Hi folks, I recently noticed CIS D+ logs growing at an out of control rate and really all that is filling them now is TrojanHunter v5.0build962, THGuard.exe, blocked access memory, target: comodo\firewall\cmdagent.exe
I have added TH with whatever permissions I could find everywhere in CIS, including adding Mischel to my trusted vendors.
Literally thousands of access blocks a day happen- oh wait, scrolling down the list I see it is doing the same exact memory access block to another program running, cBOC v4.27
Please tell me how to keep D+ from blocking these desired actions of TH and BOC, I am out of gas running in circles and trying things with no progress to show for it.
Hi redleg,this is a case of the protection module(Defence+) protecting itself from being accessed by another process/application.
You can solve the problem with the logging by putting these .exe`s in the exclusion list for Comodo Internet Security. Only do this if you totally trust these programs
First from the main Interface select Defence+/Advanced/Computer Security Policy/Now find the entry Comodo Internet Security highlight it and select “Edit”
In the new window click on “Protection Settings” then on “Modify” next to “Run an executable”/Now click on “Add” and from the drop down choose “running processess”
Now double click the processess involved(eg THGuard.exe) and it should appear at the bottom of the exceptions list. APPLY to close all windows
heh, yeah I trust Magnus with TH and Kevin with BOClean. I do wish this was a bit easier to set though, perhaps a nice popup for rule/exception creation for security software designed to do these memory accesses IOT effectively scan for trouble. I fear D+ may get in the way when something critical occurs, conflicting when it needs to wait it’s turn or pop up asking for advice.
anyways, I mislabled this post to say CIS, I suppose since I only installed with PFW and D+ my program is actually Comodo Firewall v3.5.54375.427 (with D+, but no toolbar, no AV, no other bundles, etc)
which seems to make a difference in how to get it done based on your advice. Going to D+/advanced/com secpol/
I can only find Comodo Firewall Pro as application name (no CIS), with the easily offended cmdagent.exe listed as a subordinate to CFPro. CFP has a “Treat as” line of Custom Policy, highlighting CFP and selecting edit/protection settings gives me 4 protection types to choose from, Interprocess memory accesses (Yes), windows/winevent hooks (No), process terminations (Yes), and windows messages (No).
Since it was a memory access block I hit modify for interprocess memory accesses and added THGuard, BOC427 and BOCore.
Seems to work as TH and BOC are not in the logs for the time it took me to type this- which is good
Yell if I mucked that up somehow. Thanks bro. :-TU
