That’s really disturbing! You say some applications are able to access the internet without your permission. Which ones? Does Comodo give you the expected pop-ups for most apps?
I contacted COMODO support, and was asked to install the GeekBuddy support software on my computer. I installed the software, and was connected to a support agent - who without asking what the issue was - requested permission to check the registry, temp files, and event log. I complied, and let the agent check those areas of my computer. The agent stated that my computer was heavily infected with spyware, and in critical condition.
You must understand at this point that I am no stranger when it comes to the Windows operating system, and proper security practices. I was very “shocked” to know that the Service Control Manager logs contained in my event log are a sign of spyware. These entries are perfectly normal, and state when a system service has started, and stopped. I do not interject with my opinion and instead simply play along.
The agent proceeds to tell me that it’s extremely important that I remove this spyware from my computer as it greatly compromises my system security. I interrupted, and asked the agent about the issues I am having with the COMODO Firewall allowing all in/outbound connections, but he/she could not answer the question, and instead insisted that we should resolve these spyware issues today. I ask the agent how exactly we can do that, and I’m told that the removal service isn’t available to me unless I am a premium customer. The agent then told me about a “special promotion” that is available to me today only, how lucky! I respectfully refuse, and thank the agent for the offer but instead insist that I am here to resolve the issues with the firewall, and not the supposed spyware. He/she then offered to connect me to their manager so that I may be given a “special discount”, and I again refused, citing that I was unsure of the amount of available funds in my bank account for the day, and would have to call the bank at a later time. The agent insisted that I do that immediately as this issue puts my data, and private files at great risk.
I am no stranger to these types of technical support services. I often prefer to play stupid so that I may evaluate the knowledge of the person assisting me. I am appalled by what I experienced today, and feel that I was taken advantage of as a customer. My computer is free of malware - this I know for sure. Had someone with little knowledge about their computer been placed in this same position they probably would have spent the money, and purchased the COMODO software.
Forgive me for any hostile undertones detected in my message. I am simply outraged, and disgusted by this business practice.
I feel your pain. I’ve never called Comodo support, but I’ve certainly had experiences like that with other tech support and I’m disappointed to hear Comodo gave you that kind of treatment.
I also hope events from Service Control Manager aren’t definitive evidence of malware b/c the PC I’m at now has had 30 in the last 24 hours and I’m pretty picky about what I run on it. It’s never had access to the internet w/o Comodo Firewall being active and I even keep JavaScript disabled (I fire up a VM on the occasions I have to deal with a website that requires it).
The events you are seeing are more than likely the entries left by a service when it enters the started, or stopped state. If that is indeed the case, that is perfectly normal.
Well I can’t say that’s the first time I’ve heard such things about Geekbuddy. :-\
Did EMET turn out to be of influence or not?
Do you run another security program that runs in the background? Are you running Avast AV with webshield enabled?
As always make sure there are no leftovers of security programs you had installed in the past. A possible left over can cause all sort of “strange effects”. Please run clean up tools for all security programs you had in the past. A list can be found here at the Eset website: ESET Knowledgebase .
What happens if you tick “filter IPV6”?
As you should, because win 7 has IPV6 enabled, in contrast to xp.