Hi there,
This is just one of many similar type messages that Comodo keeps giving me. I never want to automatically allow anything I don’t understand but am slowly running out of patience with these messages.
From the below message (and it’s not just SetPoint - it’s others too) do I assume that these other processes are messing around with Firefox? Or is it Comodo getting confused? Either way, is there any explanation and any way of stopping this without disabling any components of Comodo?
Thanks,
Steve
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\Program Files\Mozilla Firefox\firefox.exe
Protocol: TCP Out
Destination: 212.58.226.33::http(80)
Details: C:\Program Files\Logitech\SetPoint\SetPoint.exe has modified the the User interface of C:\Program Files\Mozilla Firefox\firefox.exe by sending special Window messages.
That’s an proper alert from your firewall. It catched that your logitech mouse/keyboard utility tries to apply your settings/preferences into the opening window of firefox or outlook etc just to be able to controll the functions that are supported (e.g. fast scrolling). Next time you get this popup click to remember your acceptance and it won’t notify you again.
essdeeay,
You are not the first person to be driven nuts by these things, and you probably won’t be the last…
As George has explained a bit of, applications within Windows communicate with each other through the course of operations. When they do so with an application that is actively connected to the internet (such as your mouse with firefox), this puts them in connection with the internet (in a way…).
Thus, CFP, since it monitors such things for potential malware activity/hijacking/communication attempts, will give an alert that such activity is occurring. Due to user feedback (I know they got plenty from me!), Comodo made some changes to tone down the alerts when version 2.4 came out, and it seems it was greatly improved.
It seems it’s a bit of a trade-off; if we want the security, we have to accept that we may get some popups - we can’t have one without the other. The rule of thumb is, if you know both applications, you can allow and not worry about it. As George said, you can add the “remember” to it and shouldn’t get that specific warning again.
Another option is that you can edit the existing Application rule(s) and select “Skip Advanced Security Checks” under the Miscellaneous tab. That will turn off ABA for that application only.
The time to be concerned is when you get this from an application you don’t know or don’t recognize.
Hope that helps,
LM
Thank you both - I’m learning and understanding how CPF works more every day. I’m keen to understand how I can make it into an easier application, the likes of ZA Free, so I can set the parents up easily.
Cheers,
Steve
Steve,
Here’s a good place to start learning about CFP, if you haven’t been there already… https://forums.comodo.com/index.php/topic,6167.0.html.
This is a locked compilation of various tutorials and explanations, so there’s no questions or comments; just info for easy reading. Each post has an embedded link back to the original topic, where you can post your questions.
Hope that helps,
LM