Defense+ Events - Intrusions Query.

Computer running Vista Home Premium.

Since updating to the latest version of CIS 3.8.65951.477 (although Comodo Antivirus is not installed as I use Avast) I am getting a very large number of suspicious Intrusion attempts in the Defense+ system.

The Applications causing these are C:\Windows\system32\dwm.exe and C:\Windows\system32\taskeng.exe with the Action for both being Access Memory and the Target for both being C:\Program Files\Comodo\Comodo internet security\cfp.exe

Both applications are listed in the Defense+ Computer Security Policy under Application name and are both treated as Custom Policy (as automatically setup during the installtion update).

How can I stop these numerous suspicious intrusion attempts being made in the Proactive Defense without turning the logging off altogether?

This did not use to occur. I have tried various methods but all to no avail. I`m obviously not doing something correctly.

This is a memory sharing issue.
The solution:

Select Defense+/Advanced/Computer Security Policy.
Scroll down to Comodo Internet Security (Select it), select Edit/Protection Settings.
Interprocess memory Access (Active Yes) select Modify/Add/Running processes.
Scroll down to locate the application. Click it and click “Select”.
Then just “Apply” to each window as you exit.

John,

Many thanks indeed for your reply.

Your solution to my problem worked a treat and all is now back to normal, with suspicious intrusion attempts showing as none.

Out of interest, any ideas as to why is should have been a memory sharing problem? I have never had this happen before and I`ve used Comodo Firewall and Defense+ for a long time.

Once again, many thanks. My frustration with it has now disappeared!

Roger :wink: :slight_smile:

The app was trying to use a section of memory that CIS has claimed. I see it with 4 different apps on my system.
Not a serious issue since the apps in question a) were detected b) were safe.
If anything rogue does make an attempt, at least you will know about it.

Glad I could help you.
BTW, welcome to the forum.

John,

Since the satisfactory resolution of the problem I posted above, it appears to have created a new one.

The Firewall of CIS is now not logging any intrusion attempts at all, where these were showing previously.
I visited the GRC/Shields Up website and ran scans of both Common Ports and All Service Ports yet nothing showed under Network Defense - the message being that The Firewall has blocked 0 intrusion attempts so far. The logging of this function has not been disabled.

Any ideas, please?

Roger ???

Bump.

GRC tests for outside leaks in your security. IMO Since it is done via your browser you won’t see any logged events. As long as GRC has reported back you are secure, you should be fine.
Can someone correct this if I am wrong?

John,

I have uninstalled the latest version of CIS and installed version 3.0.25.378 of Comodo Firewall Pro - which just consists of the firewall and defense+ system. I had not installed the antivirus section of CIS originally either, using Avast, as mentioned before.

Comodo Firewall Pro is working a treat, with suspicious intrusion attempts being logged in both Network Defense and Proactive Defense.

I cleared the Network Defense View Firewall Events log then ran a scan of All Service Ports at the GRC/Shields up web-site and very many intrusion attempts were logged in the View Firewall Events log. Therefore such events are logged. All ports came up as Stealthed in the test.

Thank you very much for your help but I have decided to stick with my current version of Comodo. It would appear something in the CIS suite wasn`t agreeing with something on my computer. I know all is well now.

Roger. :slight_smile:

If GRC is actually testing your software firewall and not your router, you will definitely see the ports scanned on your firewall log.

Perhaps mine is being blocked by my router, then. My misunderstanding.
Thank you, HeffeD.