After install Comodo Firewall Free (5.0.163652.1142 latest version), after a few hours, avast strange this firewall and begins to generate tmp files in C: \ WINDOWS \ TEMP \ avast5 \

This causes the Windows registry inflating in key:
HKLM \ SYSTEM \ Software \ COMODO \ Firewall Pro \ Configurations \ 2 \ HIPS \ Policy \ 6 \ Rules \ 1 \ Allowed \ avast5 \ …

The process of Comodo Firewall Free cfp.exe goes to 100%

Look:

http://forums.comodo.com/bug-reports-cis/high-cpu-usage-firewall-t64990.0.html;msg458128#msg458128

I don’t think there’s any “begins to generate files after a few hours” - yes, avast! uses this folder e.g. to unpack archives, possibly to emulate suspicious executables (from inside of other archives)… and may create (and quickly remove) quite a few files there any time.
That’s what the TEMP folder is for, isn’t it…

But this is occurring in the presence of Comodo Firewall Free.

Avast is not estranged CF ?

I don’t know what you mean by “estranged”, but avast! is certainly not trying to confuse Comodo in any way - it just works with its own temporary files.

It may be due to the Comodo cloud anti-malware component. I had the same experience. One more reason that I now use Online Armor.

Why avast is checking the behavior of the same files from Comodo Firewall all the time ?

This is not a bug avast ?

I use Comodo and do not have the problem. I don’t use the HIPS portion though. It’s disabled

But HIPS protection is a vitally important.

The problem occurs when I open Firefox.

I resolved the situation by modifying a rule of Defense + in Comodo Firewall:

https://forums.comodo.com/defense-sandbox-help-cis/comodo-firewall-free-inflate-the-windows-registry-t65331.0.html;msg459819#msg459819

Nahh–HIPS is a big PITA in my opinion. I used it for a year and it just got annoying alerting for safe actions by safe apps. I’ve been online since 1999 without ever being infected or hacked. I just don’t think I need that level of annoyance. I don’t want sandboxing either.

Windows XP Pro SP3: Comodo used with Avast 5.0.677 free. System kept locking up. Uninstalled Comodo, installed Agnitum Outpost Firewall Pro 7.0.4 and Bingo! all the problems went away.

Avast works great with Outpost and Threatfire 4.5.0.24 (level 5 maximum sensitivity).

I was using Comodo for its sandbox feature. Sandboxie is superior so uninstalling Comodo is no loss.

I have a hunch that Comodo HIPS was the culprit but now will never know for sure.

Look for this tests:

http://www.matousec.com/projects/proactive-security-challenge/results.php

Like any security software program as far as I can tell, it all depends on individual OS and configuration!
I tried Outpost PRO FW v.7.0.4 and had nothing but problems installing it and getting it to play nicely with other programs. Uninstalled and went back to OP FW FREE…no issues at all. I’ve also tried Comodo Free FW back when it was v.2.4 and loved it…simple,effective and compatible. As soon as Comodo moved to v.3 and higher with the added components…it just mucked up my system.
So it all depends…right

It’s a HIPS test. Not a firewall one.
avast Internet Security does not have a HIPS.

Gizmo criticizes the Matousec’s tests. It’s a technical reading, but seems fair (http://www.techsupportalert.com/content/matousec-personal-firewall-tests-analyzed.htm).
Others point to an interest conflict on Matousec’s tests, reducing their independence (?) (http://smokeys.wordpress.com/2008/04/20/matousecs-firewall-challenge-wrinkle-conflict-of-interests/).

Leak tests are popular mainly because they are very easy to perform: you simply run a program, and it tells you if it passed or failed the test. However, life is not that simple, unfortunately.

The primary goal of a firewall is to keep hackers out of your system, that is, prevent inbound attacks in the first place. It’s astonishing that many firewaller “testers” only focus on outbound protection, completely ignoring the inbound part (which is absolutely vital). It’s like they assumed it worked flawlessly in case of all the products, which, unfortunately, doesn’t seem to be the case, really.

Next, outbound protection is of course also important, but so called leak tests are not everything. There’s a myriad of other things that a decent firewall should do, and which are usually not acessed by these tests. All I’m saying is that testing a firewall is a very complex task and focusing on leak tests is a gross (and inappropriate) simplification.

Good Info Tech. Just curious though…what are some of the recognized procedures to test a Firewall…other then GRC Shields Up
Thanks

I’m not an expert. Lukas should say something.
Just that leak tests aren’t a panacea of the tests. They’re usually overestimated.

Possibly Lukas might add some interesting procedures in this thread…I’d be interested
Thanks Tech

If you use GRC and it says a port is not stealthed, but is closed, don’t worry about it. GRC is overly paranoid sometimes and it’s creator is actually the one who invented the whole “stealthed ports” concept in the first place. A closed port is secure.