Constant Popups after Thunderbird upgrade

I just want to report that I am receiving popups of Crypto Signature changes EVERY start of Thunderbird since updating it. I have cured it by removing the entries in the app monitor. Iam reporting this as it is not a nice behavior for a newbie to have to deal with. This is with the 23562 release BTW.


Hi Brian

I’m not sure if this is the same thing. But, the following is something I posted to someone else with this issue after updating TB…

I've just updated Firefox & I'm getting lots of pop-ups as well. They look the same.. But, if you look carefully they are subtlety different. Since I have the "Monitor COM/OLE automation attempts" & "Monitor DLL Injections " options on, CPF is, correctly, reporting each component that interacts in an COM/OLE-DLL-Injecting way with explorer.. the parent of [i]whatever[/i] (Firefox in my case, TB in yours) because [i]whatever[/i] has changed. I just updated it. I wonder if perhaps, you're seeing the same thing.. HTML export your log & have a look at it (it's much easier to read in that format). Are all the pop-ups (and their associated log file entries) actually the same?

… what do you think?

The popups I received were the same ones every time I restarted Thunderbird. The popups were ststing the the crypto signature of the file had changed. This was true, but CPF kept up the popups. Iwas able to remove the Thunderbird entry in the application monitor. It then popped up once, and has not since. I did not receive one popup after upgrading Firefox.


Had and made the same here.

I think CPF has a real issue with updated apps. I’ve just had to do “delete all entries for that app and start afresh” for both firefox and iTunes.

What OS are you using Brian? I ask since there is currently a problem where CPF drops log entries on a reboot. Where as, it doesn’t if CPF is manually halted. I’m just wondering if this might also apply to CPFs crypto-sigs.

If any one still has this problem, then they can put that to the test. Manually exit CPF before your next reboot and see if that resolves it.

The problem is that the CPF correctly detects that the hash (checksum) of the binary previously allowed has changed.

Such changes are due to two things:

  1. Upgrades (in this case)
  2. Viral infection/trojan

If you are certain that this is a case of 1, a temporary workaround (until Comodo ships an update with the correct hashes), is to open the comodo firewall control panel, click “security”, “tasks”, “Define new trusted application”, and browse into the binary. In this case Thunderbird.exe (usually found in “C:\Program files\Mozilla Thunderbird\thunderbird.exe”).

While you’re at it, you might aswell include the updater too.


I am running XP-Pro SP2. This was really the first issue I have had, and it has not been repeated by other installs or upgrades. All my added firewall rules are working. I am really a happy camper.