(application name) is trying to install global hook msctf.dll

Carbofos · December 21, 2008, 11:02am

As far as I understood, msctf.dll is a “windows text service” that has to do with the language bar. The problem is, that Defense+ is reporting nearly every program that it wants to install that (see screenshot in attachment).

Is there any way I can allow that particular action for all applications?

I’ve added msctf.dll to “my safe files” list, but it didn’t help; I guess the list is intended just for executables, not files they’re accessing.

I can workaround that by selecting “Turn off advanced text services” in language bar settings, but then the language bar itself closes, which is not what I want.

The Windows version is XP x64 SP2.

[attachment deleted by admin]

gibran · December 21, 2008, 12:11pm

Hallo Carbofos

Did you install CIS from scratch?

D+ is already configured to handle that dll.

Application : Group: [All Applications] Treat as: [Custom Policy]
-----------------------------------------------------------------------------------------

Access Right 0: {   Protected Files/Folders  }	Default Action: Ask
[0]  Allowed:	Group [Temporary Files]

Access Right 1: { Interprocess Memory Access }	Default Action: Ask
[0]  Allowed:	%windir%\system32\ctfmon.exe

Access Right 2: {   Windows/WinEvents Hooks  }	Default Action: Ask
[0]  Allowed:	%windir%\system32\msctf.dll
[1]  Allowed:	%windir%\system32\browseui.dll
[2]  Allowed:	%windir%\system32\ieframe.dll

Please check you All application* policy

Carbofos · December 23, 2008, 9:39am

Hi, thank you for reply.

I’ve found the settings you’ve referred to and added “%windir%\SysWOW64\msctf.dll”. Now it seems to be working as expected (although, from my understanding system23 and SysWOW64 folders are actually same)

Thanks again for help.

Carbofos · September 26, 2009, 7:16pm

Hi again,

Is it safe to add DINPUT.DLL from Windows system32/syswow64 directory to this list?

I’ve reinstalled CIS completely today, and now I keep getting alerts of various programs trying to install this as global hook…

Citizen_K · September 27, 2009, 12:23am

Make sure it is a Microsoft file.

dinput.dll is a DirectC DLL, which handles DirectInput. This gives functionality for multimedia input devices such as joysticks.

source: http://www.processlibrary.com/directory/files/dinput/21979.

Look up the file properties, When it is a Microsoft file you can allow it

Carbofos · September 27, 2009, 8:26am

Thanks for reply.

I know it’s a common Microsoft file, was just wondering if it’s capable doing any harm in wrong hands, i.e. if some evil app tries to use it, cause I’m allowing any application to use it and it wasn’t in the list by default.

Kyle142 · September 27, 2009, 8:37am

It’s a safe file - If an “Evil” File tries to perform a malacious action to, or use it - it will become a different application and Comodo will recognize the modification.

Sybrandus · October 7, 2009, 10:47pm

I have the same issue.

Where is the All application* policy in Comodo. I’ve looked in every area and must have missed what you mean here.

Thank you

riggers · October 8, 2009, 5:19pm

The “All Applications” policy is located in the “Computer Security Policy”

From the main interface go to Defence+/Advanced/Computer security policy

Scroll down the list and you will see an entry for Comodo Internet Security->Below that should be an entry %windir%\explorer.exe then below that %windir%\system32\rundll32.exe
Underneath that is an entry called “All Applications” which should have a custom policy and a branch with a * coming of it.
Double left click on the “All Applications” entry and a new window will appear, click on “Access rights” where you will get the ability to add things to the allowed list for each action.
To add an entry for Global hooks click on “Modify” next to it then on Add then Browse. Now find the entry you wish to add and APPLY to close all windows.
Added a few pics to help.

Matt

[attachment deleted by admin]