can’t turn it off unless you uninstall CPF, rofl. (:TNG)
Thanks matte but that item was already set by myself to ON, so, that´s not it.
Just a question, how are you able to tell this is happening during boot before the apps or CPF is actually loaded? Can you show us a snapshot of the logs?
Paul
Paul, I can indeed tell, for sure, because my machine loads many apps while booting so it takes almost 2:30 to 3 minutes to complete all residents drivers, and one of the first to load is NOD32 then go on till the last Anon Proxy… Well before the CPF icon shows NOD32 already connects to it´s servers , and a few seconds after that CPF icon appears and I opened it, and the summary showed BAD strenght protection for a few seconds, than it changed to EXCELLENT… So, NOD32 was able to send and receive, and no log of that packets appers in CPF. Ok?
Hi, what i’m asking is, how do you know for sure NOD32 has actually made a connection to the servers? Perhaps I am misunderstanding your answer here but if there are no logs of this, or perhaps NOD is set to always allow, but still, there can be a difference between a connection attempt and an actual connection. So what is showing you that NOD is connected? I don’t use NOD so if it has something showing this forgive me. Ok?
Paul
Hi, Well, I´m sure because NOD32 is set to verify for new virus signatures in each login and when it finds, it ´ll download the signatures and updates itself. So, in that boot, occured exactly like I said, and just a few seconds after CPF icon appeared, NOD32 updated itself and advised me like is set to do. And like i said, no LOG of that connection was in CPF. By the way, yes, NOD32 is allowed to receive/send always in CPF rules. How can I set CPF to LOG NOD32´s connections? This will be the key to understand if CPF is beeing bypassed or not!
The easy way to check if NODs autoupdater is bypassing CPF is to remove any and all references to NOD and its updater from the applicaton monitor within CPF and reboot. If CPF pops up and asks about NOD, then CPF is catching the connection and it must have been previously approved. If CPF doesn’t pop up but NOD does autoupdate, then we need to ring Houston and tell them we have a problem.
Hope this helps,
Ewen
You can also run Task Manager; right click the appropriate running program and set the level of “Normal” to a higher level. But::::be very carefull to only choose 1 item, as you will be prompted that doing so may render your system unstable.
CREATE A RESTORE POINT!!!
(:WAV) (:CLP)
By default, “Block All OutGoing Connections while booting” is not on.
I’ve tried to enable that feature but all outgoing connections was block even though after 5 minutes of waiting time.
Normally, it takes less than a minute to load all programs.