First I would like to say thank you for the excellent free firewall, I must admit that I have been getting to the point where I wanted to give up computers altogether, because of the never ending cost of updating software particularly security, or outdated Windows 98 OS and various hardware. I did use Norton Internet Security which caused more problems than it solved; it often locked the system up. My only problems with Comodo are my inability to understand all aspects at present; hopefully you may be able to assist me with the things I am not sure of.
One of the files that frequently shows a high severity rating in Comodo is Svchost.exe when in conjunction with other files. The first warning was relating to Svchost.exe having Apitrap.dll in memory, unfortunately I can’t remember the full alert as it is no longer available. Apitrap.dll is a part of Norton System works clean sweep which I have kept installed, clean sweep monitors installs on the Internet and off. I was at a loss to know what to do with the warning because if I blocked Apitrap then Svchost didn’t work and I could not use Windows Update. There have been a number of warnings of this nature regarding one file piggybacking on another and not being overly technically minded I am not sure how to deal with it.
Occasionally Comodo says that it is initializing, does that mean it is not fully operative at that time.
Some applications have more than one entry in the applications monitor e.g. Comodo.exe and iexplore.exe, is this normal?
Most programs including Spybot search and destroy have produced initial warnings in Comodo when going online to update, for some reason Ad-Aware doesn’t and I don’t know if any other software hasn’t registered with Comodo. Maybe there is a logical answer to this that I can’t see. Nod32, Avast, Internet Explorer, Acrobat Reader, plus other apps needed the okay to go online, although Spybot did not appear in the application monitor after I ok it. I am using the trial of Nod32 as a virus scan at present, which has not picked up any nasties, and I do regular Spybot scans. Nod seems to work happily with Comodo, so I think that will be my virus scan, I shall of course watch the progress of your virus scan when it leaves the beta stage.
If you can help with these points I will be most grateful, many thanks for your kind assistance and generosity to Internet users
I wasn’t able to get the leak test on your site to operate properly; the web page wouldn’t come up. I did try Gibson research shields up tests which were fine and their leak test which was also fine.
To add to what Grampa and Soya have said, it sounds to me like the “piggyback” alerts relate to Application Behavior Analysis (ABA) - found at Security/Advanced/ABA. If you look there, it may spark a memory. You may also find the entry in the Activity/Logs. It will be a High Severity Alert.
And yes, if you deny it, it will block both applications. If you are using the Safelist (Grampa mentioned how to turn that on and off) and both apps are on it, you won’t see the alert. When version 3 comes out, it’s safelist will be HUGE in comparison to the present, and a popup like that will indicate either a potential malware, or a very uncommon application. Typically restarting one or both apps will resolve the block (unless you checked “Remember”); sometimes a reboot is in order.
The typical rule of thumb is that if you are familiar with both applications, it is safe to allow. The time for concern is if one or both apps are unknown to you… Basically, ABA monitors ways that programs communicate and share resources in the background, as it relates to internet-connected applications. These types of communication can be mimicked by malware and thus it will alert (it doesn’t determine what is good or bad, just potentially bad - the exception being that if both apps are on the safelist, it considers the action safe).
Apologies for posting in the wrong place, I tend to be good at that on forums I am new to.
Thanks grampa for your very helpful answers, I am involved with 3D graphics, (still in learning mode on some of the more technical aspects), I have found graphic software forums to be particularly helpful. It’s great to see other forums that have that same helpful spirit. I can get pretty negative about the net at times because of the destructive element and confidence tricksters, but overall I have to admit there is a lot of positive stuff too. I am waiting for the firewall that rebounds the Trojans etc to their creators, lol.
I found the setting you referred to in Comodo about applications certified by Comodo, , also the link you pointed to relating to double entries in application monitor answered my other question.
Thanks also to Soya for the kind help with the links, altogether that’s answered my questions; hopefully in time I shall have enough knowledge to help others.
Thanks Little Mac for your helpful input, I shall obviously need to study some of the applications components a little more, I would presume with most standard firewalls that even if an application is blocked the components could still be having a night out on the net. I am just getting used to my new computer my old 98 machine is past it’s best. Yesterday I installed Microsoft Office, the firewall went mad on my first net connection after install, it seemed like every file in Office was going on line. I think it was a case of if you’re going out so are we, I had no idea what most of the files related to in Office. If I had realized how much of Microsoft Office connects to the net, I would have bought a more home loving Office app, lol
Nice friendly forum thanks again for all the help
Not with CFP, heh heh! Its layered security through the various Monitors provides a much tighter scenario. Soya will slap me with a dead fish for posting this, but that’s ok, if it helps… https://forums.comodo.com/index.php/topic,6167.0.html. Look for the explanation of layered rules; it will help you understand that flow…
No problem on helping; that’s why we’re here. (:WIN)
Sorry to be a little slow in my reply, but as I am setting up the new computer I am working out some new programs and being a bear with a small technology brain that takes me time. At the moment I am trying to figure out Acronis True image for complete system backup.
Anyway thanks for your link Little Mac and your efforts, I have read some of it and will have to let it sink in, but I can see it is very useful.