confused by alerts

I’m having trouble understanding how to respond to many alerts. The manual doesn’t seem adequate. is there a better explanation somewhere?

For example, I just installed RoboForm. Comodo tells me, “…robotaskbaricon.exe has loaded roboform.dll into firefox.exe using a global hook which could be used by keyloggers to steal private information.” The all-red Security Alert at the top makes this sound dangerous. How can I know what to do with such alerts?

It’s also alerted me that winword.exe is attempting to contact the internet and that something awful could happen. I was using Word at the time, so it seemed innocent. Why would Comodo alert me about this?

Welcome sgensler,

CFP watches every attack to Internet from computer. So, the alerts is normal. About answers? They depend on the program that causes the alert and your trust to it.

I know nothing about RoboForm but normally, MS Word does not want to reach to Internet unless the document you open with it contains some links. If you click them, MS Word will go out itself or want to open browser. If you trust it and want to let, you can allow the request.

Hope this helps.

aXes

Agreed. The downside to security on the internet nowadays is that it has really become hard to come up with easy tools that do everything they need, while remaining simple and easy. Generally, the two goals are mutually exclusive.

So here’s the deal, Comodo Firewall will tell you about tons of programs that are connecting to the internet, how, and why. Comodo Firewall will tell you potential consequences of that connection. Sadly, it’s impossible to know exactly what will occur, so Comodo Firewall just gives you generic info.

This is actually a really cool feature. If MSWord attempts to connect to the internet, I’ll probably click on “deny”. Same goes for a media player, especially if I’m playing music acquired via “completely legal methods which in no way involve file sharing utilities”.

It all comes down to ONE thing. Do you trust the application? This is one of those deals where you have to decide for yourself what you want to do. In my case, I frequently deny aplications I trust. I do this because I can’t think of a legitimate reason why they should connect to the internet at that moment.

If you know that the company has a good reputation, then allow the app to connect. Click on the “remember my answer” box. You’ll never hear another alert again, unless the app tries to connect in a different way, which no legitimate program EVER should.

Mind you, I’ve seen legitimate programs do just that. It means that the original programming team for that program were a bunch of idiots. You should deny the application the ability, because the programmers shouldn’t be writing programs that way.

It’s your computer, and your net connection. The software you use has no right to dictate how and when it connects to the internet, over a connection you pay for, on a computer that you bought.

Here’s some more details about some of the alerts you may see…

These will mostly fall under Application Behavior Analysis, or ABA (found: Security/Advanced/Application Behavior Analysis). You’ll see there the types of things that CFP is monitoring.

Here’s the deal ~ a lot of these protocols are used by legitimate programs in legitimate ways, to communicate on your computer. For example, a COM/OLE Automation occurs when you link a table from Excel into a Word document. Now, if you were to create a similar connection to an internet-accessing program (such as your email client, your browser, etc), CFP will trigger an alert on this. The same applies for all these ABA aspects.

This has generated a lot of confusion amongst users that aren’t aware of these sort of computer issues. Comodo’s development team has stated that the criteria is basically as Cameron has given… if you know the applications in question, you may freely Allow the connection. Where you become concerned is if you do not know the application(s) in question. They further state that if both applications are on the internal safelist (and you’re using that - Security/Advanced/Misc/“Do not show alerts for applications certified by Comodo”), you will not see these alerts.

If you Allow (without checking “Remember”), it will be allowed for that instance only.
If you Deny (without checking “Remember”), it will be denied, and the application being used to connect with (ie, your browser) will be temporarily blocked (since CFP deems that your system must be compromised). Generally closing and restarting that application will resolve the connection; sometimes a reboot is needed.
If you check “Remember” with either Allow or Deny, you will create an Application Rule allowing the connection on a more permanent basis.

My personal experience is that you may see a lot of these types of alerts for some specific applications. I have had a lot of success in eliminating these by reading the alert, and creating a Block rule for the application/parent combination in the Application Monitor. Then after your next reboot, you should see a good reduction in those “offenses.”

Hope this helps,

LM

RoboForm is a one-click web form filler and password manager. It memorizes online passwords, fills login forms with memorized info

In short, Comodo is telling you that Roboform is working like it’s supposed to,
in this case fill in the logon info that you requested it to fill in .
In general you shouldn’t be concerned by alerts created by applications that you expect to
be running ( because you “asked” them to do something ), just allow them unless it makes no sense why they are trying to do something.