Welcome, Guest. Please login or register.
Did you miss your activation email?
June 18, 2013, 06:37:32 PM

Login with username, password and session length

668791 Posts
71123 Topics
145727 Members

Latest Member: Thomas Murray

Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Archived Boards
| |-+  Discontinued Products
| | |-+  Comodo Firewall
| | | |-+  Help for v3
| | | | |-+  guard32.dll reported as spyware (generic keylogger) - why?
« previous next »
Pages: [1] Go Down Print
Author Topic: guard32.dll reported as spyware (generic keylogger) - why?  (Read 4337 times)
Stranded.one
Newbie
*
Offline Offline

Posts: 1


guard32.dll reported as spyware (generic keylogger) - why?
« on: May 19, 2008, 07:33:10 AM »

Spyware Detector reports guard32.dll as high threat security risk malware (generic keylogger) and wants me to quarantine the program. Other sources tell me that the program is a part of Comodo firewall.

I do not want information about my keyboard usage going to the outside world, because that affects my security. So can anyone please answer the following questions (any or all!):

1. What is guard32.dll?

2. What is its function within Comodo firewall?

3. Why is this necessary?

4. Why is guard32.dll reported as a threat?

5. Is it, in fact, a threat?

4. What happens to the functionality of the firewall if I quarantine guard32.dll as suggested by Spyware Detector?
Logged
Vettetech
Guest
Re: guard32.dll reported as spyware (generic keylogger) - why?
« Reply #1 on: May 19, 2008, 07:42:21 AM »

Its called a false positive. There is nothing wrong with gaurd32. I thought you said Spyware Doctor? I have never heard of Spyware Detector. I would not trust it as far as I can throw it. Stick with SuperAntiSpyware and Malware Bytes.
« Last Edit: May 19, 2008, 12:49:23 PM by Vettetech » Logged
grue155
Comodo's Hero
*****
Offline Offline

Posts: 1172



Re: guard32.dll reported as spyware (generic keylogger) - why?
« Reply #2 on: May 19, 2008, 12:17:53 PM »

Welcome to the forum, Stranded.one

Guard32.dll is the name of part of the monitoring facility in CFP. It puts itself in the command path to intercept system operations so it can track, report, and block any malware that gets identified. The problem, is that the facility in Windows to allow things like guard32 to do its work, are the same facilities used by malware. Spyware Detector evidently looks over that facility and sees what's making use of it. Then Spyware Detector compares what it's seeing to a list of known "safe to use" programs, like antivirus programs and such. Anything not on the list gets reported. Evidently Spyware Detector hasn't been updated to recognize guard32 as a CFP component. If guard32 is blocked, quarantined, or otherwise not present, CFP will loose a good part of its protective capabilities.

Does that help to clarify things some?
Logged
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.04 seconds with 21 queries.
Powered by SMF 1.1.18 | SMF © 2006, Simple Machines Design by 7dana.com