Comodo Firewall is blocking some of my programs!

I’ve installed Comodo Firewall since yesterday. But since then, I’ve been receiving all sorts of warnings from the firewall itself. One major problem I had with my Firewall is that I keep receive the following messages from several of my applications.

  1. “C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe has loaded tvtpwm_keyboard_hook.dll into firefox.exe using a global hook which could be used by keyloggers to steal private information.”

This problem had occurred in the following applications:
firefox.exe
msnmsgr.exe
IEXPLORER.exe

The above message pops up every time I wanted to view Windows Live Mail via Windows Live Messenger, and webpages using Internet Explorer and Firefox. Even now as I typed my message using Firefox, it appears every now and then.

  1. C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

This message appeared with the following application:
svchost.exe

  1. "C:\Program Files\MSN Messenger\msnmsgr.exe has tried to use C:\Program Files\Internt Explorer\IEXPLORER.EXE through OLE Automation, which can be used to hijack other applications.

This message appeared with the following application:
IEXPLORER.EXE

It usually occurred when I tried to access Windows Live Mail via Messenger.

  1. “C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe is an invisible application”

This message appeared with the following application:
AdobeUpdater.exe

It occurred when I attempt to update my Adobe Reader 8 with Adobe Updater.

All of the above are listed as High Severity.

And finally, I’ve being receiving a long list of “Inbound Policy Violation” and “Outbound Policy Violation” messages, which doesn’t pop up at all like the other messages.

What should I do to keep myself safe, as well as prevent all of these pesky messages from appearing? Hope to receive good answers soon.

For information, Lenovo T60 is my laptop’s type.

Hi ddestiny and welcome to the forums
I was a bit thrown when receiving these.
Here’s a link to ole alerts
https://forums.comodo.com/index.php/topic,4728.msg35532.html#msg35532
This one might help too.
https://forums.comodo.com/index.php/topic,6908.0.html

For myself I work on the premise that if I know both applications are safe then I allow. Any programs I don’t want connecting I add to the banned apps list.
I have found that any blocks of svchost.exe will result in internet disconnection.

  1. Basically it’s advising you that global hooks can be used for that purpose, not that the one from your program is doing that.

  2. I don’t know the program, it might need to use windows services (svchost) to operate.

  3. This alert is because cpf has noticed a new parent app for IE. When IE or any other program is launched from the desktop windows explorer is the parent of that app. If you clicked a web link in the email program cpf say’s, ok the email program wants to launch IE and alerts you. Next time the msnmsgr ones pops up tick remember and allow.

  4. Somewhere on the forum is a good explanation of invisible apps I’ll see if I can find it. I don’t see any problem allowing adobe updater. If you wanted to keep an eye on when it wants to connect just allow without remember and it will alert each time.

“Inbound Policy Violation” and “Outbound Policy Violation” This is the log file, these are the things that haven’t met cpf’s protection policy so they’re blocked.

The default installation of cpf will give all the protection most of us users will need.
How I keep myself safe.
Free Comodo Firewall, Free Comodo BOclean, Good Antivirus, SAS antispyware + 2 others, Spywareblaster for IE but most browsing done with FF, a good host file, an updated windows and a great deal of wariness. :smiley:

Hope this helps
Regards
Sullo

Sullo’s done a good job explaining those to you, ddestiny; hope that helps. I’ll add a little bit only…

https://forums.comodo.com/index.php/topic,6167.0.html This a compilation of several tutorials about various aspects of CFP/applications/rules, etc. The top post has links to each topic within the thread. You might want to read through the explanation of CFP’s layered rules; I think I address some of these things in there. There’s also an explanation for how to make the FW a “set and forget” application.

As Sullo mentioned, the blocked Inbound and Outbound violations in the logs are from the Network Monitor. Unlike some FWs, CFP does not give popup alerts for that; only for application-related things. So if an attempted type of traffic is not allowed by NetMon, it just gets blocked. You may find that you have a lot of one type of entry in there, that is taking up space, but obviously not needed. You can then create a new Block rule right above the bottom Block & Log All rule in NetMon, with no “Logging” set for it. That way the traffic is still blocked, but your logs are not as full. If you want to do that, we can go into more detail.

Hope this helps,

LM