Clear permissions?

I have been having problems trying to figure out what to allow and what to deny. It got to the point that it was interfering with my email delivery. I disabled the firewall and promptly was infected. I am in the process of getting rid of the malware.

Is there a way to clear the cache of the rules I have set up so that I can start with a clean slate? I would rather not uninstall and reinstall to do that if I don’t have to.

Also is there somewhere I can go to get a better understanding of what to allow and what to deny? I click on the Icon to see what is advised, but most of the time it doesn’t make any sense because I am not trying to access anything and I still get a pop-up asking permission.

Help please.

Thanks

Welcome to the forums, StilettoRed (:WAV)

Actually, I think that uninstalling and reinstalling is the fastest way back to a clean slate. The only other way is to manually clear out all the rules from each Monitor (which is tedious, as there’s no automated way to do it), Apply the changes, and reboot. I’ve done it, and it takes some time…

Keep in mind a few things, tho:

You want to make sure your system is clean, first. Otherwise, the component monitor is going to give you a lot of prompts, and you can’t guarantee if one of those components is not a malware component. As you said, you don’t know what’s safe and not. Once you’re clean, and reset everything (whether by reinstall or manual removal of rules), set the Component Monitor to “Learn” for a few weeks, until you have run pretty much all your applications. The turn it to “On.” From that point, every time there’s a change (such as thru an update or a new software installation), you will get a popup about components/new library.

If you reinstall, run the Application Wizard (Security/Tasks/Scan for Known Applications); follow the prompts, reboot. Make sure that under Security/Advanced/Miscellaneous, the second box is checked, “Do not show alerts for applications certified by Comodo.” If you want to keep your popups to a minimum, keep the Alert Frequency slider set to Low (or no higher than Medium).

Hope this helps. If you have any other questions, need clarification, etc, just ask.

LM

I uninstalled and reinstalled and everything has been set as you directed.

I continually get pop-ups for parent directory labeled PDesk.exe. Company unknown. I have been ignoring them. Should they be allowed or denied? What is the indicator that would lead to that decision?

Thanks

For PDesk.exe I have found a couple options by “googling” it. If you have a Matrox video graphics card, their software includes an interface called PowerDesk; pdesk.exe is the systray icon’s executable for that interface. If it is legit, it should be found at c:\windows\system32\pdesk\pdesk.exe. Apparently it is very useful if you do a lot of gaming, to quickly access graphics settings; otherwise it is probably not needed and can be removed from the startup.

Another option (which would make a lot of sense in this scenario), is software (also called PowerDesk) by V-COM. This software is a file management system; in essence, it replaces the Windows file management, which is explorer.exe (not to be confused with Internet Explorer, or iexplorer.exe). If you have this software installed, any program you open from a desktop icon would have pdesk.exe as the Parent Application (without such a program, the Parent in that scenario would be explorer.exe).

Those were the only two viable results I got for legitimate software. The Matrox video card was the most common response; the V-COM software seems an easy answer for the question at hand.

Do either of these options fit?

LM

Thanks for the response.

I am not a gamer, but I do have Matrox cards so that must be the answer.

If I have future questions, I will Google first.

Thanks again.

No problem. I wasn’t able to easily find exactly what the Matrox version did, other than provide an interface to graphics settings. It may be that it interfaces with the desktop in some way (the name, after all, would seem to indicate that…), which could cause it to be the Parent. If you go to the Matrox website and look up your specific card, you can probably find out more info about the application/drivers for pdesk, and what/how it works.

Everything I found said that if you’re not a gamer, it’s not really needed and can be deactivated. If you want to remove it from the startup, but don’t know how, I’ll be happy to walk you thru that.

LM