Author Topic: (Confuision)The Defence + has blocked X suspicious attempt(s) so far [RESOLVED]  (Read 8023 times)

Offline Nosnibor

  • Comodo Loves me
  • ****
  • Posts: 173
  • Live Long And Prosper. God Bless The CPU.
(R) Hello everyone (:WAV) I'm a little confused about some listings in the "Defence + Events" log ??? On the main screen of CF (Ver 3.5.54375.427) near the bottom left corner under the heading "Proactive Defence" it say "The Defence + has blocked X suspicious attempt(s) so far.) :o When i click on the blue link indicating how many items that have been blocked the "Defense + Events" log pops up and this is where the CONFUSION starts :-[ The help files on this log differes from the actual log 88) as in the log it shows under the heading "Action" different actions such as - "Changed Defense + Mode" - "Send Message" - "Access Memory" ect ect.  But it doesn't indicate weather or not the item  was "Alowed" or "Denied". How do i get the log to display if the action was allower or denied?
« Last Edit: November 09, 2008, 12:07:10 AM by 3xist »
Model: Hewlett Packard COMPAQ Presario V5305WM Laptop
OS: Windows XP Professional Media Center Edition (SP3)
Processor: x86 Family 15 Model 44 Stepping 2 Authentic AMD Mobile Sempron 1994 MHz
Memory: 1536MB (1.5GB)
The BEST phone carrier hxxp://www.magicjack.com

Offline Dennis2

  • Awaiting Admin Approval Moderator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 7704
Re: (Confuision)The Defence + has blocked X suspicious attempt(s) so far
« Reply #1 on: November 08, 2008, 07:45:46 AM »
(R) Hello everyone (:WAV) I'm a little confused about some listings in the "Defence + Events" log ??? On the main screen of CF (Ver 3.5.54375.427) near the bottom left corner under the heading "Proactive Defence" it say "The Defence + has blocked X suspicious attempt(s) so far.) :o When i click on the blue link indicating how many items that have been blocked the "Defense + Events" log pops up and this is where the CONFUSION starts :-[ The help files on this log differes from the actual log 88) as in the log it shows under the heading "Action" different actions such as - "Changed Defense + Mode" - "Send Message" - "Access Memory" ect ect.  But it doesn't indicate weather or not the item  was "Alowed" or "Denied". How do i get the log to display if the action was allower or denied?
Unless you make a allow rule to log in the firewall all log entries are blocked actions.
Mode changes are there so it remind's you how you have change the settings for Firewall and Defence+
Dennis
« Last Edit: November 08, 2008, 07:48:13 AM by Dennis2 »
Moderator: Aims Forum a friendly place. Any concerns? Please PM me and/or review the Forum Policy 2012Updated.
System:Windows 7 SP1(UAC)x32,LUA, CIS7.0.4132Upgrade,Sandboxie4.08
Vista Home P.(UAC)x32 SP2, LUA, CIS.7.0.4132

Offline Nosnibor

  • Comodo Loves me
  • ****
  • Posts: 173
  • Live Long And Prosper. God Bless The CPU.
Re: (Confuision)The Defence + has blocked X suspicious attempt(s) so far
« Reply #2 on: November 08, 2008, 06:29:58 PM »
(R) Sorry but I'm a little confused :-[ Under "Miscellaneous" - "Settings" - "Logging" the "Disable" box for "Firewall Logging" and "Defense + Logging" are NOT checked indicating that logging IS anabled. I've looked all through CF but I can't seem to find the setting I'm looking for. How do I configure the Defense + Log to indicate weather the event is allowed or blocked???
« Last Edit: November 08, 2008, 06:50:27 PM by 3xist »
Model: Hewlett Packard COMPAQ Presario V5305WM Laptop
OS: Windows XP Professional Media Center Edition (SP3)
Processor: x86 Family 15 Model 44 Stepping 2 Authentic AMD Mobile Sempron 1994 MHz
Memory: 1536MB (1.5GB)
The BEST phone carrier hxxp://www.magicjack.com

3xist

  • Guest
Re: (Confuision)The Defence + has blocked X suspicious attempt(s) so far
« Reply #3 on: November 08, 2008, 06:54:16 PM »
Nosnibor.

You're D+ behavior is fine. Try running some leak tests, and block them. You will then see D+ Alerts.

