Comodo Firewall

It is very easy to create an appropriate index, so searching the registry is very fast.

Yours, VB.

Reply to
Volker Birk
Loading thread data ...

And it would be a waste of memory and CPU cycles in normal mode of operation.

Reply to
Sebastian Gottschalk

That's not what I'm talking about. It also phones home to see how often the customer plays the game.

Reply to
Garrot

I don't even onw the game. just know about it's "behavoir". Personally, I do disco from the interent when playing games, except MP games, but most people don't and most people don't even know it is phoning home. Anyway, my point is that you can stop it from phoning home with a firewall with app control. I don't use such a firewall myself though.

Reply to
Garrot

It's malware. We're talking about legitimate applications.

Reply to
Sebastian Gottschalk

No that's a fine contradiction.

Nah, that's just what you believe.

Reply to
Sebastian Gottschalk

It's a game, the publisher says it is legitimate. I say otherwise.

Reply to
Garrot

It creates a privilege escalation for absolute no good reason. I'd call it malicious, as much as the vendor might bend.

Reply to
Sebastian Gottschalk

Maybe. And maybe not. If they're phoning home for malicous reasons, you cannot be sure that the "Personal Firewall" can prevent this.

Yours, VB.

Reply to
Volker Birk

And it would be not relevant.

Yours, VB.

Reply to
Volker Birk

Talking about Comodo. After starting "application behaviour" monitoring I get a lot of strange messages about programs (that are clean and "good") modifying memory, adding libraries to each other etc. Very annoying. Especially since there is nothing wrong :-(

Posted this to the Comodo forum. No answeres. What do you make of these messages. Seems very strange to me. Very strange indeed:

After surfing a while (giving both WebWasher and Internet Explorer "Allow" I suddenly get a new request for Internet access from sevarel programs (among them "trillian" ICQ/MSN agent, WebWasher ad-filter and Avast! web-scanner). I can see why the two latter has to do with Internet Explorer, but not what IE used Trillian for. And why do I get this alarming message in the lower part of the alert:

"C:\\Program Files\\Internet Explorer\\iexplore.exe has loaded C:\\WINDOWS\\SYSTEM32\\shell32.dll into c:\\program files\\Trillian\\trillian.exe using a global hook which could be used by keyloggers to steal private information." (the message is equal for "wwasher.exe" and "ashWebSv.exe", same warning about "iexplore.exe" and "shell32.dll", but shouldn't they be "safe" applications).

Also got some similar message involving "expolrer.exe" and "iexplore.exe when surfing on some newspaper web-site :-(

Ohhh BTW: If I deny these request all h**l is loose. Then I'm no longer able to access any web-pages using any browsers. Even if all applications still have "allow" inside Comodo. Have to restart the system to get things back to working again (ok, actually it works if I stop the "application monitor", but that is not really a safe and good solution :-)

This is getting very annoying. Anyone know what is happening (I'm almost ready to go back to ZA now :-)

Here are some messages from the log if that can say anything that will give a solution:

Date/Time :2006-10-13 00:05:43 Severity :High Reporter :Application Behavior Analysis Description: Suspicious Behaviour (trillian.exe) Application: c:\\program files\\Trillian\\trillian.exe Parent: C:\\Program Files\\Oppstart\\Oppstart.exe Protocol: TCP Out Destination: 207.46.106.41:1863 Details: C:\\Program Files\\Internet Explorer\\iexplore.exe has loaded C:\\WINDOWS\\SYSTEM32\\shell32.dll into c:\\program files\\Trillian\\trillian.exe using a global hook which could be used by keyloggers to steal private information.

Date/Time :2006-10-13 00:06:45 Severity :High Reporter :Application Behavior Analysis Description: Suspicious Behaviour (wwasher.exe) Application: C:\\Program Files\\WebWasher\\wwasher.exe Parent: C:\\WINDOWS\\explorer.exeProtocol: UDP Out Destination: 129.240.2.3:dns(53) Details: C:\\Program Files\\Internet Explorer\\iexplore.exe has loaded C:\\WINDOWS\\SYSTEM32\\shell32.dll into C:\\Program Files\\WebWasher\\wwasher.exe using a global hook which could be used by keyloggers to steal private information.

