Hello,
Today after I boot my pc and I noticed that Comodo blocked services.exe to modify file that belongs to Application Event log(C:\windows\system32\config\appevent.evt).
Now my Application event log file is corrupted.
I uses train with safe mode. I didn’t change any setting recently.
and it’s NEVER happened before.
Should I worry about this?
Thanks very much in advanced.
You say your using train with safe mode. Is that for D+ also? Look under D+ events and see what is blocked. Also go to D+\Advanced\Computer Security Policy and look and see what is blocked. It is possible you clicked block to an alert when you should have clicked allow.
Thanks for replying.
But there were no any system processes like service.exe in the Computer Security Policy List yesterday…
Comodo suddenly add those into Computer Security Policy today. (service.exe and csrss.exe)
Today I turn off cmd.exe, Comodo also pop-up a learning says that csrss.exe close cmd.exe.
Really strange, are there default rules for Windows system applications in Computer Security Policy?
Hi mate,
This seems very strange,how did you close down cmdagent.exe?
This should be the default for Windows system applications.
Matty
[attachment deleted by admin]
Thanks riggers. I am at work now where I do not run Comodo on my work laptop but that is the screen shot I was going to post.
Thanks for helping,
No, not the comodo’s cmdagent.exe, windows’s cmd.exe
I closed the cmd.exe and comodo says learning “csrss.exe terminated cmd.exe”
(I use cmd.exe to check netstat)
Also thanks for the rule screen shot…maybe I accidently deleted them.
(R)