Comodo Internet Security Version 5

Started by Jude, July 06, 2011, 11:50:48 PM

Previous topic - Next topic

Jude

I've been using Comodo products for quite some time.. they have a feature called Defense +.. I'm at a loss...  this constant nagging over Process Lasso accessing the memory. I've married the two together every way suggested and yet the problem remains.. they are best friends..  The computer is running fine.. its the nagging...

Any suggestions?

Many thanks....

Jude

These are combinations of the possible settings..


http://help.comodo.com/topic-72-1-155-1115-general-settings.html

Jude

Well Jeremy... me thinks I may have found a work around.. When Process Lasso loads in my startups.. I only load the core engine. The console does or doesn't need to run unless adjustments are in order? no alerts.. no nag.. well..  :)

Jude


Jeremy Collake

That is very correct. You can just run the GUI/console whenever you need to do a configuration change, which is usually rare. You could even do the configuration changes using notepad and never use the GUI/console.

I need to work on this though, thank you for reminding me of it.
Software Engineer. Bitsum LLC.

Jude

I looked through trusted applications and Bitsum is on the list so that's not it unless a special rule is in order.. its
probably something easy..  ???

Jude


Jeremy Collake

You would imagine that EVERY application would allow a 'trusted list', but there are many that do not!! I would hope Comodo does, but I know of cases (e.g. Symantec DeepGuard) that do not.
Software Engineer. Bitsum LLC.

Jude

Two things..  Memory Firewall...  BOClean... Both Comodo apps they used to be stand alone now they are incorporated into Defense+  So I turned the switch off = no more alerts..  ;)


http://fileforum.betanews.com/detail/Comodo-Memory-Firewall/1201507514/1

http://fileforum.betanews.com/detail/Comodo-BOClean/1177576698/1

Jude

Jeremy Collake

Gotta love consolidation, then they can raise the price and you get more stuff you didn't need ;p
Software Engineer. Bitsum LLC.

offchu

You can add an individual file or an entire directory to the 'Defense+ > Trusted Files'.

http://help.comodo.com/topic-72-1-206-1984-Trusted-Files.html

Jeremy Collake

#8
Got the relevant process names in this thread where Process Explorer users have the same issue: http://forums.comodo.com/defense-sandbox-help-cis/sysinternals-process-explorer-v14x-trusted-but-still-blocked-t73465.0.html

They also say that this issue CAN NOT be resolved through the 'Trusted Files' list. Maybe they should rename it to 'kind of trusted'. It is not uncommon for security vendors to take over a PC, and not really care what else is going on, or what they might influence. Some are better than others. Generally us 'other' application developers are left to work around whatever their latest issues are.

It can, however, be adjusted another way, by disabling the policy to check for external memory access on its processes:

Quote
If you wish to get rid of these messages and 'trust' the application you can add them to the "Comodo group" protection exceptions.
The entries you are seeing is CIS protecting it's self from being attacked in this case by PE, as PE doesn't back-off on processes that are loaded but not accessible you keep getting log entries for it.

To allow this go to Defense+ -> Computer Security Policy -> select Comodo Group -> Customize -> Protection settings -> Interprocess memory access -> Modify.

And add the process there, then the logging should disappear.
Software Engineer. Bitsum LLC.

Jeremy Collake

Fixed internally (read above for my post-edit rants about this issue). I just need to test now. I may upload a beta to let any volunteer see if it fixes it. Every bit of time I can safe the better. I'm fairly confident it will, though I may need to exclude one more process (we'll see). Otherwise, I'll install Comodo in a test bed and give it a go.
Software Engineer. Bitsum LLC.

offchu

You are right. In this case, protection exceptions should be used.

http://help.comodo.com/topic-72-1-206-2032-Defense+-Rules.html#Protection_Settings

Defense+ -> Computer Security Policy -> select COMODO ... -> Customize -> Protection settings -> Interprocess memory access -> Modify.  -> Add (ProcessLasso.exe)

###

<Product Here> = Internet Security, Firewall or Antivirus etc.

