Comodo Internet Security Version 5

Jude · July 06, 2011, 11:50:48 PM

I've been using Comodo products for quite some time.. they have a feature called Defense +.. I'm at a loss... this constant nagging over Process Lasso accessing the memory. I've married the two together every way suggested and yet the problem remains.. they are best friends.. The computer is running fine.. its the nagging...

Any suggestions?

Many thanks....

Jude

These are combinations of the possible settings..

http://help.comodo.com/topic-72-1-155-1115-general-settings.html

Jude · July 07, 2011, 02:55:51 AM

Well Jeremy... me thinks I may have found a work around.. When Process Lasso loads in my startups.. I only load the core engine. The console does or doesn't need to run unless adjustments are in order? no alerts.. no nag.. well..

Jude

Jeremy Collake · July 08, 2011, 07:38:15 AM

That is very correct. You can just run the GUI/console whenever you need to do a configuration change, which is usually rare. You could even do the configuration changes using notepad and never use the GUI/console.

I need to work on this though, thank you for reminding me of it.

Jude · July 08, 2011, 09:46:42 AM

I looked through trusted applications and Bitsum is on the list so that's not it unless a special rule is in order.. its
probably something easy..

Jude

Jeremy Collake · July 08, 2011, 01:09:16 PM

You would imagine that EVERY application would allow a 'trusted list', but there are many that do not!! I would hope Comodo does, but I know of cases (e.g. Symantec DeepGuard) that do not.

Jude · July 08, 2011, 06:38:53 PM

Two things.. Memory Firewall... BOClean... Both Comodo apps they used to be stand alone now they are incorporated into Defense+ So I turned the switch off = no more alerts..

http://fileforum.betanews.com/detail/Comodo-Memory-Firewall/1201507514/1

http://fileforum.betanews.com/detail/Comodo-BOClean/1177576698/1

Jude

Jeremy Collake · July 09, 2011, 04:11:11 AM

Gotta love consolidation, then they can raise the price and you get more stuff you didn't need ;p

offchu · July 10, 2011, 05:27:25 PM

You can add an individual file or an entire directory to the 'Defense+ > Trusted Files'.

http://help.comodo.com/topic-72-1-206-1984-Trusted-Files.html

Jeremy Collake · July 10, 2011, 08:42:52 PM

Got the relevant process names in this thread where Process Explorer users have the same issue: http://forums.comodo.com/defense-sandbox-help-cis/sysinternals-process-explorer-v14x-trusted-but-still-blocked-t73465.0.html

They also say that this issue CAN NOT be resolved through the 'Trusted Files' list. Maybe they should rename it to 'kind of trusted'. It is not uncommon for security vendors to take over a PC, and not really care what else is going on, or what they might influence. Some are better than others. Generally us 'other' application developers are left to work around whatever their latest issues are.

It can, however, be adjusted another way, by disabling the policy to check for external memory access on its processes:

Quote
If you wish to get rid of these messages and 'trust' the application you can add them to the "Comodo group" protection exceptions.
The entries you are seeing is CIS protecting it's self from being attacked in this case by PE, as PE doesn't back-off on processes that are loaded but not accessible you keep getting log entries for it.

To allow this go to Defense+ -> Computer Security Policy -> select Comodo Group -> Customize -> Protection settings -> Interprocess memory access -> Modify.

And add the process there, then the logging should disappear.

Jeremy Collake · July 10, 2011, 08:51:58 PM

Fixed internally (read above for my post-edit rants about this issue). I just need to test now. I may upload a beta to let any volunteer see if it fixes it. Every bit of time I can safe the better. I'm fairly confident it will, though I may need to exclude one more process (we'll see). Otherwise, I'll install Comodo in a test bed and give it a go.

offchu · July 10, 2011, 09:02:09 PM

You are right. In this case, protection exceptions should be used.

http://help.comodo.com/topic-72-1-206-2032-Defense+-Rules.html#Protection_Settings

Defense+ -> Computer Security Policy -> select COMODO ... -> Customize -> Protection settings -> Interprocess memory access -> Modify. -> Add (ProcessLasso.exe)

###

<Product Here> = Internet Security, Firewall or Antivirus etc.

