Why can every program take over my active browser firefox?

Comodo Internet Security - CIS Install / Setup / Configuration Help - CIS
#1

Hi all,

why can every program take over my active browser firefox in order to connect to the internet.

For example: 1.) I am online with my internet browser firefox. 2.) I click on the help (“Hilfe”, Crystal Dew World (Web)) from CrystalDiskInfo. 3.) CrystalDiskInfo takes over the active Firefox browser and could connect to the internet without alert (!).

I am not delighted about that because every program could take over my active internet browser.

Andreas

[attachment deleted by admin]

#2

When CrystalDiskInfo is on Comodo;s white list it is allowed to start up other white listed programs. That is by design.

#3

If the FW is in custom policy mode and the user hasn’t made a rule for an application, in principle this application won’t connect without an alert even if the application is in the whitelist. At least, it works like that for me. For example, if I use java or adobe reader in my browser I receive an alert if they need to connect.
Defense+ is in parano mode and the rules for these 2 applications are not permissive and that’s maybe the other part of the explanation.

Boris

#4

Actually, it’s not crystaldisk that’s connecting to the Internet, it’s firefox. When you select the Crystal dew World option from the help menu, you’re basically clicking a hyperlink, as such it will choose whatever you default browser is to open the link.

Both Crystaldisk and firefox are ‘safe’ applications, so if you’re running with a default configuration of CIS you’re not going to be alerted. However, if you place D+ in paranoid mode, if firefox is closed, you will receive an alert the first time you select the Crystal Dew World option from the help menu.

[attachment deleted by admin]

#5

Radaghast is exactly correct - the apps are doing exactly what you told them to.

The Help (Hilfe) command is actually a HTTP hyperlink to a web site that contains the help files. This link is passed to Firefox exactly the same way as any other link is passed to the browser.

Ewen :slight_smile:

#6

I changed to paranoid mode.

I didn´t get an alert like radaghast.

I got picture (see below).

After that i did a new start of my windows 7.

I got the same alert like radaghast.

It is ok that CrystalDiscInfo is a “safe” application. I need not the paranoid mode, it is too extreme for me.

It seems my told problem is the problem about hyper links.

Further questions:

1.) Can i forbid safe applications do hyper links in safe mode?

2.) Is the Comodo Firewall costum policy mode able to show hyper links internet attempting connections?

[attachment deleted by admin]

#7

Even in Paranoid mode, assuming you allow the request and remember the answer, you will only receive the alert the first time the request is made. So being in paranoid mode will be of little use if the applications have been declared as ‘safe’.

You can block applications making requests of this nature, however, you will have to edit the defence+ rules for each application you wish to deny such privileges, or you can add all such applications to a File group and apply the rules to the group.

For each application, use a custom policy:

  1. Open D+ and select Computer Security Policy
  2. Select the application for which you wish to create a rule
  3. Select Custom policy and then Customise
  4. Select Run and executable and the Modify
  5. Select Blocked Applications/Add/Browse
  6. Navigate to the folder where your browser is installed and select the executable (e.g. firefox.exe)
  7. Select Ok, OK, Apply etc. to save.

Do the same thing for Windows messages.

You can also achieve the same goal by selecting block, at least for the equivalent of Run an executable, the first time you run the application and make the request. You can also make things a little easier, by getting D+ to ask you what you want to do:

  1. Open D+ and select Computer Security Policy
  2. Select the application for which you wish to create a rule
  3. Select Custom policy and then Customise
  4. Select Run and executable ans Windows Messages and place the check in the Ask box.
  5. Save and exit

Now, when you run the application it will ask you if it’s allowed to make the kind of requests you wish to block with an alert, just select block and remember.

#8

This happens even if you uncheck “Remember my answer” in D+ Alert window and “Create rules for safe applications” in D+ settings?

#9

No, it will prompt if you uncheck Remember my answer, however, this is only for the initial launch of the browser. if the browser is already open you need to control windows messages. This is with create rules for safe applications disabled.

I will amend my post to clarify the position with remember.

#10

I consider if Predefined Policies of Trusted Applications could help me.

[attachment deleted by admin]

#11

Windows messages are still allowed with the limited pre-defined policy, so that would need to be changed and isolated pre-defined policy would probably cause some problems with this kind of application. You could try creating your own policy…

#12

Good idea to create own policy.

I only need an alert when some program executes my internet browser Firefox.

That´s it!