Why is D+ blocking Killswtich from accessing the memory of cmdagent?

[Guest]

[aweir14150]

I receive one alert right after another in the logs that Killswitch.exe was blocked from accessing the memory of cmdagent.exe

On the main screen of Comodo it says it has blocked over 900 "intrusions" in the Defense+ section, which are this event. I went to computer security policy and added killswitch.exe as a trusted process but it is still being blocked from accessing cmdagant.exe

[kagun]

That is a self defense mechanism in CIS, anything that wants to access/read/modify cmdagent.exe will be blocked. It is protecting itself so it's perfectly normal.
You can safely ignore it...

[aweir14150]

Ok thanks, I guess that's a good reason. The problem is that this event hogs all of the alerts and if I let it run in the backround it will create 2 alerts every second.

[Baxan]

I found this to be very irritating. I use killswitch as my process manager so It's normal for me to have it running for long periods of time. CIS logs every attempt to access interprocess memory as an intrusion and all these reports only muddle the list of reports. What if a malicious program was running and tried to do something nasty to CIS? I'd never know because I'd just think it was killswitch being natural. Is it possible to give exceptions to certain programs or put a filter on what should be logged? I know in the firewall I can make certain rules get saved as events when the rule is fired. I think defense+ should have something like this too.

If this is more like a bug report, let me know and I'll make a new thread in the correct place.

[SivaSuresh]

Add Killswitch to D+ exclusions. You can avoid all Killswitch logs.

[Baxan]

Add Killswitch to D+ exclusions. You can avoid all Killswitch logs.

Where do I go to do this? I'm guessing it's somewhere in compuer security policy but I don't see anything to exclude killswitch. I found two places to make an exclusion. The first was in the antivirus but it didn't work and the second was in defense+ but it only applies to buffer overflows.

Edit: I found it now. I had to go to the defense+ tab, computer security policy, highlight the collapsible COMODO Internet Security title, click the edit button, click customize, go to protection settings, click on "Modify (#)" and then add killswitch.

[Tags:]