Comodo GUI -> C:\Program Files\COMODO\COMODO <Product Here>\cfp.exe
Comodo Service -> C:\Program Files\COMODO\COMODO <Product Here>\cmdagent.exe
Updater -> C:\Program Files\COMODO\COMODO <Product Here>\cfpupdat.exe
Log Viewer -> C:\Program Files\COMODO\COMODO <Product Here>\cfplogvw.exe
Crash Reporter -> C:\Program Files\COMODO\COMODO <Product Here>\crashrep.exe

Jeremy Collake

Thanks! I had inferred the process purposes. I am pretty confident my fix will work, though will test it to be sure. Hopefully I can get a trial Comodo without having to fill out everything about myself ;p.

At least there is also an alternate fix we know about on Comodo's side, as hidden as it may be.
Software Engineer. Bitsum LLC.

Jeremy Collake

Please see these *potential* fixes (still gonna test in house to make sure). I didn't want to exclude its other processes, but may have to if it monitors them.

http://www.bitsum.com/files/prerelease/prolasso.zip
http://www.bitsum.com/files/prerelease/prolasso64.zip
Software Engineer. Bitsum LLC.

offchu

You don't need to fill anything. :P Comodo has free version with all the core features. (Free vs Paid)

COMODO Internet Security Premium
http://download.comodo.com/cis/download/installs/1000/standalone/cispremium_installer.exe
Size: 60M ( 62679504 )

Jeremy Collake

Ah, good. I HATE having to fill out long trial forms to get a freaking link ... these companies just gotta build up their spam databases ;o
Software Engineer. Bitsum LLC.

Jeremy Collake

Tested.

Comodo's interoperability issue is not as easily fixed as I thought, though will be fixed shortly. It monitors not only its own processes for 'intrusion', but also critical system processes. I need to determine all these processes. It is important to note that only the GUI normally accesses them, unless perhaps if certain watchdog events are configured.

The fix will actually be best this way anyway, as a total ignore of the Comodo's processes would hide it from display. This way I will selectively certain metrics (info columns) from certain processes when Comodo is found active (and perhaps always, as this policy may spread to other vendors if it hasn't already).

Software Engineer. Bitsum LLC.

Jeremy Collake

This HAS been addressed in v5.0.0.36 (coming within hours). If you do not add Process Lasso to the excluded applications in Comodo (in the right area), you may sometimes see log entries, but not constant never-ending log entries like before.
Software Engineer. Bitsum LLC.

Hotrod

I see you've also added an edit feature(double click) to all the config dialogues. I was going to suggest this today as I had noticed it was missing over the last couple days when I made some changes. I wonder if this might be more intuitive for a user if there was just an edit button in the dialogue? Either way it's much better than having to make a new entry and delete the old one. I also noticed a while back that when making watchdog changes from the listview dialogue it would keep the old value so that 2 checks would be in the CPU% part and one would have to revisit the dialogue and remove one of them. You may have fixed this ??

Jeremy Collake

Yes, that improvement was much needed. I continue working on more improvements, as I was horribly lazy when I first coded them (as us low-level programmers are when it comes to user interface stuff). Since they worked, and many just used the process context menus to create and edit rules, I never worried much with improving them until recently.

I am not sure about the other watchdog config dialog bug you mention, I will look into it. I did fix a bug where that manual entries into the drop-down combo boxes were being ignored (so if you typed '35%' it wouldn't be accepted, instead you had to drop-down and select 35%).
Software Engineer. Bitsum LLC.

Jude

O.k. Jeremy.. updated to new build..  now for the test..  ;)

Jude

Jude


Jeremy Collake

Great ;). Thanks for the confirmation that this was resolved. If it ever re-appears, be sure to let me know! I do not have enough time or test beds to continually monitor every security product, so it is important users let me know anytime something goes wrong.
Software Engineer. Bitsum LLC.

Jude

That happens at my forum.. somebody will ask a question then they don't reply to let us know if the answer worked..  :(

Thanks again!

Jude

Jude

 ;D  Still good to go Jeremy.. it works with or without Defense +

Jude