Comodo Firewall 2.4 fails P. Keylogger activity detection

CPF doesn’t alert the activity of the Powered Keylogger ( latest release.

Pls check it out and solve a problem.


CFP isn’t designed to detect keyloggers yet. Wait for version 3 with HIPS.

CFP isn't designed to detect keyloggers yet. Wait for version 3 with HIPS.

thank you for info, it’d be really great!

p.s. besides the mentioned keylogger is designed to send the logged words. if our firewall fails to detect its activity so who can then assure that it cannot successfully transmit the stolen data out?

I didn’t see Comodo mentioned in the list…

However, soyabeaner is correct; as a firewall, it is not designed to detect the presence of a downloaded/installed keylogger - that would fall more into the HIPS category.

However, as far as it sending information outbound via email, that would depend on what changes you have allowed. I see that the Powered Keylogger is a driver-based software, but they didn’t say how it was going to send the information. Here’s a few scenarios:

  1. If it uses its own protocol to connect to the internet, CFP should alert you of it, as long as you have Alerts, Application Behavior Analysis, and the various Monitors (Network, Application, Component) turned on. And that you haven’t changed the default rules, nor added a rule to allow the keylogger application.

  2. If it uses an existing email client (such as Outlook Express, Thunderbird, etc) to send info, it will have to load its components into OE; when OE tries to connect, CFP will alert you. Again, as long as you have Alerts, ABA, and Component Monitor turned on.

  3. If it uses the system (ie, svchost.exe, explorer.exe, system.exe, - or something else entirely) components to send info, again, it will have to load its components into those, and CFP will alert you.

  4. If it uses your browser (such as Internet Explorer, Firefox, etc) to connect and send info, again, it will have to load its components, and you will be alerted.

The key thing in all these scenarios is not to disable any of CFP’s protection settings, and to pay attention to the popups you get. Don’t just click Allow and go on (even if you don’t select “Remember”). If you are not aware of a reason why the application should have changed, you need to Deny and check out what’s going on. Good security always requires user interaction… :wink:


Folks, read about it here. Now I remember where I knew about this :slight_smile:

:-\ I am confused a little about this “keylogger” thing.
The firewall is suppose to prevent unwanted connections to and from the internet.
It should not prevent programs from running. That is what the virus and spyware scanners are for.
Please do not go the way of Zone Alarm.
I do not need an over bloated system pig, I just need a nice clean firewall. So far, Comodo is doing a very good job on my system.
If you are worried about keyloggers, then worry about ANY game that you might have that connects to the net. From what I have seen, they all contain a keylogger or hook. But a good firewall will see the connection attempt and identify it. If you do not allow it, then you are safe. Use a spyware or virus scanner to clean it out. There is also registry repair/cleaners that can help if you are an advanced user.
But, just denying the connection is usually good enuf. That is what a good firewall does.
Comodo is a good firewall.