Hi,
I’m new to Comodo and thinks it shows promise but there are things I don’t get. Take a look at the image I’ve attached. What am I supposed to answer to that? Is Photoshop really trying to connect to the Internet though uTorrent? If I deny it uTorrent seems to become totally blocked so thats no good.
Whats going on?
edit:
http://www.geting.se/image.php/23192-uhm.jpg
[attachment deleted by admin]
Hi Haw, welcome
I am a newbie myself, but going thru Help topics I noticed a lot has been written on OLE and utorrent. Search for those words (if you have not done so already) and I’m sure you’ll find the answer. If still have questions ask again, someone will answer surely. Great mob here.
Hilmi
Hi Haw
Another newbie here, the experts will be on shortly, they usually answer within 24 to 48 hours.
Couple of questions.
The easiest example of OLE is if you click a link in an email you would get an alert that your email prog is trying to use your browser to connect.
OK that was interesting
I wanted to see the alert box for opening a web link from my email prog.
The alert came up as expected but I also got an alert that utorrent
Date/Time :2007-01-19 20:09:49
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (utorrent.exe)
Application: C:\Program Files\uTorrent\utorrent.exe
Parent: C:\Program Files\Mozilla Firefox\firefox.exe
Protocol: UDP Out
Destination: 200.82.122.164:10957
Details: C:\Program Files\Mozilla Thunderbird\thunderbird.exe has modified the the User interface of the Parent application C:\Program Files\Mozilla Firefox\firefox.exe by sending special Window messages…
utorrent was downloading at the time.
The destination ip looks like an isp in Argentina.
I think we might both wait for the experts.
Sullo
thanks for your replies sullo and hilmi.
I found this thread that was somewhat helpful:
https://forums.comodo.com/index.php/topic,1626.0.html
Is it because uTorrent happens to be the first child of explorer.exe to attempt to open a connection after explorer.exe has been manipulated by Photoshop.exe? Shouldn’t the new rule affect only the parent or does the the parents rules perhaps affect all it’s children? In short, is this a feature or a bug? 
edit:
ahh, thanks hilmi.
Interesting read.
Yes basically the same thing
When I clicked the link in the email I was expecting these 2 alerts (:NRD)
Date/Time :2007-01-19 20:09:46
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: 216.182.80.209:http(80)
Details: C:\Program Files\Mozilla Thunderbird\thunderbird.exe has modified the the User interface of C:\Program Files\Mozilla Firefox\firefox.exe by sending special Window messages…
Date/Time :2007-01-19 20:09:41
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP Out
Destination: 192.168.1.1:dns(53)
Details: C:\Program Files\Mozilla Thunderbird\thunderbird.exe has modified the the User interface of C:\Program Files\Mozilla Firefox\firefox.exe by sending special Window messages…
Now, utorrent is running in the system tray, doing its thing, not harming anybody, then up pops this ???
Date/Time :2007-01-19 20:09:49
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (utorrent.exe)
Application: C:\Program Files\uTorrent\utorrent.exe
Parent: C:\Program Files\Mozilla Firefox\firefox.exe
Protocol: UDP Out
Destination: 200.82.122.164:10957
Details: C:\Program Files\Mozilla Thunderbird\thunderbird.exe has modified the the User interface of the Parent application C:\Program Files\Mozilla Firefox\firefox.exe by sending special Window messages…
Utorrent already had an allow rules with firefox as the parent and and explorer as the parent.
Thunderbird had a rule with explorer as the parent [but no rule with firefox as the parent.]
Allowed the 3 alerts.
I checked the application monitor expecting to see the firefox parent rule but not there.
[edit]
Sorry the above should have read- no rule for firefox with thunderbird as the parent. This rule should have been added when I allowed the alerts. Closed utorrent, rebooted, clicked an email link, the alerts poped up, allowed, checked the application monitor and the correct rules were there.
Just read the links posted by hilmi
Even with the odd little quirk this is still a great firewall
