robotaskbaricon.exe is appearing hundreds of times in my Defense+ Events. I’ve read elsewhere on the forum that’s because the file is legitimately checking for keyloggers. Fair enough, and understandable why Comodo block it. However, I want to override that behaviour not least so my log doesn’t get cluttered up and I can see other potentially harmful events.
So I went to Defense+ → Computer Security Policy → robotaskbaricon.exe → edit → Customize → Modify (Interprocess Memory Accesses) → Add (D:\Program Files\COMODO\COMODO Internet Security\cfp.exe)
But still the entry appears in the logs. What am I doing wrong?
Thanks for that help - it seems to have worked. So, to clarify the general principle, when over-riding “Memory Access” events, you edit the “Target” and place the “Application” in the exclusions. This seems the opposite of how you would treat other events where you would edit the “Application”.
Not quite, for CIS’s processes this is Interprocess Memory Access under Protection Settings. CIS has certain process protections enabled (memory & terminate) for self-defense, which not many processes do. So, in this case, you’re allowing a certain process (robotaskbaricon.exe in your case) to bypass this protection for CIS’s processes and gain access to CIS’s processes memory. The logic, on first glance, does appear to be reversed, but it is very different from what you tried initially. See Protection Settings and the bottom of the Help page.