Application Behavior Analysis

This is giving me grief at present, just how necessary is this. It would appear to be an area in need of further development.

If applications have been scanned and deemed safe with full access to the internet why is all this second guessig going on and causing loss of connection frequently.

I do not have the time or inclination to be forever making rules/exceptions for ever quirk this program
throws up.


Hi rowdy

Whilst CFP may have scanned your applications & deemed them safe, it did not verify the relationships between all the Applications & Components. It is probably this that you’re seeing. Whilst these warnings may seem to be duplicate they are, in fact, most probably different. CFP is just learning the relationships that you use in your system. Over time these messages will diminish as CFP learns & will only reappear if something is added or updated.

Here’s what CFPs Help says about Application Behavior Analysis (ABA)…

Comodo Firewall Pro analyses each application?s behavior and detects any suspicious activity before granting it internet access. This powerful new feature enables it to detect more trojan activity than any other firewall - the ultimate protection against the leaks that the most personal firewalls fail to detect, including:

Process memory injections
Invisible processes
Parent application change
DLL/Code injections

CFPs ABA has the following options…

[b]Enable Application Behaviour Analysis[/b] - Switches the functionality on or off

Monitor Inter-Process Injections Memory Modifications - Forces the firewall to monitor common code injection techniques that can be used by viruses

Monitor DLL Injections - Forces the firewall to monitor common DLL injection techniques used by viruses

Monitor Window Messages - Forces the firewall to monitor special window messages that can be used to manipulate an application?s behavior by a virus

Monitor DNS Queries - Forces the firewall to monitor DNS requests so that viruses trying to use Windows system services for DNS queries will be detected.

Monitor Parent Application Leaks - Forces the firewall to check if there is a leaking attempt in the parent application. i.e. if Process Injection is selected above, Comodo Firewall Pro will look for the parent application to see if there is a process injection in it before allowing the internet request.

Monitor COM/OLE automation attempts - When enabled, forces the firewall to detect any program hijacking attempt which may occur by misuse of COM/OLE interfaces by other programs.

In summary, I believe that ABA is necessary, if not vital, for your system’s protection.

I hope this helps.