I wish Comodo PF was a bit more relaxed in terms of its Application Behavior Analysis.
I develop software, and while testing a small project that queries disk space at a point I ended with a warning popup telling that my app is acting suspiciously when I opened Internet Explorer.
The only APIs that could raise a warning are related to querying disk usage and putting an icon on the system tray. The latter could be the culprit since it modifies explorer’s UI, but putting an icon in the system tray is hardly suspicious.
Date/Time :2007-03-05 02:36:07
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (iexplore.exe)
Application: C:\Program Files\Internet Explorer\iexplore.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: XXX.XXX.XXX.XXX::http(80)
Details: L:\Projects\fd\fd.exe has modified the the User interface of the Parent application C:\WINDOWS\explorer.exe by sending special Window messages.
Is CPF is monitoring all APIs or only a subset? I wonder because on more complex projects CPF will give a lot of warnings and knowing in advance would help to educate the end users.
Cheers