D+ event ... services.exe modifying registry key

Hi

I am new to this forum but recognise the talent in the pool.

I see the Comodo summary showing a number of suspicious attempts blocked by D+ each day and in D+ tab I see a lot of events relating to services.exe modifying registry key, ie…
services.exe …modify key…HKLM\SYSTEM\ControlSet001\services\BITS\start.

My question is… does this represent a security issue? Is D+ acting in a valid / appropriate way or should this action be allowed? If so, how and why?

Thanks!

Any views or advice on this topic please? Thanks…

…D+ logs a number of suspicious attempts blocked by D+ each day and these events relate to services.exe modifying registry key …services.exe trying to modify the key HKLM\SYSTEM\ControlSet001\services\BITS\start.

My question is… does this represent a security issue? Is D+ acting in a valid / appropriate way or should this action be allowed? If so, how and why?

D+ logfile entries as below… any advice? Please?

Date/Time Application Action Target
15-Dec-09 8:27:54 AM C:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\services\BITS\Start
15-Dec-09 8:28:07 AM C:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\services\BITS\Start
15-Dec-09 8:35:43 AM C:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\services\BITS\Start
15-Dec-09 10:37:28 AM C:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\services\BITS\Start
15-Dec-09 10:37:55 AM C:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\services\BITS\Start
15-Dec-09 10:47:55 AM C:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\services\BITS\Start
15-Dec-09 10:57:55 AM C:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\services\BITS\Start
15-Dec-09 11:07:55 AM C:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\services\BITS\Start
15-Dec-09 11:17:55 AM C:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\services\BITS\Start
15-Dec-09 11:27:55 AM C:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\services\BITS\Start
15-Dec-09 11:37:55 AM C:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\services\BITS\Start
15-Dec-09 11:47:55 AM C:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\services\BITS\Start
15-Dec-09 11:57:55 AM C:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\services\BITS\Start

Are you on windows 7?

Yes, Win7 Professional (64 bit)…

If i’m right BITS is a legitimate system service named Background Intilligent Transfer Service. It should not be blocked by Def+. If You do not trust this system service, it can be switched off with the help of Windows Control panel applet.

To get rid of Def+ block rule for this service:

  • backup current Comodo config: main program window > Miscellaneous > Managing config > export config which is active;

  • then: main program window > Defense+ > advanced > Computer security policy > locate entry %windir%\system32\services.exe > Edit > access rights > protected registry keys > modify > blocked exceptions > delete corresponding entry (HKLM\SYSTEM\ControlSet001\services\BITS\Start);

It should be allowed.

read this please.
https://forums.comodo.com/defense_help/servicesexe_is_blocked_every_time-t46548.0.html