CPF UI font issue: am I seeing rundll32.exe or rundIl32.exe?

I’m sure others have noticed and mentioned this font issue before, but just in case…

For some reason I’ve been getting this alert a lot the past couple days:


As far as I can tell, there’s no way to be able to say from looking only at this alert if the file mentioned in the Security Considerations section is “rundll32.exe” or “rundIl32.exe” (with a capital “i” following the “d”). This in itself is problematic, because there is a trojan that uses the latter name.

Apparently this is due to the font that is used for the CPF interface. A capital “i” is indistinguishable from a lower-case “L.” (Ironically, it’s the same way on the Sophos website, at the link given above.) In my normal Windows system font, the two letters are easily distinguishable. This should be fixed in CPF, so that users aren’t inadvertently misled by the info in the alert.



Yes, you make a good point there - there are lots of viri with similar system file names, so initially at a glance it appears your are looking at a legit thing.

In the following thread: https://forums.comodo.com/index.php/topic,4612.0.html there is a request for the ability to change the font (and skins too). By default CPF will use a serif font, which would distinguish between i and I. So it is on the cards, and when the dev team get round to the GUI requests it will be done.


Wow, yes …, yes indeed. I have not seen that before and you point here a really dangerous bug “by design” (font design, source of security issue !). I think CFP is not alone facing this kind of problem, there might be others software in the same case.



I see this is no longer an issue with the version 2.4 release. Many thanks to the developers! :slight_smile: