Rules associated with "OLE Automation" alerts

[Guest]

[NewUser]

When I deny access from an "OLE Automation" pop-up a generic rule is created that will always block the application making the actual connection attempt (svchost.exe, for example).  Is there a way to create a rule that will only block the connection when a specific component (WGATray.exe, for example) is the one trying to connect through svchost.exe?

[Little Mac]

When I deny access from an "OLE Automation" pop-up a generic rule is created that will always block the application making the actual connection attempt (svchost.exe, for example).  Is there a way to create a rule that will only block the connection when a specific component (WGATray.exe, for example) is the one trying to connect through svchost.exe?

If I understand correctly from the other postings on OLE Automation issues, unless you click to remember the response, CPF only stores that response until the next reboot (which for some users causes their entire internet to be blocked until they reboot). 

Keeping that in mind, what I have done is created an Application Rule, adding the app in question (ie, wgatray.exe) and setting it to be blocked from connecting to the internet.  Then it should not matter how the app attempts to connect, whether svchost or other means - it should be blocked.

Hopefully one of the resident forum gurus will respond and give a better explanation.  In the meantime, hope this helps somewhat. 

[Little Mac]

Also, here's a couple links to threads dealing with OLE issues, for more info.  http://forums.comodo.com/index.php/topic,3163.0.html

http://forums.comodo.com/index.php/topic,3159.0/topicseen.html

And, if you go to the Firewall homepage, then to Help, then to the search field, and type in "OLE" you'll get a ton of results; many of them dealing with the security aspects of OLE automation, allowing the apps, etc. 

I've created a link which should hopefully work; you might need to refresh once you get there, to get the latest results.  {edit - the link will open a window prompting for a search topic - that's where you'll put in OLE}

http://forums.comodo.com/index.php?action=search2

[NewUser]

Thanks for your suggestion, Little Mac.  I'll try manually adding rules to block undesired apps that attempt to connect through svchost or iexplore.

By the way, I have also experienced the issue discussed in the thread you pointed out (http://forums.comodo.com/index.php/topic,3163.0.html) where denying an OLE attempt results in internet connectivity being lost until the system is rebooted.

[Little Mac]

By the way, I have also experienced the issue discussed in the thread you pointed out (http://forums.comodo.com/index.php/topic,3163.0.html) where denying an OLE attempt results in internet connectivity being lost until the system is rebooted.

Yeah, I did too, when I changed from Internet Explorer to FireFox.  Fortunately I had already read about, and experienced similar things w/other security products in the past. 

Hope that will help w/UR situation; not a problem at all.  I strive to give comfort to others in the manner  in which comfort was provided to me.        </humor>

LM

[NewUser]

It looks like a rule to block an application will only stop it from connecting directly to the Internet, but not from connecting indirectly through another application like svchost or iexplore (I still get the OLE Automation pop-ups).   

[comicfan2000]

It looks like a rule to block an application will only stop it from connecting directly to the Internet, but not from connecting indirectly through another application like svchost or iexplore (I still get the OLE Automation pop-ups).   

 Hi, if you want fewer alerts do this..

Go to >advanced > application behavior analysis > then uncheck > monitor com\ole automation attempts.

 Paul

[NewUser]

Disabling the monitoring of COM/OLE automation attempts probably means that those attempts will then be allowed, which is not what I wanted.  I was hoping that rules to block them could be created.

[comicfan2000]

Disabling the monitoring of COM/OLE automation attempts probably means that those attempts will then be allowed, which is not what I wanted.  I was hoping that rules to block them could be created.

  I see, perhaps you can copy the attempt and the dll, or exe file (write it down) find and block it in component monitor if listed. 

  Paul

[Little Mac]

I'd kinda like to know the answer to the question myself.  Other than when I first started CPF, or switched from IE to FF, or installing a new program, I don't get those types of requests.  Just today I denied an application attempting to do an OLE connect; the executing application was denied, but it did not block the connecting application (ie, svchost.exe).  So, do I have something set differently?

[NewUser]

The specific problem I have been experiencing goes something like this:

1) OLE Automation alert for application trying to connect through svchost pops up

2) I deny the attempt without selecting the "remember" option

3) I put the notebook into hybernation

4) I wake the notebook from hybernation

5) Now the notebook cannot acquire an IP address from the router because access is denied to svchost (log entries confirm this)

6) To restore connectivity I have to either disable the firewall temporarily while the wireless connection is being re-established after coming out of hybernation, or reboot.

[comicfan2000]

The specific problem I have been experiencing goes something like this:

1) OLE Automation alert for application trying to connect through svchost pops up

2) I deny the attempt without selecting the "remember" option

3) I put the notebook into hybernation

4) I wake the notebook from hybernation

5) Now the notebook cannot acquire an IP address from the router because access is denied to svchost (log entries confirm this)

6) To restore connectivity I have to either disable the firewall temporarily while the wireless connection is being re-established after coming out of hybernation, or reboot.

This is an issue and hopefully will be fixed in next version. 


 Paul

[Little Mac]

Hey, NewUser,

I liked your post in the CPF Wishlist http://forums.comodo.com/index.php/topic,1202.240.html;  very concise, thought-out; great!

It's interesting (confusing?) the way computer issues go; one person has a problem with an app that another does not, even with similarities of system and associated apps.  That's why I'd never make it as a programmer, or a tech.  What should be logical order is so frequently seemingly illogical chaos!  Too many variables, I guess.

Hope your post over there engenders positive results.

LM

[NewUser]

Thanks for the kind words, LM.  It's always nice to get some positive feedback.

[Tags:]