Wgatray.exe is used for Windows Genuine Advantage authntication Notification. don’t let it connect unless you want to verify your copy of windows. If you want to get rid of this ,let me know there are tools available.
Quick question. Not trying to hijack the thread or anything. But my question is about this as well. When I installed Comodo today. The newest version btw. When it asked me the same question about Wgatray.exe I allowed it to go through. Since your saying not to allow it. How do I go back and fix that to not allow it?
well if you allowed it the damage is done. You don’t have to worry if you have a genuine copy of windows. If not then go to the Application Monitor and select the wgatray.exe and block all incoming and outgoing.
there are tools to get rid of the wgatray.exe Just google “remove wgatray.exe”. There are many ways to remove this.
I wonder if I have something not working.
Wgatray.exe is not listed in application monitor ???
My alert level setting is set to ‘Very High’ and of course have alerts shown also for Comodo certified applications.
I had allowed it in ProcessGuard free, but if I remove it from allowed programs, I will get a notification after reboot from PG that wgatray.exe has been ran once and so early that PG was not able to ask with a prompt.
Might this program be too early for Comodo 2.4.18.184 too?
this wgatray.exe is a very tricky thing. Even if you kill it manually, it appears again. I can’t tell you exactly why it’s not shown in App monitor.But it cant connect without firewall noticing it, that’s for sure. but you can get rid of it if you want.
I can sure block it with ProcessGuard and I don’t really mind it also being allowed since I have a legal XP.
Just cannot understand why it is not listed and Comodo takes no control? I wonder if wgatray.exe does really go to internet every reboot, once it is once allowed to do that. I don’t remember for sure, but I might have seen it once and then removed the rule, to see if it asks again, which it doesn’t.
Total mystery and very much liked to know the reason. Possibilities are PG or Avira conflicting with Comodo, but when I disabled PG and did a reboot, still no response from Comodo firewall.
There is nothing I think also in my network rules that would block wgatray.exe. Only a little added protection that standard rules don’t have as well as filtering out unnecessary log alerts.
Rules 0,1 are for outbound netbios traffic blocking. 2 is for unsolicited cable modem dhcp connections, filtering their logging out. Rule 3 is for some local port logging filtering out. Rest of the rules don’t block anything except of course the final blocking one.
Anyways I could not find from the log the culprit.
This is a new XP Pro PC that has not had any other firewall except SP2 one ever installed/running.
I also noticed an interesting and scary quirk after updating Avira manually from admin account, logging out from admin account to a limited user account. Windows Security Center popped up telling me that I have no firewall or something like that. That was not all, Comodo icon on systray was normal, but Application monitor, Network monitor, in fact all those 4 if I remember were turned off ???
I did ran a shields up! scan and was stealthed. Did reboot and then Comodo was back to normal, as I expected.
There are these “quirks” that are far more important to sort out than some new features like HIPS.
More important to have the feature in network rules to tick them on/off. Better logging with an option to have application allowed rules log.
And able to export/import rules&configuration to/from a file for cases like this when I could install kerio 2.1.5 to check out this wgatray.exe mystery and then uninstall it and install Comodo back within a few minutes with my fine tuned rules back from a file.
Installed Wireshark packet sniffer and put it to capture packets.
Then I executed wgatray.exe from system32 folder and no packets were generated for that event, so no internet connections made?
One thing, when you create these block rules always put them at the bottom. This won’t be a problem if it’s very very specific. But it’s normally advised to put them at the bottom. Since Rules are checked from top to bottom.
I also noticed an interesting and scary quirk after updating Avira manually from admin account, logging out from admin account to a limited user account. Windows Security Center popped up telling me that I have no firewall or something like that. That was not all, Comodo icon on systray was normal, but Application monitor, Network monitor, in fact all those 4 if I remember were turned off ???
I did ran a shields up! scan and was stealthed. Did reboot and then Comodo was back to normal, as I expected.
This problem has been raised previously in the forums. I can’t remember seeing an answer for that. Try submitting a support ticket. http://support.comodo.com/
There are these "quirks" that are far more important to sort out than some new features like HIPS.
More important to have the feature in network rules to tick them on/off. Better logging with an option to have application allowed rules log.
And able to export/import rules&configuration to/from a file for cases like this when I could install kerio 2.1.5 to check out this wgatray.exe mystery and then uninstall it and install Comodo back within a few minutes with my fine tuned rules back from a file.
(:NRD) yup some good ideas.
Make sure you add these to Wishlist v5