Constant protected registry key modification

i have been leaving comodo on paranoid mode and custom policy and blocking all of the modify protected registry keys (im not even sure what those are, or if they are supposed to happen every time you run an application or not, but mine do.) i get about 3-4 modifying keys allow or deny prompts opening every application. ive been trying to learn what is important to allow and what isnt and potentially bad… to me it seems that if an application still works after you click deny, it should not be doing what its doing.

anyways, its gotten much worse now. earlier today i lost permissions to my download folder. for some reason it wont open executables any longer. no matter where i save to in firefox. however for some reason i managed to save something in comodo dragon. i rebooted to see if this could be fixed… now when i open an application i get chrome or dragon wanting to modify A BILLION systemcertificates and system policies and nonstop etc. it seems its trying to modify every protected reg key related to microsoft policies that exists… i have been like i said, leaving it on paranoid mode and developing a custom policy but i cannot even click through all of the key modifications anymore. There are dozens, hundreds maybe. The only way I’m still able to use a browser is to let it treat it as a ‘trusted application’ and just let it ■■■■■ with whatever its doing.

any ideas? I really wish there was a way to know when a specific application is accessing a file or creating a file or modifying a protected key whether or not that is ok or not. I guess you just have to guess?

When you launch Dragon or Chrome, it is normal behavior that the access registry keys related to certificates. They need to check the certificates stored by Windows.

I edited my post to make it sound a bit more relevent to comodos functions…

but the thing is my applications are accessing and modifying far more keys than they used to. it is going into literally dozens upon dozens. and they are all windows/system/permissions windows/policies… etc. i realize that one or two may be normal behavior but surely over several dozen key modifications dont happen every time you run a program. the same behavior is now happening with several other programs i use. including other browsers, msn and others

also, there are some times that another browser seems to want to open automatically. like just now as ive been on this page, i got a allow/deny to let dragon open another dragon, and then another one. I realize it does that if you view some plugins or navigate to a new page with new ones, but I have just been on here!! Does that sound like a remote user accessing something? I just wish there was a way to know what is going on

When Dragon is launched, it needs to access +/- 70 registry keys related to certificates. So if you are running HIPS/Def+ in paranoid mode, you have to allow with “remember my answer” the requests otherwise they will come back at the next launch of the browser.

In the HIPS/Def+ rule for Dragon, you must allow Dragon.exe to run Dragon.exe as an executable and to terminate Dragon.exe. If you don’t, you’ll receive a popup each time dragon.exe needs to “access” himself.

If you want to use Paranoid mode you have to expect a lot of alerts for registry entries :slight_smile:

Screenshot below, also I have used wildcard entries for some otherwise you continue to have alerts all the time.

Added screenshot for wildcard entries.

[attachment deleted by admin]