Why does CFP keep prompting me to allow the same application

[Guest]

[Toggie]

Why does CFP keep prompting me to allow the same application

When you receive a alert from CFP, requesting allow rights for an application, please take time to ensure the legitimacy of the applications involved in the alert. If you are satisfied the applications are genuine, then you may select Allow. If you wish CFP to create a fixed rule in Application Monitor, ensure you select remember. Failure to select remember, will create a single session rule only.

You may find, when using Comodo Firewall Pro, that you receive several alerts, apparently, for the same application. However, close inspection of the alert, may reveal a different parent application.

Comodo Firewall Pro, will, by default, keep track of each parent (host process) for a given application. For example:

Your browser (IE/firefox/Opera etc.) has a shortcut on the desktop, from which you launch the application. In this case the parent or host process would be explorer.exe. In another scenario, you launch your browser by clicking on a link in your email client. The parent in this situation, would be your email client.

Thus, in Application Monitor you would see:

Rule 1
Path: C:\Program Files\Mozilla Firefox\firefox.exe
Parent Path: C:\Windows\explorer.exe

Rule 2
Path: C:\Program Files\Mozilla Firefox\firefox.exe
Parent Path: C:\Program Files\Mozilla Thunderbird\thunderbird.exe


For each possible method of launching your browser, you will receive a new parent process alert, until each of the possible parents have an individual rule in Application Monitor.

The primary reason for CFP monitoring the parent process, is to identify possible malicious code attempting to hijack a legitimate parent application, which is typical of certain types of malware.

The core module responsible for parent process monitoring is Application behavior Analysis (ABA), the settings for which, may be found at:

CFP\Security\Advanced\Application Behavoir Analysis

[Tags:]