guard32.dll reported as spyware (generic keylogger) - why?

[Guest]

[Stranded.one]

Spyware Detector reports guard32.dll as high threat security risk malware (generic keylogger) and wants me to quarantine the program. Other sources tell me that the program is a part of Comodo firewall.

I do not want information about my keyboard usage going to the outside world, because that affects my security. So can anyone please answer the following questions (any or all!):

1. What is guard32.dll?

2. What is its function within Comodo firewall?

3. Why is this necessary?

4. Why is guard32.dll reported as a threat?

5. Is it, in fact, a threat?

4. What happens to the functionality of the firewall if I quarantine guard32.dll as suggested by Spyware Detector?

[Vettetech]

Its called a false positive. There is nothing wrong with gaurd32. I thought you said Spyware Doctor? I have never heard of Spyware Detector. I would not trust it as far as I can throw it. Stick with SuperAntiSpyware and Malware Bytes.

[grue155]

Welcome to the forum, Stranded.one

Guard32.dll is the name of part of the monitoring facility in CFP. It puts itself in the command path to intercept system operations so it can track, report, and block any malware that gets identified. The problem, is that the facility in Windows to allow things like guard32 to do its work, are the same facilities used by malware. Spyware Detector evidently looks over that facility and sees what's making use of it. Then Spyware Detector compares what it's seeing to a list of known "safe to use" programs, like antivirus programs and such. Anything not on the list gets reported. Evidently Spyware Detector hasn't been updated to recognize guard32 as a CFP component. If guard32 is blocked, quarantined, or otherwise not present, CFP will loose a good part of its protective capabilities.

Does that help to clarify things some?

[Tags:]