Comodo GUI -> C:\Program Files\COMODO\COMODO <Product Here>\cfp.exe
Comodo Service -> C:\Program Files\COMODO\COMODO <Product Here>\cmdagent.exe
Updater -> C:\Program Files\COMODO\COMODO <Product Here>\cfpupdat.exe
Log Viewer -> C:\Program Files\COMODO\COMODO <Product Here>\cfplogvw.exe
Crash Reporter -> C:\Program Files\COMODO\COMODO <Product Here>\crashrep.exe

Jeremy Collake · July 10, 2011, 09:10:21 PM

Thanks! I had inferred the process purposes. I am pretty confident my fix will work, though will test it to be sure. Hopefully I can get a trial Comodo without having to fill out everything about myself ;p.

At least there is also an alternate fix we know about on Comodo's side, as hidden as it may be.

Jeremy Collake · July 10, 2011, 09:23:47 PM

Please see these *potential* fixes (still gonna test in house to make sure). I didn't want to exclude its other processes, but may have to if it monitors them.

http://www.bitsum.com/files/prerelease/prolasso.zip
http://www.bitsum.com/files/prerelease/prolasso64.zip

offchu · July 10, 2011, 09:24:19 PM

You don't need to fill anything.

Comodo has free version with all the core features. (Free vs Paid)

COMODO Internet Security Premium
http://download.comodo.com/cis/download/installs/1000/standalone/cispremium_installer.exe
Size: 60M ( 62679504 )

Jeremy Collake · July 10, 2011, 09:39:37 PM

Ah, good. I HATE having to fill out long trial forms to get a freaking link ... these companies just gotta build up their spam databases ;o

Jeremy Collake · July 10, 2011, 10:36:07 PM

Tested.

Comodo's interoperability issue is not as easily fixed as I thought, though will be fixed shortly. It monitors not only its own processes for 'intrusion', but also critical system processes. I need to determine all these processes. It is important to note that only the GUI normally accesses them, unless perhaps if certain watchdog events are configured.

The fix will actually be best this way anyway, as a total ignore of the Comodo's processes would hide it from display. This way I will selectively certain metrics (info columns) from certain processes when Comodo is found active (and perhaps always, as this policy may spread to other vendors if it hasn't already).

Jeremy Collake · July 14, 2011, 07:37:29 AM

This HAS been addressed in v5.0.0.36 (coming within hours). If you do not add Process Lasso to the excluded applications in Comodo (in the right area), you may sometimes see log entries, but not constant never-ending log entries like before.

Hotrod · July 14, 2011, 12:54:12 PM

I see you've also added an edit feature(double click) to all the config dialogues. I was going to suggest this today as I had noticed it was missing over the last couple days when I made some changes. I wonder if this might be more intuitive for a user if there was just an edit button in the dialogue? Either way it's much better than having to make a new entry and delete the old one. I also noticed a while back that when making watchdog changes from the listview dialogue it would keep the old value so that 2 checks would be in the CPU% part and one would have to revisit the dialogue and remove one of them. You may have fixed this ??

Jeremy Collake · July 16, 2011, 03:42:39 PM

Yes, that improvement was much needed. I continue working on more improvements, as I was horribly lazy when I first coded them (as us low-level programmers are when it comes to user interface stuff). Since they worked, and many just used the process context menus to create and edit rules, I never worried much with improving them until recently.

I am not sure about the other watchdog config dialog bug you mention, I will look into it. I did fix a bug where that manual entries into the drop-down combo boxes were being ignored (so if you typed '35%' it wouldn't be accepted, instead you had to drop-down and select 35%).

Jude · July 21, 2011, 05:53:10 PM

O.k. Jeremy.. updated to new build.. now for the test..

Jude

Jude · July 21, 2011, 08:09:54 PM

Yahoo!!

Thanks chief...

Jude

Jeremy Collake · July 22, 2011, 06:59:00 AM

Great

. Thanks for the confirmation that this was resolved. If it ever re-appears, be sure to let me know! I do not have enough time or test beds to continually monitor every security product, so it is important users let me know anytime something goes wrong.

Jude · July 22, 2011, 07:08:15 AM

That happens at my forum.. somebody will ask a question then they don't reply to let us know if the answer worked..

Thanks again!

Jude

Jude · July 22, 2011, 08:31:58 AM

Still good to go Jeremy.. it works with or without Defense +

Jude