Blocked WordWeb

Brian_H · February 27, 2010, 6:09pm

At one point I vaguely recall carelessly blocking some action by WordWeb. Subsequently CIS blocks its use of hotkeys and mouseclick+alt(or other) key, which is basic and essential. When I check the “blocked attempts” when CIS starts, I see hundreds (1813 today) of blocks, and when I look at the list it’s almost entirely efforts of WWeb to set up its standard hooks.

I have entered it in My Safe Programs and every where else I can find to try and let it run, CIS will not stop blocking it. I could uninstall CIS and start from scratch, and delete all the rules files etc., but I hate the thought of going through weeks of training again. >:(

Dennis2 · February 27, 2010, 7:35pm

Could you please post a screenshot of these blocked events.

Dennis

Brian_H · March 2, 2010, 3:05am

Here’s a screenshot, attached.

[attachment deleted by admin]

Dennis2 · March 2, 2010, 7:02am

Please go to Defence+ / Advanced / Computer Security Policy

Find the entry for wweb32.exe right click and choose edit

Click on Access Rights then Windows/WinEvent Hooks click on Modify

Now choose Blocked Hooks and deleted the entry for captainHook.dll and you will receive another alert, make sure to click Apply on all the open screens.

I have post a screenshot of another process all you need to do different for wweb32.exe is to choose Blocked Hooks instead of Allowed Hooks.

Dennis

[attachment deleted by admin]

Brian_H · March 2, 2010, 1:10pm

There were no entries under either Allowed or Blocked Hooks. I added that captainhook.dll to the approved list, but it made no difference. Two other dlls from other packages (KatMouse and 1-ClickAnswers) appeared further down the list, so I added them to the Approved also. But Comodo still blocks all 3. I closed and restarted Comodo, and tried to set the Hot Key for WordWeb, and within a few seconds the list of Blocked Attempts filled up with 1102 items, consisting of the same 3 files.
Sample screenshot attached.

[attachment deleted by admin]

Dennis2 · March 2, 2010, 7:53pm

Very odd going by your screenshot of the logs it should be there.

All I can suggest is deleting all the rules for WordWeb in Defense+

Unless someone else can come up with a better idea.

Dennis

Brian_H · March 3, 2010, 5:24am

I did so, and it now permits the kb shortcut to work, but not the mouse rt-click-Alt option. Screenshot of event log attached.

[attachment deleted by admin]

layman · March 3, 2010, 6:46am

Can you change the policy for wweb32 to ‘trusted application’ and try again?

or

Delete the rule for wweb32 from Computer Security Policy, Apply it and change CIS Defense+ policy (right click tray icon-defense+ Security Level) to Training mode and use wordweb with hold keys.

Change defense+ again to cleanpc mode or safe mode and try again.

Brian_H · March 9, 2010, 8:48pm

I noted that 4.0 was available, and tried to install it. It requested I uninstall 3.xx. But I discovered that there is no uninstall utility/option, and that there have been people requesting this for years. This is an essential part of any well-behaved Windows package.

As a result, I have removed Comodo, and deleted every reference in the Registry (except the Legacy ones, which, as noted in other threads, cannot readily be removed – another major inconvenience!)

Perhaps someday if you ever make Comodo uninstallable I will risk installing it again.