I am using Comodo Firewall Pro version 3.0.16.295 (32 bit, Windows XP SP2) which is set on: Firewall Security Level = Custom Policy Mode, Defense+ Security Level = Clean PC Mode.
When I boot up my PC, D+ automatically blocks the following suspicious attempts:
C:\WINDOWS\System32\CSRSS.EXE - Terminate Process - C:\Program Files\COMODO\Firewall\CFP.EXE
C:\WINDOWS\EXPLORER.EXE - Terminate Process - C:\Program Files\COMODO\Firewall\cfpupdat.exe
(Please see the attached Print-Screen)
Isn’t Comodo a ‘trusted application’? Why is BOC425.EXE being blocked?
I tried to alleviate these ‘blocks’ by going into D+ “Computer Security Policy”, to “COMMODO Firewall Pro”, “Protection Settings”, and modifying “Interprocess Memory Accesses” and “Process Terminations” by adding BPC425.EXE as an exception. The strange thing is in this version of CFP, when I tried to ‘Apply’ these changes, they didn’t “take” at all and disappeared when I went back to check it. In CFP version 3.0.15, I was able to make this change without any problem. Why isn’t this procedure working in this version of CFP? How can I prevent these ‘blocks’ from occurring? Thanks.
These blocks are of actions by explorer and crss that do appear suspicious. You do not want them to terminate cfpudate or cfp. The boclean blocks look normal, due to cfp protecting itself. The others look like a virus that is trying to shut down Comodo.
You beat me to it sded,it looks fishy does that CSRSS.EXE cant see why that would be trying to terminate cfp.exe.
Allthough cmdagent.exe is the main program and cfp.exe just the GUI (i think) i`ve not seen it before.
Try this Vettetech it might work.Find the Logitech .exe`s in Defence+/Advanced/Computer Security Policy
Right click/Edit/Use a Custom Policy and click on access rights.You will get a Process access rights window/choose Modify next to Interprocess Memory Accessess and change to allow.
Should have asked this first,what target is Logitech trying to access?
D+ → Advanced ->Comodo Firewall Pro (Allow for Protection Settings → Memory Access) → Add the
executable(s) in the exception list
This looks like it is broken or no longer allowed in 295. You can add stuff but it is ignored and disappears after applying the changes. Can someone verify this?
Maybe part of the Improved Self Defense in the release notes? Sounds like a bad security practice to allow memory access to the firewall. Or terminations or … by other programs.
Then I don’t understand why the ‘Protection Settings’ was left enabled. It may be an improvement, but I don’t like the sloppy way it was implemented. I guess we’ll have more D+ events to ignore now that we can no longer allow CFP exceptions. I previously had SAS, AVG, A-Squared, etc. in the exception list to keep the Access Memory warnings out of the D+ event log when running scans.
Rather annoying when it says there is 1 blocked item or 3 or 5 in your D+ log and the item has been around longer then Comodo. Logitech software is a trusted apps and should not come up as a suspicious item.