Author Topic: Why is D+ blocking Killswtich from accessing the memory of cmdagent?  (Read 2260 times)

Offline aweir14150

  • Comodo's Hero
  • *****
  • Posts: 339
I receive one alert right after another in the logs that Killswitch.exe was blocked from accessing the memory of cmdagent.exe

On the main screen of Comodo it says it has blocked over 900 "intrusions" in the Defense+ section, which are this event. I went to computer security policy and added killswitch.exe as a trusted process but it is still being blocked from accessing cmdagant.exe

« Last Edit: June 28, 2011, 12:38:54 AM by aweir14150 »

Offline kagun

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 1141
Re: Why is D+ blocking Killswtich from accessing the memory of cmdagent?
« Reply #1 on: June 28, 2011, 12:42:46 AM »
That is a self defense mechanism in CIS, anything that wants to access/read/modify cmdagent.exe will be blocked. It is protecting itself so it's perfectly normal.
You can safely ignore it...

Offline aweir14150

  • Comodo's Hero
  • *****
  • Posts: 339
Re: Why is D+ blocking Killswtich from accessing the memory of cmdagent?
« Reply #2 on: June 28, 2011, 01:24:21 AM »
Ok thanks, I guess that's a good reason. The problem is that this event hogs all of the alerts and if I let it run in the backround it will create 2 alerts every second.

Offline Baxan

  • Comodo Family Member
  • ***
  • Posts: 93
Re: Why is D+ blocking Killswtich from accessing the memory of cmdagent?
« Reply #3 on: July 03, 2011, 10:16:33 PM »
I found this to be very irritating. I use killswitch as my process manager so It's normal for me to have it running for long periods of time. CIS logs every attempt to access interprocess memory as an intrusion and all these reports only muddle the list of reports. What if a malicious program was running and tried to do something nasty to CIS? I'd never know because I'd just think it was killswitch being natural. Is it possible to give exceptions to certain programs or put a filter on what should be logged? I know in the firewall I can make certain rules get saved as events when the rule is fired. I think defense+ should have something like this too.

If this is more like a bug report, let me know and I'll make a new thread in the correct place.

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1328
  • Avert the danger that has not yet come
Re: Why is D+ blocking Killswtich from accessing the memory of cmdagent?
« Reply #4 on: July 03, 2011, 10:19:15 PM »
Add Killswitch to D+ exclusions. You can avoid all Killswitch logs.
with love Siva Suresh
|| Windows8 x64 | CIS 6 | Waterfox | Comodo Dragon x86 | Thunderbird | CCleaner | Evernote | PStart | SuperCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 3TB SATA II HDD 6Gb/s

Offline Baxan

  • Comodo Family Member
  • ***
  • Posts: 93
Re: Why is D+ blocking Killswtich from accessing the memory of cmdagent?
« Reply #5 on: July 03, 2011, 10:38:07 PM »
Add Killswitch to D+ exclusions. You can avoid all Killswitch logs.
Where do I go to do this? I'm guessing it's somewhere in compuer security policy but I don't see anything to exclude killswitch. I found two places to make an exclusion. The first was in the antivirus but it didn't work and the second was in defense+ but it only applies to buffer overflows.

Edit: I found it now. I had to go to the defense+ tab, computer security policy, highlight the collapsible COMODO Internet Security title, click the edit button, click customize, go to protection settings, click on "Modify (#)" and then add killswitch.
« Last Edit: July 04, 2011, 01:17:58 AM by Baxan »

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek