D+ Misrporting certain permissions?

For some reason sometimes the D+ will be telling me “for example” that the MMC want access to a file on my G drive when i was executing Computer Management… now i have executed this before hand on a fresh install/boot on the highest settings of D+ and confirmed every action. Now why would D+ be reporting that its accessing some file on a different drive? especially when its just launching MMC for computer management. Reason this concerds me is that file was indeed a malicious file “no it was not actually executed” which i was analyzing “and no open program or process had the file loaded into memory or anything”. So why is D+ reporting these things? there has also been times that the D+ would tell me something like Pidging or Mirc would access everything else in memory as well. once again “my pc is not infected and these are legitimate programs as ive checked the MD5 of the .exes and what not” this is all done off a fresh format not too long ago.

currently on x64 win 7 but have seen this happen on 32 bit and xp as well. this is also on the proactive maximum settings when installed as well.

this is what im talking about, i have no idea why ff would be executing this ever.

http://img512.imageshack.us/img512/3119/87997238.th.png

again…

why…?

Why?

!ot!

Well, firstly, I think you have either

  • posted in the wrong forum

or

  • you didn’t read the guidelines for it.

I don’t mean to be rude - I think some message boards are too mechanical in attitude - but if you really want answers - I suggest you do what they want. Or buy their service Here

Until then, allow me to torture you a little bit with my answers.

The main reason why I’m using D+. (when people ask me if I’m running any AV or FW apps I say I’m running D+) is because I learn the system. I used to question everything. Now I see normal behaviour instead. I can discern normal behavior from abnormal, just because I stopped asking stupid questions, not saying that your questions are stupid - only you can do that.

It seems like no one knows or wants to tell me the reason why certain processes hooks up, injects and makes new ones. But if you think about it, people really don’t know anything.

And I think computer environments are very much like that. Human behavior, from a subjective sense. Even if it seems wierd or as if things happen randomly without any meaning - I still think there is meaning, I just don’t know what it is. I mean I could speculate and make up thousands of suggestion - but most would probably be wrong.

Most people (please bare with me, I am not as dumb as it “sounds”, English is not my first language, though) that are alive today are somewhat unhappy - and by own choice, even if they don’t get it - they see meaninglessness here and there, and even though some of them give up and decides to end it prematurely because they believe the suffering will go away (are THEY in for a big unpleasant surprise!?!), the others won’t find ANY solution to their problem either - Not until they have suffered so much, and for so long - that they don’t have any other choice but to end suffering for real. And this is done by mastering the ability to control one’s own disposition. Keyword is Confidence.

Personal happiness is not something other people can be held responsible for. It is a “bug” to think that others can make us happy. Happiness is an ability that must be acquired - and when an individual acquires this ability a door opens up and where he realizes that all those "why"s and "how"s and every other question that comes from a belief that randomness really exists or that concepts are meaningless, never where questions placed in their right contexts in their first place.

You cannot answer a question that is an answer. Learning without question is my best advice.

I promise you, if you, seriously find confidence in what’s happening in your machine happens for a reason so that you can learn from it - then the answer WILL come to you. But if you start blaming other …whatever, may it be processes, developers or operating systems - then you will learn suffering.

So how would you start doing this thing? Start having confidence that things happen to you so that you may learn? If you’d realize that I was ten times as serious as you think I am, this would probably the question. Because you wouldn’t know where to begin. (but then again if you’d understand that what I’m telling you is true - you’d probably already know how)

You must first pretend. And I will illustrate with an example - it might not be the best idea for you - but this example will work if you try it.

Save all your COMODO settings in a cfg file and then remove all personal settings - pretend you are doing this for fun. Happiness is essential even if you are not - pretending is your only shot. Then install a bunch of applications. If you don’t have than many you could probably download them from the internet - if you believe in the lies regarding copyright there are legal free and sharewares. Chose applications that are working with different access categories.

If you do that, and pretend to enjoy it without blaming anything (even yourself), then the answers above will be answered. I don’t believe they will. I KNOW they will. And you will learn more and faster than some developer would say:

it’s because Firefox needs some services that also the VB development environment seems to be currently using

It’s just an example, I have no idea what they would say - but the point is that even if you get your answer you would probably not be satisfied.

Stay Healthy
/MousePad

???

Can you repost the first image in its original size?

I will move this to the help board as this seems more like a help request than a bug report.

The original size can be found over here

It IS huge, though (almost one mb) so I took the liberty of cropping and downsizing it (barely readable):

http://img685.imageshack.us/img685/6991/87997238b.jpg

Since I don’t have copyright on the image above, maybe you should remove it after you’re done, Sir Eric?

/CR

You have put CIS in Paranoid Mode and what you then see is basically all that is happening underneath the hood of Windows. Part of these techniques that are being reported are both used by legitimate as well as malware programs. This makes things look much more scary than they are.

When you read the alerts you will often see something along the lines “if this is an every day program you can choose to allow it” or “if this is an every day program you can safely allow this”. Since you say you can vouch for the programs coming from a regular source and even did hash checks there is nothing to worry about.

Putting a HIPS in paranoid mode make the uninitiated user totally nuts…:smiley:

As to why FF would want to execute an executable related to Microsoft Visual Studio I cannot comment. But it is not harmful in its self.

This is how D+ will protect your system. If another program tries to change FF you will be notified. If a website tries to exploit as buffer overflow in FF you will be alerted by the BO protection and will give you the possibility to terminate FF before it can do any harm.

When you know the FF you installed is from a a regular source and clean and no other program tried to mess with FF you know you are safe.

I hope this clears up things for you. Let us know if you have more questions.