Josh

Offline Nosnibor

  • Comodo Loves me
  • ****
  • Posts: 173
  • Live Long And Prosper. God Bless The CPU.
Re: (Confuision)The Defence + has blocked X suspicious attempt(s) so far
« Reply #4 on: November 08, 2008, 07:07:19 PM »
(R) Leak test???? What are those and how do I find one?
Model: Hewlett Packard COMPAQ Presario V5305WM Laptop
OS: Windows XP Professional Media Center Edition (SP3)
Processor: x86 Family 15 Model 44 Stepping 2 Authentic AMD Mobile Sempron 1994 MHz
Memory: 1536MB (1.5GB)
The BEST phone carrier hxxp://www.magicjack.com


Offline Nosnibor

  • Comodo Loves me
  • ****
  • Posts: 173
  • Live Long And Prosper. God Bless The CPU.
Re: (Confuision)The Defence + has blocked X suspicious attempt(s) so far
« Reply #6 on: November 08, 2008, 07:20:31 PM »
(R) Hey thanks I'll check it out. :Beer
Model: Hewlett Packard COMPAQ Presario V5305WM Laptop
OS: Windows XP Professional Media Center Edition (SP3)
Processor: x86 Family 15 Model 44 Stepping 2 Authentic AMD Mobile Sempron 1994 MHz
Memory: 1536MB (1.5GB)
The BEST phone carrier hxxp://www.magicjack.com

3xist

  • Guest
Re: (Confuision)The Defence + has blocked X suspicious attempt(s) so far
« Reply #7 on: November 08, 2008, 07:27:33 PM »
No worries.

Allow the program to open then just block every D+ Alert, And report back here if your D+ Logs are recorded. :) Here are my D+ Logs\Events for the leak tests. :)

Josh

Offline Nosnibor

  • Comodo Loves me
  • ****
  • Posts: 173
  • Live Long And Prosper. God Bless The CPU.
Re: (Confuision)The Defence + has blocked X suspicious attempt(s) so far
« Reply #8 on: November 08, 2008, 09:00:40 PM »
(R) Ok I think I understand the logs now :THNK Please varify if the following statements are correct or not....(1) If it's listed in "Firewall Events" with Blocked  under "Action" it's a blocked item (the only thing listed in the "Firewall Events" are blocked items?)....(2) If it's listed in "Defense + Events" it's also a blocked item (the only thing listed in the "Defense + Events" are blocked items?)

Just a note to add....after doing the leak test i got a score of 320/340 with;
"Hijacking : ChangeDebuggerPath----Vulnerable"
"Hijacking : StartupPrograms----Vulnerable"

Model: Hewlett Packard COMPAQ Presario V5305WM Laptop
OS: Windows XP Professional Media Center Edition (SP3)
Processor: x86 Family 15 Model 44 Stepping 2 Authentic AMD Mobile Sempron 1994 MHz
Memory: 1536MB (1.5GB)
The BEST phone carrier hxxp://www.magicjack.com

3xist

  • Guest
Re: (Confuision)The Defence + has blocked X suspicious attempt(s) so far
« Reply #9 on: November 08, 2008, 09:03:08 PM »
(R) Ok I think I understand the logs now :THNK Please varify if the following statements are correct or not....(1) If it's listed in "Firewall Events" with Blocked  under "Action" it's a blocked item (the only thing listed in the "Firewall Events" are blocked items?)....(2) If it's listed in "Defense + Events" it's also a blocked item (the only thing listed in the "Defense + Events" are blocked items?)

Just a note to add....after doing the leak test i got a score of 320/340 with;
"Hijacking : ChangeDebuggerPath----Vulnerable"
"Hijacking : StartupPrograms----Vulnerable"



Okay.

In CIS, Make sure you have Defense+ & Firewall in Safe Mode. Also be sure your Configuration is "COMODO - Proactive Security" Configuration by right clicking the tray icon and choosing Configuration.

