Hi, frequently when I launch an application from the start menu for the first time since installing Comodo Firewall, I get a Defense+ alert related to explorer.exe launching the program.
I am puzzled about explorer.exe not being recognised.
Note- I have used Vize which replaces some system resources in Windows files, and was wondering if this is why explorer.exe is not recognised.
I have ‘submitted’ the file (explorer.exe in this case I guess).
explorer.exe is trying to execute - (description)
explorer.exe zipinst - installs
zipinst - installs programs without installers.exe is a safe executable. However, the parent application explorer.exe could not be recognized. Once the application is executed, its parent will have the full control over its execution. If explorer.exe is one of your everyday applications, you can safely allow this request.
As I have a lot of different apps, this is getting rather repetitive.
Alternatively, which Defense+ setting could I adjust… but should I need to?
If you receive those alerts from Def+, I presume you have set Def+ settings in paranoid mode. If you change your settings to safe mode, you’ll not receive these alerts for apllications launched and known as safe by CIS.
In parano mode, it is normal to receive those alerts even for safe applications. If you’ll have look in Defense+ > Computer Security Policy > Defense+ Rules, you’ll see that for explorer.exe everything is set on allow except run an exe which in on ask. And as explorer run the exe of an application each time this application is launched , you receive an alert asking to allow or block. Answer yes and remember my answer (unless you don’t know the application which is launched). Next time the application is launched, you will not receive an alert for explorer.exe.
Hi, thanks Boris 3…
mm, good guess, but the setting is ‘Safe Mode’
- That’s Defense+ Security level from rt click on the tray icon.
The last part of your reply does match- once I’ve responded to the prompt, it doesn’t repeat for that application.
But surely you didn’t receive these alerts for all the applications you launched. It must be only for those who are unknown by CIS and therefore are not in the whitelist. If you are sure they are safe, you can report them to be added to the whitelist.
if you are using a modded explorer.exe file that is why, it is not digitally signed anymore and the sha is different that is why you are not getting those alerts. Only thing you can do is add the new explorer.exe to your trusted files.
Hi languy99 - mm, I’d thought of that- and though I’d added it as a trusted app.
Anyway, I tried it again - and this time got ‘explorer.exe’ is already in the list of trusted apps.
So now it seems to be recognised… maybe after a restart or something like that.
Anyway, all seems ok now… I think!! Thanks again…