??? I have been following various threads and must admit I know very little about firewalls.
My problem is that CPF appears to allow my two email progs (Mailwasher & Thunderbird) access and then blocks them. Curiously after a period they may be allowed access again but not always, then only a shutdown and reboot helps.
Messages in the log as follows:
Date/Time :2006-11-22 17:45:22Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (MailWasher.exe)Application: C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exeParent: C:\WINDOWS\explorer.exeProtocol: TCP OutDestination: 217.77.176.15:pop-3(110)Details: C:\Program Files\Internet Explorer\iexplore.exe has modified the the User interface of the Parent application C:\WINDOWS\explorer.exe by sending special Window messages…
Date/Time :2006-11-22 09:33:49Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (thunderbird.exe)Application: C:\Program Files\Mozilla Thunderbird\thunderbird.exeParent: C:\WINDOWS\explorer.exeProtocol: TCP OutDestination: 217.77.176.15:pop-3(110)Details: C:\Program Files\OpenOffice.org 2.0\program\soffice.bin has tried to use C:\Program Files\Mozilla Thunderbird\thunderbird.exe through OLE Automation, which can be used to hijack other applications.
Any help would be gratefully appreciated.
Otherwise absolutely delighted with CPF.
I’m sorry but I don’t know, I haven’t changed any default settings for CPF, I have always ticked to allow Mailwasher and incredimail to access the internet when prompted.
Where do I look for the pop up and remember you refer to.
Thanks for replying, sorry I’m not understanding.
Mike
Double click the firewall sys tray icon. Click on security button.
First you can check in Application monitor if you have any blocks.
Then you can check the Component monitor.
When you try to use your programs, you can go to activity/logs and see if something gets blocked. If you see some blocks, but don’t know how to set up rules for them, you can right click and export as html. Attach the file to your post, or open it and cut n’ paste it in your post.
OK, checked and nothing is blocked.
The log shows the following:
Date/Time :2006-11-23 10:18:40Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (thunderbird.exe)Application: C:\Program Files\Mozilla Thunderbird\thunderbird.exeParent: C:\WINDOWS\system32\svchost.exeProtocol: TCP OutDestination: 217.77.176.15:pop-3(110)Details: C:\Program Files\Intuit\QuickBooks Pro\QBW32.EXE has tried to use C:\Program Files\Mozilla Thunderbird\thunderbird.exe through OLE Automation, which can be used to hijack other applications.Date/Time :2006-11-23 10:18:39Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (thunderbird.exe)Application: C:\Program Files\Mozilla Thunderbird\thunderbird.exeParent: C:\WINDOWS\system32\svchost.exeProtocol: UDP OutDestination: 192.168.2.1:dns(53)Details: C:\Program Files\Intuit\QuickBooks Pro\QBW32.EXE has tried to use C:\Program Files\Mozilla Thunderbird\thunderbird.exe through OLE Automation, which can be used to hijack other applications.
It would appear that Thunderbird is the culprit in some way maybe, I previously said Incredimail which was a mistake, I gave up incredimail for Thunderbird.
Is it possible to write a ‘Rule’ to prevent this.
I can be a known issue with “OLE Automation” that causes this. Comodo is working on it. (I hope)
It’s not just Thunderbird, but also Firefox and others.
If you get a popup that a program is trying to use Thunderbird, and you deny, you loose all connection with Thunderbird. Personally I usually get away with restarting the app, but sometimes I have to close both the program and firewall and then start them again. Some users have to reboot the computer… annoying yes…
The easiest thing to do, is allowing it without remember if you trust the apps.
Remember that you can get a popup that say that app1 is trying to use app2, but you have closed the app1 2 hours ago… ???
It seems to “hold on” to apps too long and it closes both instead of just one of them, and blocks them.
To get more popups you can go to security/advanced/misc and uncheck “do not show alerts for apps certified by comodo” and you can also raise the “alert frequency level” slider.
Thanks so much for your help, having this problem, and with your help, has pushed me to dig deeper into CPF’s capabilities and to gain more more understanding.
I do hope these niggles can be resolved by Comodo because this is a great utility.
Once again, thanks.
Mike
Here’s something that may help you, labelman; it’s been very useful for me, to stop the OLE Automation issue with closing your internet connection down… (this is to stop QB from using TBird)
Go to Security/Application Monitor, and click to Add a new rule. Browse to your QB executable (listed in your log report) for the Application. For the Parent, browse to TBird’s executable. Set it to Block. Click OK.