Also Block All D+ Alerts, with "Remember my Answer" ticked - You will then get 340/340. :)

Josh

Offline Nosnibor

  • Comodo Loves me
  • ****
  • Posts: 173
  • Live Long And Prosper. God Bless The CPU.
Re: (Confuision)The Defence + has blocked X suspicious attempt(s) so far
« Reply #10 on: November 08, 2008, 09:32:19 PM »
(R) Yes both are set to "Safe Mode" :SMLR Also I just read in the help file on "Configuration" but doesn't explain the difference between "Optimum Security"(the setting it's on now) and "Proactive Security :THNK Could you explain the differance please :-[
Model: Hewlett Packard COMPAQ Presario V5305WM Laptop
OS: Windows XP Professional Media Center Edition (SP3)
Processor: x86 Family 15 Model 44 Stepping 2 Authentic AMD Mobile Sempron 1994 MHz
Memory: 1536MB (1.5GB)
The BEST phone carrier hxxp://www.magicjack.com

3xist

  • Guest
Re: (Confuision)The Defence + has blocked X suspicious attempt(s) so far
« Reply #11 on: November 08, 2008, 09:42:44 PM »
(R) Yes both are set to "Safe Mode" :SMLR Also I just read in the help file on "Configuration" but doesn't explain the difference between "Optimum Security"(the setting it's on now) and "Proactive Security :THNK Could you explain the differance please :-[

Optimum Security - Is a Configuration you either imported from CFP 3.0x to CIS 3.5x, Or you made your own configuration, etc.

Proactive Security - In CIS, This Activates the full power of Defense+. Image Execution is Normal & All Settings in Defense+>Advanced>Defense+ Settings>Monitor Settings are ticked. In "Internet Security" Configuration, Image Execution is disabled & Only some Monitor Settings are ticked, Which is why most people only get a 80% success rate.

However, It's not vulnerable - Internet Security Configuration is there for those with a good AV, And only want some power of D+. Proactive is like CFP 3.0 Default. 

Josh

Offline Nosnibor

  • Comodo Loves me
  • ****
  • Posts: 173
  • Live Long And Prosper. God Bless The CPU.
Re: (Confuision)The Defence + has blocked X suspicious attempt(s) so far
« Reply #12 on: November 08, 2008, 11:32:19 PM »
(R) Ok I changed settings to what you recomended and now I get a score of 340/340 :BNC ....but....a new problem has started since changing settings (:SAD) I have a touch pad mouse on my LapTop and whenever I use the scroll function of my touchpad(sliding my finger up and/or down on the side of the touch pad) I get a "Defence +" allert" that say...."SynTPEnh.exe is trying to modify the user interface of IEXPLORE.EXE"....or the IEXPLORE.EXE is changed to match whatever program screen I'm on. The alert isn't realy the problem at hand but what is....is the fact that when this alert pops up my touchpad(mouse) is COMPLEATLY FROZEN untill the alert goes away which is 120sec.  What did I do wrong now lol.
Model: Hewlett Packard COMPAQ Presario V5305WM Laptop
OS: Windows XP Professional Media Center Edition (SP3)
Processor: x86 Family 15 Model 44 Stepping 2 Authentic AMD Mobile Sempron 1994 MHz
Memory: 1536MB (1.5GB)
The BEST phone carrier hxxp://www.magicjack.com

3xist

  • Guest
Re: (Confuision)The Defence + has blocked X suspicious attempt(s) so far
« Reply #13 on: November 08, 2008, 11:43:09 PM »
(R) Ok I changed settings to what you recomended and now I get a score of 340/340 :BNC ....but....a new problem has started since changing settings (:SAD) I have a touch pad mouse on my LapTop and whenever I use the scroll function of my touchpad(sliding my finger up and/or down on the side of the touch pad) I get a "Defence +" allert" that say...."SynTPEnh.exe is trying to modify the user interface of IEXPLORE.EXE"....or the IEXPLORE.EXE is changed to match whatever program screen I'm on. The alert isn't realy the problem at hand but what is....is the fact that when this alert pops up my touchpad(mouse) is COMPLEATLY FROZEN untill the alert goes away which is 120sec.  What did I do wrong now lol.

Just add it as a Trusted Application to the Computer Security Policy.

Josh

Offline Nosnibor

  • Comodo Loves me
  • ****
  • Posts: 173
  • Live Long And Prosper. God Bless The CPU.
Re: (Confuision)The Defence + has blocked X suspicious attempt(s) so far
« Reply #14 on: November 09, 2008, 12:03:51 AM »
(R) Done and all is well :BNC from the bottom of my heart (:HUG) I thank you for all your help :Beer
Model: Hewlett Packard COMPAQ Presario V5305WM Laptop
OS: Windows XP Professional Media Center Edition (SP3)
Processor: x86 Family 15 Model 44 Stepping 2 Authentic AMD Mobile Sempron 1994 MHz
Memory: 1536MB (1.5GB)
The BEST phone carrier hxxp://www.magicjack.com

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek