why i stopped using comodo

Sorry mates, awesome piece of security software, but really ticked me off.

my fav game gets frequent updates.
once it updates, although it’s whole folder is placed under trusted files, comodo WILL sandbox it, rendering it unable to start, at least not untill i manualy re-do trusted files and confirm 5-6 dialogues.

this had just made me 110% mad tonite. uninstalling.

Sorry to see you go.

To stay practical though. Are the executables of these games digitally signed? Then add the digital signer to the Trusted Software Vendors list and see if that works out for you.

yea yea 120 days… blah blah. :stuck_out_tongue:

I actually agree with the OP… this area does need alot of improvment… >_>
though for me this is only a minor annoyance, rather than something to stop me from using it…
also, it doesn’t sandbox for every case… it actually deals more with HIPS, but the issue is the same regardless…
(the issue being programs aren’t remembered)

I have a program called “Nitrous Desktop” which is a trusted program for collaborative development.
upon startup, it launches a copy of itself from the user-temp directory, where about 3-4 exes need to be verified each time.
(I must’ve allowed this program (checking “remember”) about 80 times by now)

I must note, while this program IS trusted, it’s extremely WIP which is why it looks malicious.

I could suggest something simple such as putting the name of the exe in an allowed location in the HIPS settings…
or you could go a little more complex and store a copy of the exe for comparison… if it doesn’t match, throw a note. :wink:

for an example of something that IS sandboxed…
I have a cracked Minecraft launcher because I don’t have a credit card (1) and can’t afford the game (2)… blah
upon startup after the thing updates, it gets sandboxed.
(I havn’t found any threats with the launcher, so I do believe it’s safe)

This video I made might help with this situation: Allow an Application to Launch Another Application With a Changing Path (CIS)(HIPS/BB) - YouTube (Might still be processing, give it a few minutes)

coulda just said to replace “…/temp/name/…” with “…/temp/*/…” :wink:

@users: if you’re new to CFW though, please watch his video :slight_smile:

OT comment:[spoiler]
I see dat rubyw.exe request. XD
I personally prefer pythonw.exe ;D

True however I never know the previous experience users have with CIS so I try to make it as detailed as possible, good for if someone else finds the instructions too but doesn’t have much experience with CIS and at that point I’m too lazy to write it all out and rather make a video instead… And I was going to make a short text instructions too but I couldn’t word it properly for some reason so I gave up. ^-^‘’ Your summary is nice though, for people that know where to input it that is.

I don’t really know what they are, I just know that Private Internet Access application needs the rubyw.exe executable to work correctly. Well I know of Ruby and Python but don’t know what the rubyw.exe/pythonw.exe executables are.

lol yea, and thanks. :slight_smile:

allow me to fill you in :wink:
Ruby and Python are “basically” the same as both are interpreted programming languages…
I havn’t used Ruby, but I have used Python enough to know about python.exe and pythonw.exe. :wink:
both exe’s are basically the same in what they do, except for their file association, *.py uses python.exe while *.pyw uses pythonw.exe.
pythonw is nothing more than a hidden console window, leaving the main pyw file in charge of displaying it’s own window.

since Ruby is basically the same (even down to a similar syntax) I assume there’s ruby.exe and rubyw.exe which play the same roles :slight_smile:

I see, thanks for the explanation. =)

Also, mods, sorry for off-topic. :embarassed:

If the files are not digitally signed, even if the vendor,folder and it’s files, are in trusted lists, they will get sandboxed if they are updated. In other words if they are modified in any way. I have one game that has this problem and it’s the vendor’s fault. They are a trusted vendor and every file in the game is signed except the main executable. I can’t understand why they don’t sign the most important file. Every time there is an update, I have to start the game, get the sandboxed alert, and choose to not sandbox it again. That is, if I see the alert before the game goes full screen. If I don’t, I will get a game error that says the 3D renderer could not be initialized and than have to close the game, go to unrecognized files in the Comodo advanced options and send the file to the trusted list. It is annoying but I don’t blame Comodo at all. It is just doing it’s job.

not exactly…
yes it IS the vendor’s fault overall, but it’s Comodo’s fault for not remembering that yes this IS a trusted file and should be treated as such.

like what I provided earlier, you should be able to tell Comodo that you don’t want it to sandbox this and leave it as is.
the only time there should be a new sandbox alert is if the file was modified ONLY by an untrusted source.

In that case make a matching HIPS application rule. That way CIS will follow the rule and it will stop checking the file hash code.

may I recommend switching to proboards so I can “like” this post. :slight_smile:

I’m a full-time free proboards user and I can say your forum would benefit from it. :wink:

also, I could help you out by offering my hand at building a plugin. ;D
(I have alot of experience with this on my forum)

the only thing you’ll be dropping is the preview button for a rich-text editor :frowning:
(I’m working on a real-time BBC previewer to fix that) < based off this

I have to agree with original post.
If I trust a program then that is it. End of story. There is no need, unless it pops up and tells me that I need to do something extra at the time I trusted it-and tells me how to do that, for it to ever be sandboxed or stopped in the future.
That is just how it is. No excuses justify this. It is a bug, and needs to be fixed.

But on a further note. The firewall itself needs some extra work. SVCHOST and others might be safe progrrams in and of themselves. But many other programs use them. So they are not trustworthy nor safe. To include them by default actually renders your firewall useless. I might as well use a simplified version of some advanced firewall rules.
You need to stop doing that for a start.
Then you also need to have a copy option on the ip address that do come up. So at least I can look them up quickly. And for the program to actually remember when I do press remember. And Not act like some senile grumpy old women.
The alert needs to

  1. Tell me which program called on svchost, or whatever else, dllhost etc etc. (this is important, and the fact that it could but doesn’t do this is just stupidity.)
  2. I should be able to check that ip and copy it easily. Not have to write it in the browser.
  3. Include a whois automatically, It is a free service on the net. I am sure you can do this. Just put your big boy pants on and take off the scheming lets make money out of these suckers beard.

This is exactly why I came to this forum. I made a post in the UI Suggestions thread, you should post there too.

Guess treating the frequently updated programs as installer/updater could solve the issues?
But treat as installer/updater only if you are sure the programs are safe.

Hi aand,
What would be the point of any user posting the same information in another topic.
Please note crossposting is against the Forum Policy, so it is not a good idea to recommend doing so to other members.


Locking this topic as it may attract posts that are better suited in Why did you uninstall CIS? Please help us improve by telling us why. or Wishlist - CIS.