Defence Plus logging is not good at all

My main complaints:

1- It does not seem to log all events. On my system I see no logging for simple execution actions like Explorere.exe allowed to execute opera.exe etc etc. That really sucks.

2- No way to disable logging for a specific event. Most of my log is filled by useless memeory access events for ctfmon.exe

3- It does not tel whether the even was allowed or blocked. That sucks even more. Other HIPS show it very nive with blocked events in red( or some other color).

4- Also some HIPS whoe whether the even triggered a pop up or not? It,s very useful option as well.

I hope the logging can be improved in future versions.


[attachment deleted by admin]

Have you tried clicking on “more”.

Defense+ logs only blocked actions, at least in v3.0.14. Logging allowed actions could create a massive number of events in the event log.

That’s true. If you wish to not see blocked events for ctfmon.exe, then you need to alter your policies to not block it anymore.

I did. Still deficient.

I have no block logs in firewall or D+. Why are you blocking ctfmon> I always have that running and doesnt bother me.

I get this alert so oftenm with every other application " application X accessing ctfmon.exe in memory" so I made a general block rule for ctfmon.exe to get rid of this alert.

I can,t make a general allow rule as that will allow any malware to modify memory of ctfmon.exe. It was a real irritating alert and I never saw it with any other HIPS like SSM, EQS, AD etc .

You can fix that very easily. Simply go to D+\Advanced\Computer Security Policy and hlightlight Comodo Firewall Pro. Then click on edit. Click on protection settings then click modify next to interprocess memory access and add ctfmom or any other things you need to. I have a couple of posts about this helping about people. I was happening to me with Set Point.

Pop ups are not about ctfmon.exe accessing CFP in memory. It,s diffenet applications accessing ctfmon.exe in memory.

I am not sure how you have your Comodo set up but i get no access memory blocks like your log says. The only 1 I ever got was for Set Point.

I get it because I have made a general block rule for that due to frequent pop ups about ctfmon.exe being assessed in memory by so many applications.

[attachment deleted by admin]

I use ctfmom all the time cause of Word and never have 1 problem with accessing memory from any program. Ctfmom is a running process all the time and when I installed Comodo it all ready learned it.

By default in recent builds ctfmon.exe is in allowed appz. for all appz. access rights

Yes your right.

I don,t use any default rules. I deleted all and made new rules from scratch for all executables.

Not sure if THIS will be of any use to you guys.I`ve done it and can still use word and i get no pop ups for ctfmon.


So you deleted all of Comodo default rules when specifically there is a default setting for ctfmom and your complaining. I don’t get it. All I have ever done is installed Comodo and it works. No troubles. On both my laptop and desktop. I have also installed it on about 20 other pc’s with no troubles. All installs are at default settings.

I want all rules by me.I am not complaining of Defence Plus. I just want more options in logging.

Ok sorry. (CLY)

No need of sorry by the way. ;D

I removed block rule for ctfmon.exe to get rid of this logging.

you could try disabling ctfmon I think I stopped getting pop ups for it when I disabled it on my other computer,

I used microsoft’s website