I just blocked the program Catalyst Control Center (ccc.exe) from accessing the internet via explorer.exe. It’s the program for managing settings for my video card. This killed my internet connection! It feels like I’m pulling the plug rather than filter the internet activity! I’m forced to either allow everything to access or nothing! (:AGY)
I understand your consternation and confusion, MrSurfTurf, but it’s really not as bad as all that… I’ll refer you to this thread for more info about details on the inner workings of this firewall… https://forums.comodo.com/index.php/topic,6167.0.html A brief explanation is that you will get these alerts because of how applications communicate behind the scenes in Windows. This is normal and not a cause of concern. Unfortunately, because it’s so “normal” malware does things to emulate that, take advantage of it, and try to utilize this concept to create connections to the internet. Thus, CFP monitors these types of activity and alerts the user when it sees them; it does not determine good from bad; only that it is “suspicious.”
The rule of thumb, according to the lead developer for the firewall, is that if you know both applications (which you clearly do) it is safe to Allow with Remember, so that you won’t see that specific alert again. The time for concern is when you don’t know one or both applications; then Deny and start investigating.
If you Deny or Allow without Remember checked, it will be for that session only. Typically restarting the browser will reset it (the only caveat to that, in my experience, is when it’s an OLE Automation alert; then a reboot seems to be required). If you you take action with Remember, you will create an Application Monitor rule for that scenario and shouldn’t see that specific alert again.
If both applications are on Comodo’s safelist, you won’t see these alerts (providing you have not disabled the safelist). At present the safelist isn’t very large; in the next version of the firewall (hopefully available in a month or two), it will be quite large, for the purpose of eliminating most (if not all) of these alerts to the user and still provide the highest level of security.
Hope that helps,
LM
Well, I have a problem with all those programs that wants to access the internet all the time for no apparent reason. CCC.exe is a legitimate program, but there is no reason for it to keep accessing the internet. It makes me think they are spying on me or something, or a malware could take advantage of it by hijacking ccc.exe.
I’ve already browsed through that page you’re linking to and I thought just following the installation tutorial would be enough. Also I found TCP, UDP and fiddling with IP too complicated and now it’s late…or rather very early.
Just when I was going to post this message I found my connection had died again. It seems the firewall is preventing my adapter to update the IP. There was no popup warning. I’m close to giving up.
This is most likely due to a block (one way or another) on svchost.exe (which is a system process used for getting & maintaining your connection). This block will either be direct: An Application Monitor entry, or indirect: A Network Monitor rule that disallows the type of connection required. We will know by looking at the logs.
Here’s what you can do:
First, check the Application Monitor for entries on svchost.exe; if there are some that show Block instead of Allow, change that. If there aren’t any, on to the logs…
Go to Activity/Logs.
Right-click and select Export to HTML. Save the file, then reopen it (it will open in your browser).
Find the time frame corresponding to the loss of your connection renewal.
Highlight the entries surrounding that time frame; if you’re not exactly sure, grab a few minutes on either side. Copy those highlighted entries, then Paste them into your next post here.
If your external IP address shows up (it will match the IP showing in the bottom-right corner of your posts) in the logs, you may mask/edit it with ‘x’ for privacy; please just leave the last section of numbers visible so we can see where there’s a match.
LM
PS: For the applications that constantly seem to do the suspicious connections, I have found it very handy and effective to create an application rule for each one, set to Block unconditionally. I generally set the Parent to Learn, but sometimes I Skip it. One user also reported that he went through the Component Monitor and removed all components that were obviously associated with that application.