Date/Time :2006-10-13 00:06:46 Severity :High Reporter :Application Behavior Analysis Description: Suspicious Behaviour (ashWebSv.exe) Application: C:\\Program Files\\Alwil avast!\\ashWebSv.exe Parent: C:\\WINDOWS\\SYSTEM32\\services.exe Protocol: TCP Out Destination: 195.92.253.137:http(80) Details: C:\\Program Files\\Internet Explorer\\iexplore.exe has loaded C:\\WINDOWS\\SYSTEM32\\shell32.dll into C:\\Program Files\\Alwil avast!\\ashWebSv.exe using a global hook which could be used by keyloggers to steal private information.

Date/Time :2006-10-13 00:07:01 Severity :High Reporter :Application Monitor Description: Application Access Denied (wwasher.exe:129.240.2.3:dns(53)) Application: C:\\Program Files\\WebWasher\\wwasher.exe Parent: C:\\WINDOWS\\explorer.exe Protocol: UDP Out Destination: 129.240.2.3:dns(53)

Date/Time :2006-10-13 00:07:04 Severity :High Reporter :Application Monitor Description: Application Access Denied (ashWebSv.exe:195.92.253.137:http(80)) Application: C:\\Program Files\\Alwil avast!\\ashWebSv.exe Parent: C:\\WINDOWS\\SYSTEM32\\services.exe Protocol: TCP Out Destination: 195.92.253.137:http(80)

Reply to
Lars-Erik Østerud

Honestly, Lars, why do you torture yourself with this stuff?

I worried about things like that when I got a cable connection 4 years ago. I tried some firewalls programs and followed this newsgroup, but there was always some new piece of information that disturbed my newly acquired understanding of computer security.

Then I began to notice the advice of our German friends here. So I used netstat and Ethereal and similar programs that helped me understand what was actually going on. And then I learned how to stop services and setups that made my machine vulnerable. Nothing but peace and quiet since then, WITHOUT any sort of firewall.

Reply to
Tore Lund

Well, I like testing things :-) And I hoped that someone here had the tech knowledge to know what those strange warning really are about. I don't belive that normal programs would load their code into other applications. So there's gotta be somethig strange here, right?

Reply to
Lars-Erik Østerud

Of course.

Of course.

Of course.

I made a similar post about this on July 29th. Those messages are completely useless for anyone but programmers.

Why not? According to your own words, it makes no difference for you in terms of security. It only leads to "denial of service".

You installed the software. You should know :-)

Oh yes. Go ahead and dump a silly security concept in favour of another one.

As I told you already in my first reply, those messages come up because the Commodo firewall is monitoring what is going on - but has no clue whatsoever about what is good and what is bad and therefore has to ask the just as clueless user.

To me that has nothing to do with security unless you are a programmer who can make a reasonable guess about what is actually happening.

Reply to
B. Nice

You're letting IE connected to the internet? Ouch! Your entire security concept has blatantly failed!

BTW, all these are legitimate actions. Should show you how useless your idee of app monitoring is.

Reply to
Sebastian Gottschalk

Why? I think this is quite normal for all DLLs, and hooking, sending messages and doing IPC is normal as well - that's why it's called Windows!

Yes, you're trying to run a pseudo-security solution that you don't understand.

Reply to
Sebastian Gottschalk

Of course it doesnt have a clue.It just reports.Its a tool.Maybe you are=20 clueless but many others are not.

It has plenty to do with security,and you dont have to be a programmer to= =20 understand it...hence its popularity...its just you are unable /unwilling= =20 to understand what its reporting to you.

me

Reply to
bassbag

If you honestly believe that the average user understands what it means and can act accordingly the clueless one here obviously is you.

/B. Nice

Reply to
B. Nice

Beside that, these information even don't give a programmer any idea if they're legitimate or not.

Reply to
Sebastian Gottschalk

Its quite easy to understand .Why do you assume everyone is as cluless as yourself? me

Reply to
bassbag

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.