Hello, I’m a long time lurker, first time poster and I need some help blocking iPodService.exe on a Win XP SP 2 system. I am trying to disable it as I don’t have an iPod therefore it is just wasting memory. iTunes runs fine without it if it is disabled manually from the Task Manager but I want to stop it from launching. I have attempted to disable it using Control Panel>Administrative Tools>Services as well as msconfig as a run command. The problem is when iTunes starts, it will change the service start up to manual and start the service. Deleting the file itself will cause iTunes to re-install itself.
So I tried to set a rule in Comodo in Comodo>Defense+>Advanced>Computer Security Policy and blocked iTunes.exe from running iPodService.exe as well as other options to no avail. I took the “sure fire” approach and removed the policies for iTunes.exe and iPodService, set Defense+ to Paranoid Mode so that I could see every alert. And when this alert came up:
I chose to “block this request” and checked “Remember my answer”. I terminated the service and closed iTunes, and then restarted iTunes again. But it was still able to start iPodService.exe. Now my last option would be to replace iPodService.exe with a dummy file but I was wondering, couldn’t this exploit be used on malicious software to bypass the firewall? Or am I making some sort of critical mistake? Thanks.
Under D+ /custom secutrity policy double click on iPodService.exe then choose " use a predifined policy" then choose " isolated application", this should block it.
You can also disable it by going to Control Panel>Administrative Tools>Services then double click on the service, click on “Logon” then click disable and press apply.
That’s the thing, even though this is a trivial matter, iTunes can bypass both Windows and Comodo’s controls. For instance if I disable the service in the Logon tab, iTunes.exe will start iPodService.exe and if you check the Logon tab again, you will see that it has been enabled.
Additionally, if I change iPodService.exe to an Isolated Application, it will still run. Comodo does recognize that iTunes is trying to start iPodService.exe as you can see in the alert in my first post. When I block the action, Comodo will list iPodService as a blocked application under Custom Policy>Access Rights>Interprocess Memory Accesses. However that does nothing to stop iTunes.exe from starting iPodService.exe. Again this is a trivial thing, but if it were a piece of malware doing something like this, it might not be.
The unnecessary services from iTunes like iPodService.exe can be terminated and quarantined with “view active process list” under Defense+, common tasks…
