comodo starts isolating windows components

hi, verclsid.exe and sndvol32.exe were moved to the sandbox. there was no further explanation, but both files are clearly part of windows xp, as far as i can understand. is there a chance some malware has tried to hijack windows components, and comodo detected that? or is there any possible way of saying whether comodo overreacted? i did nothing special, message just popped up.

[attachment deleted by admin]

It’s always possible that malware could have a part to play. Are both of these .exe’s still in the System32 folder?

If they aren’t in the System32 folder, they are definitely suspect. You can check the files out at VirusTotal and see what the scanners there think of the files. You can also submit them to Comodo Malware Analysis.

However, you didn’t get an AV alert, just a sandbox alert that the files aren’t recognized, which is odd. If you click on the number next to unrecognized file(s) observed in the summary window and do an online lookup, what is the verdict there? Are they still unrecognized?

even though i have javascript activated on this site, virustotal wouldn’t work. i just can’t send any file…!? the comodo-analysis is not instant, if i get it right? both files mentioned above are still located in windows/system32.

i just received a new comodo-message regarding a rundll-file. the verclsid.exe-file remains unrecognised, the sndvol32.exe was removed from the sandbox by me, mostly a reflex i guess. :slight_smile: the verclsid.exe though was created today at 5:48 pm. still, malwarebytes and avg won’t find any threats.

…jeeez! comodo sandboxed notepad that started when malwarebytes was finished to show the log. then comodo wanted to stop services.exe, dumprep.exe - all the xp-stuff. what is happening?? i couldn’t even save screenshots!

[attachment deleted by admin]

Can you show a screenshot of Defense + Rules (Defense + → Computer Security Policy) to see if there are rules for Windows files there?

there seem to be rules for windows system applications, but i cannot tell what.

attached more screenshots: from the crash including a zillion comodo popups last night, and what you requested.

is there any good reason for this to happen? if you track my posts on this forum, comodo firewall has been a real nuisance, making a lot of trouble. if this is normal shit i am just deleting it and try something else, it’s not like i have the time to tinker with basic security software all day long.

[attachment deleted by admin]

trying to remove my sd-memory card, where the last “screenshot” was located, hotplug.dll was identified as a non-identifiable file by comodo. wtf? every single dll or windows function is being looked at as a threat right now. can you imagine how hard it is to work on this machine?

Can you make sure that Microsoft is in the Trusted Vendors list? See attached image.

What were you doing when you got the alert for services.exe?

[attachment deleted by admin]

microsoft seems to be a trusted vendor.

for lunch i just started flatout2 to relax a couple of minutes. i had to allow the nvidia software package to make it work. i easily forget things, and forgot about this comodo-■■■■ again… if there is no apparent solution the software disappears into the realms of ■■■■ during the weekend.

modified: services.exe - i started mspaint to save the screenshot i had just made. it then crashed and up came comodowarnings about e.g. dumrep.exe.

[attachment deleted by admin]

You said earlier Notepad got sandboxed when it got started from Malwarebytes. That could mean Malwarebytes was sandboxed. Can you try launching Notepad and see what happens? Does it get sandboxed or not. Don’t forget to remove Notepad from the Unrecognised Files list first.

notepad was not in the unrecognised files list anymore, and nothing strange comodoish happened when i started it.

but i saw hotplug.dll was still unrecognised, so i tried out what happened when i put a sd-card in the computer’s slot. sd1 shows the card being recognised, sd2 shows the “remove card safely”-reaction.

[attachment deleted by admin]

i just wanted to check which week we are in by going to the system clock. after the comodo-attempt to block explorer.exe accessing a rundll-something, i get the message that i have no right to adjust the computer time. but i am admin and do not run any other users on this machine… an indicator that something serious is wrong, anyway? avg free and malwarebytes still don’t find anything.

today’s issues: avg needed an automatic upgrade to a whole new version. it wouldn’t upgrade as long as comodo runs, but running comodo applications cannot be closed the hard way either, firewall does exit though. see screenshots.

comodo crashes upon machine turnoff after i tried to install avg.

orange defense+ message when surfing shortly after a restart.

i changed the configuration from “proactive security” to “internet security” by right-clicking the icon down to the right. no change in appearance. :-TD

[attachment deleted by admin]

good morning comodo folks! whenever i find the time to do the exciting, relaxing work of finding a new firewall provider today, i still managed to be greated by some self insight of my comodo firewall application. still, it could find any faults with itself, and contains being a mongoapp with a yellow exclamation mark on it.

[attachment deleted by admin]

You need to reinstall comodo, something got corrupted and has wreaked havoc with it. That will be your fastest fix.

i certainly remember why i chose comodo to start with. :o :cry: i also saw parts of your sobering review of outpost, couldn’t finish because of bad internet capacity today (i live in the woods & use mobile internet in this house). i am not sure a reinstall of comodo will fix anything, and i don’t want to experience troubles during next week, which is busy. especially if there is no solution whatsoever to the problems i have reported here.

modified: i’ll try “privatefirewall”. here is a comodo review that i feel very much at home with. good luck with fixing comodo! :slight_smile:

I think I know the feeling. Nearly 3 weeks since my CIS odyssey began and everuy day something new to amaze me. Today Winzip. Yep. Apparently Comodo has never heard of it. ???

[attachment deleted by admin]

More likely that you are simply running a version of WinZip that isn’t in the database. You can submit whatever version you are using here.

Submit Applications you want to be made trusted here.

Probably right. But this kind of thing is going to happen frequently with CIS’s “known knowns” whitelist and anything else is a potential threat protection policy

I experienced the behavious the OP describes, the other day. Upon Windows boot, I had pop ups from D+ saying it could not recognize components. When that started, I noticed the CIS taskbar icon had a yellow exclamation mark, which indicated some problems with modules not loading correctly. That morning in particular, my computar had a very slow boot up, due to a USB conflict with certain hardware I have connected to a hub. I believe this slowness, cause CIS to not load correctly. I remember reading that when the interface or certain modules do not load right, CIS enters in a “paranoid” state. In order to fix this, I proceded to exit the program via the taskbar icon and re-open CIS with its desktop icon. Once I did this, the program appeared “green” with all modules loaded and Windows continued its boot up process.

I rebooted afterwards just to make sure (I also disconnected the offending USB hardware), and this time Windows loaded fast enough with no errors or pop ups from D+.

Just an idea here, that sometimes slowness in Windows response, can cause CIS to not loading properly, making it enter into Paranoid mode, causing all sorts of pop ups with each Windows file that loads.


thanks for the tip, but my hardware configuration has not changed in a year. i have a skype phone i connect occasionally, and a printer that is always on. that’s it.
whatever causes software to turn paranoid, if it is in this state and can’t be fixed unless one reinstalls it, the opportunity cost for the user are high when not trying something else. since my last post i use “privatefirewall 7.0” and except for its kindergarten-icon i am very happy with it. simply because it does its job, is not getting paranoid or trying to make me be it. it is a firewall, not a part-time job.

best regards and good luck with your product!