Hi,
I’m new to Comodo and thinks it shows promise but there are things I don’t get. Take a look at the image I’ve attached. What am I supposed to answer to that? Is Photoshop really trying to connect to the Internet though uTorrent? If I deny it uTorrent seems to become totally blocked so thats no good.
I am a newbie myself, but going thru Help topics I noticed a lot has been written on OLE and utorrent. Search for those words (if you have not done so already) and I’m sure you’ll find the answer. If still have questions ask again, someone will answer surely. Great mob here.
thanks for your replies sullo and hilmi.
I found this thread that was somewhat helpful: https://forums.comodo.com/index.php/topic,1626.0.html
Is it because uTorrent happens to be the first child of explorer.exe to attempt to open a connection after explorer.exe has been manipulated by Photoshop.exe? Shouldn’t the new rule affect only the parent or does the the parents rules perhaps affect all it’s children? In short, is this a feature or a bug?
When I clicked the link in the email I was expecting these 2 alerts (:NRD)
Date/Time :2007-01-19 20:09:46
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: 216.182.80.209:http(80)
Details: C:\Program Files\Mozilla Thunderbird\thunderbird.exe has modified the the User interface of C:\Program Files\Mozilla Firefox\firefox.exe by sending special Window messages…
Date/Time :2007-01-19 20:09:41
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP Out
Destination: 192.168.1.1:dns(53)
Details: C:\Program Files\Mozilla Thunderbird\thunderbird.exe has modified the the User interface of C:\Program Files\Mozilla Firefox\firefox.exe by sending special Window messages…
Now, utorrent is running in the system tray, doing its thing, not harming anybody, then up pops this ???
Date/Time :2007-01-19 20:09:49
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (utorrent.exe)
Application: C:\Program Files\uTorrent\utorrent.exe
Parent: C:\Program Files\Mozilla Firefox\firefox.exe
Protocol: UDP Out
Destination: 200.82.122.164:10957
Details: C:\Program Files\Mozilla Thunderbird\thunderbird.exe has modified the the User interface of the Parent application C:\Program Files\Mozilla Firefox\firefox.exe by sending special Window messages…
Utorrent already had an allow rules with firefox as the parent and and explorer as the parent.
Thunderbird had a rule with explorer as the parent [but no rule with firefox as the parent.]
Allowed the 3 alerts.
I checked the application monitor expecting to see the firefox parent rule but not there.
[edit]
Sorry the above should have read- no rule for firefox with thunderbird as the parent. This rule should have been added when I allowed the alerts. Closed utorrent, rebooted, clicked an email link, the alerts poped up, allowed, checked the application monitor and the correct rules were there.
Just read the links posted by hilmi
Even with the odd little quirk this is still a great firewall