Having a nightmare with containment/firewall

Against my better judgement, I just rolled out CCS to one of my clients in replacement for their recently expired Eset product.

To say they are not impressed is an understatement.

I’ve been there two days attempting to get their applications to work properly. Apps that simply worked without any intervention with Eset.

So I’m nearly there… but I have one product that wont run whilst CCS is running… It’s a CAD package that uses a Sentinal USB dongle for copy protection. It simply will not run when CCS is running. If I disable Auto-Containment and the Firewall it works… The error thrown up is that the Sentinal key is not found. I set everything in the Containment and Application control to Trusted, yet still it’s not playing ball.I could of course create a custom profile for this client with containment etc disabled, but I’d prefer to be able to sort this properly.

I’m not interested in a ticket (Comodo)… as I’ve wasted far too much time over the last few months submitting logs etc… just clutching at straws… anyone else come across this??

Hi Ed

Did you run baseline when you installed CCS? Did you set up a global whitelist folder? What all modules do you have in the profile?

Hi @Ed_Johnson ,

Good day!
Where did you make the exemptions? Please make sure to add the exemptions on the profile itself and not on the CCS installed on the endpoint.

What I did was looked in the Itarian platform > Security-Subsystem > Containment. I saw the Application listed as…

Action: Virtually
Comodo Rating: Unrecognized
Admin Rating: Not Set

I selected ‘Change rating’ for the relevate application and changed it to ‘Trusted’. In my nievity I assumed this would be enough… Obv not as I still have to disable the firewall and auto containment for it to work.

Hi @Ed_Johnson

Being honest; do not have the firewall enabled for Sentinel.
We support a few dental practices and they digital imaging software all uses these dongles and we find killing the firewall solves the issue like it does for nearly all CCS issues.’

Something always worth doing is having a dedicated profile with Base Line enabled so you can collect data but not stop stuff, once all data is collected and you have trusted right stuff you can swap the profile as needed and all should work with no issues.

I hope this helps.

Thanks for the advice Robin. I have so many problems with the firewall that I have two identical profiles, the only difference being the firewall is disabled in one of them. As soon as I get a call from a client I swap the profile to the disabled one… pretty much always fixes the problem but I hate to see all those red dots in the platform and the red X on the endpoints.

Comodo really need to get their act together re firewall opt out… I’m begining to think they dont view CCS as a viable product worth the effort. Either that or they simply dont care about the bad image it causes the whole brand.

I’m currently working with @melih , @fatih and a few more of the team to look at a different way of doing the firewall side of things.
Personally I have seen so many other AV companies just add management of Windows firewall I believe this is the route.

@Ed_Johnson ,

Our developers would like to ask if it’s ok for us to create a support ticket for your concern so they can properly investigate the issue you’re having.
We know that you already mentioned on an earlier post that you’re not interested with a support ticket but it’s also the best way to coordinate directly with our developers.
Once the support ticket is created, we’ll be asking you for logs that will help our developers identify the root cause and then provide a resolution.

Unfortunately I’ve spent far too much time working on problems associated with the CCS firewall over the last couple of months and just dont have the time so I’m unable to help… very sorry.

I’m sorry to hear this, if we can help in anyway please let us know.