CFP Component Monitor "Q"

I was browsing with Opera today and CFP popped up an alert asking to approve ntshrui.dll for Opera to use. I did a brief internet search and found only a little about the dll file. The file is for sharing and I do not make use of sharing on this PC so I set the component monitor to block the dll file and after that Opera was being blocked completely from connecting to the internet completely by CFP. I have application rules set for Opera to connect but, as long as the dll file is blocked by the component monitor CFP will not allow Opera to connect. Is that file safe to allow even when the user does not use sharing? T/I/A for any replies/help.

Nah it should be cool. I got that in my component monitoring too. Just make sure its from microsoft when you look at it in the component rules.

Okay, will do that. I was looking through the list of allowed components and I noticed that 3-4 files that have to do with remote connection are allowed, I also blocked them and found that when they are blocked CFP will not allow my PC to access the net. The browser will say “unable to connect, can’t establish a connection to the server at”. I should not have to allow remote access files if I do not use any remote access should I?

Well I’m not sure that they would actually have anything to do with remote connection but If you gotta allow them or else not be able to connect, then so be it. :slight_smile: I’d just be careful about what company/version they are. I see you got the component control set to “on” . I was just thinking about that and I know the earlier you turn it on, the more components you will have to verify but some people like to check everything from the start. The only hting I dont like is that you can’t remove all components for relearning if you would want to. You have to remove each one individually that you’d want to relearn.

These are the remote access components that I mentioned:

rasadhlp.dll(remote access autodial helper)
rasapi32.dll(remote access api)
rasdlg.dll(remote access connection dialog api)
rasman.dll(remote access connection manager)

They all are Microsoft but, still I do not like the sound of this… remote access can be used to remotely access a user’s PC… not something I would like to allow ever. I do not get why these components would need to be allowed in order for my PC to access the internet.

I did have the component monitor set to “learn” but, since I ran all of the applications that I would be using I thought that CFP would have learned all of the “safe” components by now. The remote access dlls were allowed during the “learn” setting but, somehow I do not think that this is correct. I would think that the only time any of those remote components would need to be approved for use is if a user is making use of remote access connections to his/her PC.

I hardly use Internet explorer but alot of these components are requesting approval because of IE. checks Yep I have had leaning mode on pretty long this time around. Open up IE. come to comodo website and what do you know ?.. More components that need approval, hehe. I use Opera mainly also… I recommend that no one uses IE. and replaces with something else but thats like asking all kids to eat their veggies Lolol. I have alot of the services like remote access (to anything) turned off so It should never affect me unlessI slip up. :slight_smile:

Ehgreg, thank you for the reply. I am wondering, do you know for a fact that those components are supposed to be in use? Or could this be a sign of hidden malware hijacking/dll injection? Please do not think that I do not appreciate your responses but, I would like to know for sure that this is normal where those components actually are needed in order for a PC to make a connection to the net/get a IP assigned before I just quit worrying. I called Microsoft thinking they could verify that those components are supposed to be in use even though the PC does not use remote services and they would not even answer any questions unless I paid for tech. support… that is ridiculous! If I remove those components from the list and reboot, then connect the PC to the net CFP prompts that svchost needs to have those components approved for use in order to allow my PC to access the net. I know that svchost is what allows me to have net access but, for it to make use of those remote services components does not seem right. That makes me suspicious of a malicous remote connection like the behaviours of a back door or something. CFP even warns that it could be a “dll injection” but, it is up to the user to make that call on if it should be allowed or not. I have BOC installed but, from what I read there are some trojans that it did not detect. The way I understand it that there are many PC out on the web that have full patches and security protection where it is remotely controled and the user would never know becuase there are no visible signs of a infection.

I just went to look in the Firewall logs to get the exact description of the alert about svchost and the stinking log was cleared on it’s own… is that supposed to happen? I thought that the log is only cleared when the user chooses.

Ah yes, the things us windows users have to put up with. Sometimes you just gotta research alot of things on your own (no help from the so-calld MVPS, etc… ) There is a little download called that you can use for free. Alot of little things you can do to cover your worries. I can’t really recommend another behavior blocker or H.i.p.s application because I haven’t tried hardly any alongside comodo 2.4… :slight_smile:

Thanks for the link. From what I read on the site the program is interesting, I will give it a try. I am hoping that CFP V3 gets a release version soon. It will have H.I.P.S. built-in.