Baffling message (and very inept user ..)

Hi,
I apologise for posing what might be a very ignorant question but my computer literacy is very low indeed …
I received today a warning from Comodo (as per attached image) - not knowing what kind of threat it might represent I denied permission; after a while my internet connection stopped altogether (I’m on DSL).
Shoud I have acted differently ? And - more important, if I am to avoid pestering you people with my newbie questions :wink: - is there some tutorial where I might learn more about this kind of warning ?
Thank you for your help !!

[attachment deleted by admin]

That warning is legit, so you can allow it.
You can go to application monitor and/or component monitor and remove that block.
Next time you get it, you can allow it and remember.
You might have to restart the firewall or the computer to get it to work.

A tutorial for pop ups is difficult to make, since there are tens of thousands of programs out there.
You could make one for the most common programs and system processes.
Have you scanned for “known applications”?

You should keep your eyes open so that a malware doesn’t use a common program to get out, as a parent.
If you are not sure about a program/process, just ask here in the forum or search with google or similar.

Thank you AOwL !!
So there was in fact a block ! I could not understand why my internet connection did not work anymore … I must confess that to be able to connect I had to uninstall :cry: Comodo - now I will reinstall it and try not to panic any more.

Something tells me I’ll be back soon …
Thanks again !

You’re welcome.
Next time you are unsure, don’t tick the remember box… :wink:

Hi Direwolf, welcome to the forums.

AOwL beat me to it. But, I will post mine, since there is bit more explanation & steps on how to remove remembered blocks.

You should not have blocked the SERVICES.EXE to SVCHOST.EXE relationship. SERVICES.EXE is the program that runs all your Windows Services. Various Windows Services (eg. Windows Update) use SVCHOST to access the Internet. If you did not check the box “Remember my answer for this application” on CFWs Alert pop-up, then you have only created a temporary block & simple reboot will resolve this. Next time you see this pop-up, check the remember box & press Allow.

If you did check remember to the alert, then no problem. It is quickly resolved. Open CFW, select the Security tab & press the Component Monitor tab. Don’t worry about all the entries in the list, as you’re only looking for 2 specific entires. The list is in alphabetical order. So, scroll down looking for SERVICES.EXE. When you find it, if its not set to Allow make it so. Do the same thing for SVCHOST.EXE. When you’ve ensured both are set to Allow, press “Apply” at the top of the list to save your changes.

Newbie tutorial? We are working on it. But, its quite a hard thing to create, given all the configurable options & different set-ups. However, our current best efforts are in the FAQ section (key FAQ topic: ** FAQs/Threads - Read Me First **).

In the meantime, we really don’t mind newbie questions. Honest.

And a just another small note, so that you will be fully prepared, Direwolf…

Any time you get one of those OLE Automation popups, if you choose to deny it, CPF will apply that to the entire internet connection (it doesn’t matter what application you have chosen to block) - that’s why you lost internet. A reboot will reset CPF’s memory. It is an annoying glitch that Comodo is aware of.

LM

I’ve noticed that a restart of the application that was ‘wrongly accused’ is already enough. No need to reboot either the OS or COMODO. (Or are we talking about different issues?)

Paul Wynant
Moscow, Russia

Thank you all for your very precious advice !
I do no think that there could be some malware on my pc - I try to be very careful (well, paranoid should be a better description … :slight_smile: ) and with the help of my trusted Nod32 I’ve been very well protected; just to be on the safe side I ran a scan today with Trend Micro’s House Call, so - correct me if I’m wrong, please - once Comodo has scanned my pc for known applications, I should be able to trust every request that comes from my first run of the usual applications.

Anyway I will do what you recommended and come here yelling for help :smiley: when need arises - your willingness to help is greatly appreciated !! (:HUG)

If you’re confidently virus free, you should be good to go. Here’s something to keep in mind, though, in that regard. If CPF (because of the Application Behaviour Analysis) detects a change in an application (such as an upgrade, or unwanted viral addition…) it will prompt you with an alert, and note that there has been a change. So don’t just think that it’s forgotten your app and click ok. If it alerts you to something you’ve already told it is okay, there’s a reason!

Bring on the questions, I think you’ll find people glad to help!

LM

I had read initially that with the OLE Automation issue, you need to reboot to clear CPF’s memory, so I’ve always done that. When this has occurred, I don’t know that I’ve tried closed and restarted the offending app. If indeed it’s CPF’s memory, it wouldn’t seem like restarting the app would clear that…

Hmm. I may have to create an offense, to test that. Food for thought/action…

LM

Note 1: Well, if it’s just a regular attempt to connect, rather than an OLE attempt, you don’t lose your internet, and closing/reopening the offending app will trigger another alert (w/o selecting “remember”).

Note 2: I was able to trigger an invisible connection attempt w/another app, denying this did cause loss of internet. This may be somewhat applicable tho, since CPF applied the offense to FireFox instead of the app. Restarting the app did not resolve the issue. Restarting FF did; connection restored.

Both these apps have previously triggered OLE alerts; now they’re behaving nicely! Arrgh.

I’ve always just restarted the app, not the computer… ;D
That has restored the connection… :wink:

This used to happen with my previous firewall as well (Sygate) so, at least on this subject, I am not inclined to panic ;D - when I upgrade an application I usually run it right away, so the firewall does its little dance and we’re both happy …

Bring on the questions, I think you'll find people glad to help!

Thanks !
(so far, so good - but I’m keeping my fingers crossed !!)

Despite my crossed fingers, here is another very strange message - file attached.

I was indeed using Calc from Open Office a few moments before launching Opera and now, whenever I try to connect to the internet (with any application) this is the message that Comodo sends - of course if I deny permission the program is unable to access the web.

Thank you !!!

[attachment deleted by admin]

Hi, Direwolf!

If this were some kind of Trojan, you would pick ‘Remember my settings’ - Deny.
But since this is Open Office, we may pick ‘Remember my settings’ - Allow. The program is not going onto the Internet; it’s just a memory space problem.
You CAN click ‘Deny’, but then you’ll have to restart Opera.

Paul Wynant
Moscow, Russia

Thanks p2u !!

Must I then expect some more of these “memory space problems” from other applications ?
(applications I can trust, of course …)

I’m afraid so. This is an inconvenience that you will have to live with until there is an update. By the way, I haven’t seen this kind of alerts for more than a week now…

Paul Wynant
Moscow, Russia

As long as I know what it is, I will gladly put up with it - I think Comodo is worth it …
Thanks again !!!

Doesn’t work for me, for OLE Automation attempts. I got one to pop this morning, finally.
I denied the attempt, thus losing the internet connection.
I closed the offending application.
I closed and reopened FF. Didn’t regain the connection. In fact, I still got the OLE message.
I reopened, reclosed the offending app, then FF. Didn’t regain the connection, still got OLE message.
Closed and reopened CPF, then FF. Didn’t regain the connection, still got OLE message.
Since explorer.exe was the parent for FF for the OLE attempt, I even opened explorer and closed it. I did not stop the explorer process… Didn’t regain the connection, still got OLE message.

So that only leaves rebooting AFAIK, which is also what would occur if I actually stopped the explorer process… So, reboot, problem solved.

For the other types of connect attempts, restarting the application does it, but not for OLE (for me).

LM

Do you have the latest beta installed?