Comodo Secure Shopping: Detected a remote connection

Hello
I tried to use Comodo Secure Shopping and Comodo categorically did not recommend that I hold a session because a remote connection was detected. This connection created a risk.
I have a question.
Why can’t I find out the details of this problem?
Why can’t COMODO Internet Security prevent remote access to my computer?
Comodo Secure Shopping Closes this remote connection?
Thank you

Hi Вавилон,

Why can't I find out the details of this problem?

To find what caused the remote detection alert, please share the snapshot of the registry entry
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ComodoGroup\CSS\remote from registry editor.

To go Registry editor, please search regedit in Run application(Windows key + R).

Kind Regards,
PremJK

Thanks PREMJK
The remote access problem is not always registered Comodo. Sometimes this is a problem, and sometimes it doesn’t. Among other things, I’m using CTM that doesn’t allow me to save my registry data. If I roll back to the previous snapshot.

I can share a registry entry at this time-but I can’t vouch for remote access data to be up-to-date.
The registry path was so
Hkey_local_machine\software\comodogroup\css\remote

I promise you, when Comodo detects remote access, I’ll immediately save the data from the registry so I don’t lose it and share it.
I’ll wait for your recommendations.

You can also check %ProgramData%\COMODO\CSS\verbose.log if it exists.

Unfortunately, the specified path-no such file was found

Hello
A new remote connection was detected today.
It all started with the fact that Comodo discovered a new network when I brought the laptop out of sleep. I was very surprised by this fact. The laptop has a weak antenna to catch the connection with other routers. Is the access a new router and even with unsecured access?
The check showed: the connection is still being made through the Tenda router. No new access points were found.

This circumstance made me think. The thing is that the day before I read about a very non-conventional attack “bad doppelganger” is when the attacker replaces the address of the router to its own address to redirect the connection and decrypt it. Although I may be unduly complicated… When I remembered this case, I suspected bad things. Comodo Secure Shopping was launched and exactly-a new remote connection was detected.

This time I knew what to do
The analysis of the verbose. log file and the Remote registry branch showed: The program that is responsible for the remote connection is called: autoit3. exe

I installed this program myself, because I started to study programming a bit. AutoIt allows me to write and test simple scripts.

What has been done.

  1. Discovered new network-added to the list of blocked
  2. autoit3. exe-blocked Internet access

But I still have questions

  1. Where did the sculpting network come from?
  2. How does autoit3. EXE participate in remote management?

ps
I’m sure-Comodo was not mistaken. Remote control-was installed. There were other signs-indirect.

Thank