Defense+ breached by Netwaiting

Hello all :slight_smile: I’m not gonna waste much time here because in all honesty I’m likely gonna say a lot and I don’t really have all that much time left after my troubles tonight. Let’s get straight to the point …

I went out last night to my brother-in-laws and left my laptop connected to the net to finish downloading some data. While I was out Microsofts Netwaiting managed to install itself in my absence. Now, if the world is as sane as I hope it is then everyone here will be as angry about this as I am. There’s 2 reasons for my being here tonight.

1: I’d like to know is how the hell did it circumvent Defense+ ? My house was locked tight. I’m running XP professional with only essential services turned on. I have Defense+ set to clean PC mode by the way and it’s ALWAYS active. As a matter of fact, after the OS itself. Comodo is always the 1st app to be installed on my machines. Not once have I myself installed anything without having to switch to 'installation mode. Telnet and all other remote access services are disabled on both my systems too so … I dunno what the hell. I know I’ve allowed a lot of windows system apps like rundll32.exe but what about registry editing etc?

2: I’d like everyone here to know what happened …

I came home last night and I never noticed a thing amiss. I checked my downloaded data, saw that it was all there, turned off my laptop and went to bed. When I got home from work this evening and turned my laptop on I found that my wireless connection wasn’t working (PC, modem and router all fine). After uninstalling and reinstalling all of my network-related drivers and with no luck whatsoever I decided to a system restore and that’s when I found out I’d a restore point for 8:40PM last night when Netwaiting was installed. I was happily chewing chicken at that time - about 6km away. Anyway, I didn’t bother to restore - I manually removed all traces of Netwaiting and then reinstalled my network-related drivers and now my wireless connection is working fine again.

Now, I’d also like it to be known that, after almost 12 monhts of happiness with Comodo, this is the very first time I’ve found it to have a weakness - does that suck or what? I’m still super happy with Comodo and I’d like to thank the developers while I’m here but hey, let’s sort this out, eh? While on the one hand I love Comodo, on the other I absolutely detest, loathe and despise those other bunch of w**kers and the thought that they’ve managed to circumvent something I’ve had complete faith in is doing my head in. Any and all comments VERY much appreciated ???

Evening “alflud”

My name is Jacob Kilgore,
I’m one of the Moderators here at Comodo Forums
I would like to try to solve your Issue as Quick as Possible

  1. Microsofts Netwaiting is Digitally Signed, And Is In the “My Trusted Software Vendors” by Defualt
    It wouldn’t ask or pop up an Defense+ Alert for this application, It’s automatically allowed because it is digitally signed,
I've found it to have a weakness
Sorry, There are very very few weakness (If any) of Defense+ but This isn't one of them.

Did this help?

- Jacob Kilgore
C-O-M-O-D-O Forum Moderator

If you don’t want any programs installed without your approval, I suggest you remove all vendors (except COMODO) listed in My Trusted Software Vendors.

Hey man, I hear ya. This is an interesting situation. It probably is understandable after some inspection.

I did a slight search on this netwaiting. The only reference to MS I found is with the OS Vista. Other than that it’s a 3rd party dial-up tool, something to do with call waiting.

I’ve no experience with Vista. Are you using Vista? Sounds like it comes with Vista, but if not, do you have automatic updates (for MS) turned on? You can go to Auto updates (online) and look at your update history to see if it did come from MS.

I use XP, 2 machines, and I don’t have it, never heard of it, and it’s never been offered by MS during updates that I can recall.

Another thought, could whomever you were DL data from have the ability to decide you needed this Netwaiting to successfully get the DL? Maybe you were on a network that you’ve given rights too?

Also, maybe your network probs were the result of a failed install of this netwaiting? Due to your security stopping some needed actions? I have had that happen. Unfortunately, I’ve seen a couple installs not want to wait for a permission to continue. And the comodo pop up’s time out and disappear ( I wish they wouldn’t, I haven’t found a way to change it, though it might be easy --oh, I guess I could set the time out for 10,000 minutes, lol. Solved!) I’d examine your Defense+ Event log to see what was happening during the time period of the download.

I’d say it’s worth investigating, just for your peace on minds sake. Let us know how it’s going.

At the moment, any changes to the trusted vendor list cause CIS to think there is an update available. Updating gives you back the default list. You’ll need to turn off the check for program updates unless you want an unending ‘update available’ message.

Also note, to remove any vendors from the list, they must be removed one at a time.

But it’s reasons like exactly this issue that I don’t agree with Comodo putting vendors on the list for me. I could really care less what applications some other Comodo user feels is trustworthy and happens to be digitally signed, let me decide who I trust! It is my computer after all.

Lot’s o help here :slight_smile: thank you all very much. I’ill remove MS from my trusted vendor list when I get home - I guess this is why there was such a smooth install.
[at]Sandwater: I’m using XP (sp3) - and you’re right actually - I’ve never seen NetWaiting before at all. It’s Netmeeting I do remove. I know I’m not paranoid too - does anyone remember when it used to say in the ‘Add/Remove Windows Components Dialogue’ that you could actually remove things like Messenger, Outlook and Wnidows Media Player? Nowadays it says ‘remove ACCESS to NetMeeting/InternetExplorer/Messenger/Outlook Media Player from desktop and start menu’. Hell I even remember when the dang process used to show a progress indicator for those ‘phantom uninstalls’. Downright deceitful that was. But anyway - I’m extremely glad to be feeling once again that I can defeat their attempts to control MY hardware. Thank you guys.

P.S. As I am running XP with sp3 I have no need to ever update so I don’t.