Banned Application & OLE automation detection

I notice banned application can still access internet through OLE automation by calling iexplore.exe. In V2, Comodo firewall does warn me on such issue, but V3 never do. As a matter of fact, my hardware firewall caught it after it slips through V3 unnoticed.

  1. Did I forget to set something in V3 so it can flag such violation?
  2. Should OLE automation also be flagged if parent application is banned?


[Topic Closed: If issue returns PM an online mod to open]

This is a bug in v3. See;msg117537 for related discussion. Don’t know the status of having it fixed someday. Never discovered anything simple to do about it.

Maybe this will help:

  1. switch D+ to paranoid mode

  2. live your application banned in network security policy

  3. go to D+ ->computer security policy->your banned application->edit->access rights->run an executable->modify->make sure the list of allowed applications is empty or delete all entries if it is not->apply everywhere

Then try to reproduce connection of your banned application through OLE automation.

This time there should be alert from D+ that your banned application is trying to execute iexplore.exe.
Select block and place a tick remember.

Please try this and post back with results.


Logically your method should work just because setting it to paranoid mode and adjusting the rule once it alerts the user the method and connection attempt. And I verified that too. (don’t forget to put back in train w/ safe mode afterward)

But it doesn’t solve the problem that sometimes u don’t know whether and which application phones home or not, through OLE automation, iexplore etc,. A blanket banned application should do the job for the user, provided all children’s app are prohibited as well, doesn’t matter the children’s app is safe or not.

I read through a bunch of questions in this forum and it seems a lot of people thought banned application will do the job for them nice & easy. Not. Unless they put their firewall in custom mode or know exactly what application will phone home, and do what you just described above.

I just wonder why D+ has a paranoid mode which all the hooks are provided, can’t be extended to banned application which essentially a paranoid mode for a particular application.

Why? Like many others i’m very comfortable with paranoid mode.

There is no need to “know whether and which application phones home” when D+ is set up accordingly (as it will be always alert except for cfp.exe).
There will be no alert from D+ only in these cases:
app xyz (for example) is declared windows system application or was allowed to execute its “proxy” previously with remember option, or D+ is not in paranoid mode, or appropriate permissions for xyz were granted automatically when D+ was in training mode (or train w/safe mode, or clean pc mode).

Check this and correct me if i’m wrong.

You are correct.

So the only answer to my original question is paranoid mode. And with paranoid mode, there is no need for anything else but your judgment at that particular instance. Banned application should never be existed at the first place because it doesn’t work and worst, gives user a false confidence. I suggest either to remove that option or a warning to user when that option is selected until a fix is found.