Defense blocks 2000 items in 7 hours

Hey everyone,

Had a quick question, I’ve been a Comodo user for about 2 years now.

Recently I installed RK Launcher, a “Object Dock” type thing. Well, after having it installed for half the day I looked at my logs and saw that Comodo had logged 2000+ events from this program.

Application: RK Launcher.
Action: Access Memory.
Target: cfp.exe.

any insight someone can give me on this?

Well all I know is cfp.exe is part of CIS, and it will not allow any other programs access unless you force it… trusted etc etc.

Hi MrCaboose.

You can avoid those D+ logs by applying solution # 9:

https://forums.comodo.com/install_setup_configuration_guides/troubleshooting_cis-t30083.0.html

Also the same instructions are given by Matty_R to another member who is asking the same question but with another program:

https://forums.comodo.com/defense_help/superantispyware_entries_in_d_log-t48525.0.html

Hope it helps.

Well I thought that it was fixed after using the steps Iroc provided.

Now the “Memory” event is gone, but a new one has appeared. Its up to 27000 events in under 4 minutes.

Application: RK Launcher.
Action: Block Hook
Target: Winamp.exe

any ideas?

Hi Mr Caboose.

Sorry to hear about that new log. I have applied the above solution to several programs, wmv, mbam, sas, creative media sourse, vlc, MRt, and so on in my comp without encountering any “Block Hook” for another program. I have no idea. Sorry.

No worries mate, thanks for your help. I hope someone here can assist me with this newer issue.

Take care!

If you trust the application it’s best to set RKLauncher as a “Trusted Application” that should stop it from logging a hook alert on winamp.exe or other applications.

If this doesn’t work please check the winamp.exe “protection settings” for hooks.

Hi Ronny,

The RK Launcher was set to trusted when all this started, still no effect. I did some playing around with the settings last night and I believe its okay now. Only event I see is Comodo trying to install a hook in some Sys32 .dll file.

Can you please post the exact message it shows? I’m wondering why CIS should alarm on hooks for it’s self…

Application: cfp.exe

Action: Block Hook

Target: msctf.dll

Application: cfp.exe

Action: Block Hook

Target: dwmapi.dll

Those are the two entries that get logged, I’ve had my computer on since this early this morning, and the “defense+” shows 78041 “suspicious attempts)”.

I have defense disabled for now.

I think you changed the default settings or something messed up your D+ Policy because on a default level the Comodo processes are not protecting against hooks from it’s self.

Can you check you security policy and select “Comodo internet security”, Protection Settings.

Windows/WinEventHooks should be set to NO, looks like yours is set to YES.

Hi,

I have reset every setting to the default value. The issue still persists.

*I will be out of town for a few days, so I will be absent from the forum for a short while.