cfp.exe1 & cmdagent.exe1 files found in CFP

I was looking in my CFP install directory and found the following files:

G:\Comodo\Firewall\cfp.exe1
G:\Comodo\Firewall\cmdagent.exe1

why would these files exist along with the “real” executable files:
G:\Comodo\Firewall\cfp.exe
G:\Comodo\Firewall\cmdagent.exe

I found them when I was copying both cfp.exe & cmdagent.exe to BOClean’s Program
Excluder.

Just wanted to make sure that my CFP didn’t get hacked or something.

Best regards,
Jim

The .exe1 files are not standard and are not created dynamically (at least AFAIK).

Can you please submit these to virustotal.org for analysis. It would also be worthwhile submitting them to Comodo for analysis as well.

Please keep us posted with the results.

Ewen :slight_smile:

Hi Ewen,

I went to virustotal.org to submit the files and all I could find were “Sponsored Links”.
How do I submit a file?

Regards,
Jim

Sorry, I should have said www.virustotal.com

Ok, I ran all 4 of the above mentioned files through www.virustotal.com and got the same response for all of them …

Panda 9.0.0.4 2008.04.06 Suspicious file

Any idea what this means? Should I try to reinstall CFP?

Jim

Hi Jim,

Just a thought on something you could look at.On the two files concerned if you right click on them and choose properties then Digital Signatures does it say the files where signed by Comodo?
Also have you ever ran the diagnostics/repair function.

Regards

Matty

ps on a side note why where you putting these files in BOClean excluder

They both have a digital signature of “Comodo CA Limited” so it guess they’re ok.

I put the files in the in BOClean Excluder because it was recommended somewhere on this site.

Jim

You can also put the BOClean folders into the exceptions list with regards to Defence+/Interprocess Memory access.This will stop BOClean from constantly coming up in the logs for each CFPV3 executable.

To do this Defence+/Advanced/Computer Security Policy,right click on the Comodo v3 enrty and choose “Edit”.Next click on “Protection Settings” and “Modify” next to Interprocess Memory access.Click on ADD and then Running Processes(Assuming you have BOClean running).Highlight BOCore.exe and select and BOC425.exe and select then “APPLY” to close all windows.
You should end up with this

Regards

Matty

[attachment deleted by admin]