Author Topic: Visual studio 2019 BackgroundDownload.exe (signed by microsoft) annoying popup  (Read 932 times)

Offline Gdocal

  • Newbie
  • *
  • Posts: 2
I am a programmer. I use VS 2019.
Every 10 minutes I get popup from comodo firewall which ask me  to allow connection for process BackgroundDownload.exe
Which is located in
C:\Users\<UserName>\AppData\Local\Temp\<SOME RANDOM LETTERS>\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe

File is signed by microsoft.

I already allowed access for this application at least 100 times...and even try to block it. this Appliaction everytime connects to different server and process file locates in different folder. I can't see way to workaround this issue

Any ideas how I can use VS 2019 and comodo in same time?


« Last Edit: June 14, 2019, 10:20:14 AM by Gdocal »

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4480
You don't have the firewall set to safe mode other wise you wouldn't get alerts, also you need to use remember my answer so it creates an application rule. Do you have alert frequency level set to very high? Because it will alert for every port and IP address connection attempt. Side note, I have only notice backgrounddownload being run from the program files folder.

Offline jljtgr

  • Comodo Family Member
  • ***
  • Posts: 72
Edit one of the rules you've already made, replace "<SOME RANDOM LETTERS>" as you called it with an asterisk (*).  The rule will now apply as long as no other part of the path changes.  Maybe run Purge to remove the rest.

PS.  It's still possible to get an alert even in safemode if the program runs, exits and is deleted quickly.  Or something like that.  The alert shows the signer, but the file doesn't exist when you ask for the file properties.  I haven't seen it happen with VS2019, only Office 365.

Offline Gdocal

  • Newbie
  • *
  • Posts: 2
Edit one of the rules you've already made, replace "<SOME RANDOM LETTERS>" as you called it with an asterisk (*).  The rule will now apply as long as no other part of the path changes.  Maybe run Purge to remove the rest.

PS.  It's still possible to get an alert even in safemode if the program runs, exits and is deleted quickly.  Or something like that.  The alert shows the signer, but the file doesn't exist when you ask for the file properties.  I haven't seen it happen with VS2019, only Office 365.
I tried with asteriks, didn't help.
Now I removed all previous rules connected to this file, and still same result

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25669
Could you post the rule with the asterisk? It should look like C:\Users\<UserName>\AppData\Local\Temp\*\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe.

Could you check the HIPS and Containment Logs to see if there are clues to why you are getting this alert?

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4480
You can't use wildcards in that way with the rule, you have to create a file group then you can edit the file path with a wildcard. It is a common misconception to think you can edit the file path of an application rule to make use of the wildcard character and have it work. It must be done within a file group instead.

Edit: Seems it can be done that way, they must have fixed it a some point because it used to not work unless you used the wildcard path in a file group. Make sure <username> is your actual user account name and not the actual text of <Username>.
« Last Edit: June 15, 2019, 12:50:18 PM by futuretech »

Offline satchel82

  • Newbie
  • *
  • Posts: 1
Thanks a lot for everyone's assistance.

I have to admit, I was so annoyed by this (I woke up with DUHDUH DUHDUH DUHDUH DUHDUH) several times.  It would go off when I left youtube on and had a pee....  So annoying that I was going to get rid of Comodo.  It has been happening for weeks.

This topic resolved by concerns.


Is there a way that comodo can detect a `/garbage/` differential and offer an additional decision tree?


If you see

exe/2342334/funny (allowed always)
exe/2342434/funny (allowed always)
exe/2242334/funny (allowed always)


It can say,  flip* it lads, do you want to just act on exe/*/funny?

 
« Last Edit: October 19, 2019, 09:04:59 PM by satchel82 »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek