AXCRYPT & COMODO... [Resolved]

Hello, Folks…

[b]I’D LIKE TO ALTER THE CONTENTS OF THIS MESSAGE, JUST TO MAKE SURE THAT MY OWN ERROR IS KNOWN ABOUT! COMODO IS NOT REPORTING THE BEHAVIOUR OF AXCRYPT AS TRYING TO ACCESS THE NET…IT IS REPORTING THE BEHAVIOUR OF AXCRYPT ATTEMPTING THE MODIFICATION OF WINDOWS EXPLORER! I AM CORRECTING THIS STUPID MISTAKE OF MINE, HERE, IN ORDER TO BE TOTALLY FAIR TO THE DEVELOPER/S OF AXCRYPT!

THE AUTHOR/DEVELOPER IN CHARGE OF THE AXCRYPT PRODUCT HAS VERY QUICKLY AND VERY KINDLY REASSURED ME THAT AXCRYPT DOESN’T HAVE EVEN ONE LINE OF CODE THAT IS ABLE TO ACCESS THE NET!

SOMETHING ELSE - NOT SINISTER AT ALL - IS VERY PROBABLY GOING ON, HERE, AND I HAVE MISTAKEN WHAT I AM SEEING FOR SOMETHING QUITE DIFFERENT![/b]

I know that this subject has been posted about, already, but the Forum software, itself, suggested that I may care to do a fresh posting on it, so here it is.

ABOUT AXCRYPT

Every time I encrypt a file with AxCrypt, and then attempt to get to any (and, I mean ANY) web site in Internet Explorer, AxCrypt tries to muscle in on the connection and Comodo shoots up a warning (Comodo is incredibly fast at this, I’m delighted to say!) The advisory “appears” to be suggesting that AxCrypt is doing something to/with Internet Explorer. I’m left with choosing to allow Ax to access the Net (even though I haven’t a clue what it’s trying to do when it does so), or disallowing it which effectively cripples IE.

If I allow AxCrypt to use IE for its (goodness only knows what) purposes, IE remains usable.
If I disallow AxCrypt’s use of IE, no links, no pages, no favourites work, unless I go back into CPF’s settings and switch AxCrypt back to “Allow”.

QUESTION: Given that I’ve already declined E Mail updates on this most recent installation of AxCrypt…why is AxCrypt attempting to connect to the Net and why does this only happen if I have JUST ENCRYPTED SOMETHING WITH IT!?

  • I have uploaded “AxCrypt.exe” for the Comodonauts to examine, if they feel the need.
  • I have also E Mailed the programmer about how worried I am at this behaviour!

Make no mistake about one thing - I ABSOLUTELY LOVE AXCRYPT AND IT WOULD SERIOUSLY DISAPPOINT ME IF I FOUND THAT IT WAS MISBEHAVING IN ANY WAY! I just hope, more than I ordinarily would, that I’m wrong in this…I’d never feel secure in file encryption using PGP alone.

  • Can anybody tell me WHY I can’t get any IE sites, of any form, just because I stop AxCrypt from modifying something in IE?
  • What must I do in my settings (I’m a Comodo beginner, for sure!) in order to stop AxCrypt from accessing the Net, without losing my ability to use IE?

AxCrypt is the best encryption program since PGP (in my own opinion) and I just need to hear that I have no call to uninstall it - somebody, HEEEEE-E-E-E-E-E-ELP me find a Fairy-Tale ending to this intense concern I’m feeling and tell me that it’s all down to something that I don’t know, or know how to do, u-u-u-u-uh…yet!

Ian.

Hi,

You may have seen my post about this, I had the same “problem”.

If you take a good look at the comodo pop up, it says… “axcrypt modified the user interface of explorer (not iexplorer) and maybe using… blah…blah…”

This pop up happens with the next program that contacts the internet (when explorer is its parent). It happens with google notifier, iexplorer, firefox etc. I think it is because axcrypt has a comand line in right click menu of explorer and after use acxrypt, it changes it in some way. Perhaps adding “decrypt” to the menu, as you have a decrypted file selected in explorer.??

I don’t think axcrypt is connecting to the internet.

Roy.

Roy…

Many thanks for that.

I’ve just replicated the situation and, instead of using IE, I opened Outlook Express - the same thing happened.

I then did the same thing with the Yahoo Messenger - again, it happened.

I now, also, acknowledge that “explorer” is shown in the warning and not “iexplore”.

Thank you for your reply and for putting me straight on this.

I love AxCrypt so much, I’m very pleased to put this one behind me.

Ian.

Ian,

I use AxCrypt as well, and encounter the same thing. And yes, the developer is very specific that it only connects when you initially install (if you allow it) to let them know that it was installed. And yes, Roy is right that it relates to the way programs interact.

This warning is part of CFP’s Application Behavior Analysis. Programs in Windows communicate between themselves, and sometimes “alter” each other on a regular basis, and this is not a cause for concern, nor a security risk. The alert comes because this is also something that a virus, trojan, etc could do in its effort to corrupt/expose your system.

CFP does not differentiate between “good” and “bad,” although if you have (under Security/Advanced/Miscellaneous) the box checked, “Do not show alerts for applications certified by Comodo” it won’t show these alerts if both applications in question are on the safelist. Obviously, AxCrypt is not currently on the safelist, thus it generates an alert. If you Allow (without Remember), it allows for that session only. If you Deny, CFP determines that you must be compromised, and blocks both applications (generally, closing and restarting the browser will reset things for this alert).

Here’s a workaround I use, so that I don’t get annoyed by the popups for this application: In the Application Monitor, I have created the following rule:

Application: Axcrypt.exe
Parent: Skip
Action: Block
Protocol: TCP or UDP
Direction: Out
Destination IP: Any
Destination Port: Any

OK. Then wait a few minutes before reopening the app, or just reboot.

Hope that helps,

LM

LM…

Many thanks for replying.

I’ve set up the rule, but the alerts are still coming up…that may be an expected item, though.

Am I right in assuming that it is now safe for me to tick the box before I click on “Allow” (when this particular “AxCrypt”/“explorer.exe” occurs) and that security surrounding this will not be compromised?

Ian.

Yes, you can click Allow (without Remember) and not be concerned.

Regarding the continuation of alerts, have you rebooted since creating that application rule?

LM

Hello…
Thanks for the reply.

Yes…I’ve booted up again, since. I’ve used the tick in the “Remember” box and clicked allow and the situation appears to have been resolved with that advice.

Now, all I have to do is figure out how to get a “valid” Help file. If it’s anything nearly as good as the downloaded “Leak Tests” PDF file, it’s gonna be a sight for sore eyes.

Ian.

What do you mean, a “valid help file”? CFP has a help file with it; are you unable to open it? Or do you find unhelpful?

Let me know and I’ll help you find a help file all I can…

LM

LM…

When I have the Comodo FP screen up and I click on the “Help” button, top-right, I get a notice on screen-center, saying that an attempt has been made to use an invalid help (.chm) file.

The actual message I get is…

“CPF.chm - Attempting to use an invalid compiled help (.chm) file”.

I’ve posted separately about this, in fact, in this same section of the Forum/s.

Ian.

Thanks, I saw the other post. Paul is better-equipped than I to answer that question. I’m sure he’ll get you taken care of.

LM

Hey Ian,

Here’s a PDF version of the manual. You might have a go at that…

Manuals

The manuals for both version 2.3 and 2.4 are there, for download…

LM

LM…

To all who helped me with this problem, many thanks: the PDF is downloading, now.

Ian.

No problem, Ian.

I’ll go ahead and mark this topic as “Resolved” for other users’ benefit.

LM