Welcome, Guest. Please login or register.
February 09, 2010, 09:08:20 AM

Login with username, password and session length

359203 Posts
39709 Topics
90671 Members

Latest Member: crazys

Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Archived Boards
| |-+  Comodo Firewall
| | |-+  Help for v3
| | | |-+  guard32.dll reported as spyware (generic keylogger) - why?
« previous next »
Pages: [1] Go Down Print
Author Topic: guard32.dll reported as spyware (generic keylogger) - why?  (Read 1525 times)
Stranded.one
Newbie
*
Offline Offline

Posts: 1


« on: May 19, 2008, 07:33:10 AM »

Spyware Detector reports guard32.dll as high threat security risk malware (generic keylogger) and wants me to quarantine the program. Other sources tell me that the program is a part of Comodo firewall.

I do not want information about my keyboard usage going to the outside world, because that affects my security. So can anyone please answer the following questions (any or all!):

1. What is guard32.dll?

2. What is its function within Comodo firewall?

3. Why is this necessary?

4. Why is guard32.dll reported as a threat?

5. Is it, in fact, a threat?

4. What happens to the functionality of the firewall if I quarantine guard32.dll as suggested by Spyware Detector?
Logged
Vettetech
Guest
« Reply #1 on: May 19, 2008, 07:42:21 AM »

Its called a false positive. There is nothing wrong with gaurd32. I thought you said Spyware Doctor? I have never heard of Spyware Detector. I would not trust it as far as I can throw it. Stick with SuperAntiSpyware and Malware Bytes.
« Last Edit: May 19, 2008, 12:49:23 PM by Vettetech » Logged
grue155
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 1172



« Reply #2 on: May 19, 2008, 12:17:53 PM »

Welcome to the forum, Stranded.one

Guard32.dll is the name of part of the monitoring facility in CFP. It puts itself in the command path to intercept system operations so it can track, report, and block any malware that gets identified. The problem, is that the facility in Windows to allow things like guard32 to do its work, are the same facilities used by malware. Spyware Detector evidently looks over that facility and sees what's making use of it. Then Spyware Detector compares what it's seeing to a list of known "safe to use" programs, like antivirus programs and such. Anything not on the list gets reported. Evidently Spyware Detector hasn't been updated to recognize guard32 as a CFP component. If guard32 is blocked, quarantined, or otherwise not present, CFP will loose a good part of its protective capabilities.

Does that help to clarify things some?
Logged
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.134 seconds with 21 queries.
Powered by SMF 1.1.11 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Design by 7dana.com