Hi everyone, I’m a new user and a 1st poster so please bear with me as I’m still in ‘learning mode’. FYI, I’m using the free version of Comodo with Anti-virus.
Up until last week everything was going great, then I installed a charting program called Trade Navigator which has been trying to access part of my pc it clearly should’nt. During the installation Comodo alerted me to 2x unknown malware detections which I quarantined. I thought that would be the end of the matter, however Defence+ has picked up a series of events such as; TradeNav is directly accessing keyboard …TradeNav installing global hook …explorer.exe accessing TradeNav etc. I already placed TradeNav.exe in the ‘my blocked files’ folder which effectively blocked it off, at least for a few days anyway, however it has managed to gain access to my keyboard again this morning and create a global hook whilst blocked, at least it looks that way to me. TradeNav has also tried to access Com Interface, and svchost.exe has tried to access TradeNav, all whilst TradeNav was locked down in the ‘my blocked Files’ folder. Whatever is causing this seems very determined, oh dear. As I use TradeNav regularly I would rather not un-install it so I was wondering if the more experienced users knew of a solution I could apply via Comodo ? Oh and, the install CD came straight from the vendor. It was not a third party download.
I was going to post the HTML file of these events to give a better idea of what I mean but it’s very lonnggg. Is there somewhere I can send the HTML table for anaysis ? Without making my post 10 feet long ?
Can you show us a screenshot of the D+ logs?
Hi Omeletguy, that’s what I thought too ;D It was supposed to be a thumbnail but it didn’t quite work out. Still trying…
That is way to small lol ;D
Hi Eric, and thanks for the reply.
I can’t seem to get a screenshot loaded so here is a direct link to the image;
The sheer fact it accesses on places that may indicate malicious behaviour does not mean Tradenav’s behaviour has malicious intent. Assuming Trade Navigator is a regular program with no malicious intentions I would suggest to take it out of the blocked files and allow it to do its things. You can either make it a Trusted application or allow rules as you go.
Putting Tradenav in your blocked files does not stop the program from doing things. The blocked files prevent other programs and user to access the files that are in Blocked files. This is what the Help says: “Defense+ allows you to lock-down files and folders by completely denying all access rights to them from other processes or users”.
When you are using the default Internet Security mode then "Computer Monitor/Disk/Keyboard/DNS Client access/Window Messages are NOT monitored. " and “Only commonly exploited COM interfaces are protected.”.
I hope I cleared up some for you. Let me know if you have any more questions or where things are not clear in my explanation.
I see. I think the reason I went on the defensive was because Comodo picked up 2 malware detections when I was installing TradeNav, so I thought it prudent to look into it a little further. It seemed strange that a software program would want to access my keyboard, but I’ve discovered since then that it was likely something to do with the programs hotkey function. I realised this after installing another program since then that tried to do the same thing, only difference was the 2nd program advised it wanted to enable the hotkey function, whilst TradeNav didn’t. I had heard that malware sometimes tries to imitate trusted programs and thought it worthwhile to check it out …just in case.
Thanks for your help in clearing that up.