Defense+ logging Memory Access by Tabtip.exe [Solved]

abailey152 · November 10, 2008, 4:11pm

Defense+ is logging a prevented intrusion attempt from APPLICATION: “C:\Program Files\Common Files\Microsoft Shared\ink\Tabtip.exe” ACTION: Access Memory TARGET: “C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” every time I open the Comodo window.

I have a graphics tablet that ties in with Windows (Vista Home Premium 32bit) so that it thinks I have a tablet PC. No problem, it just gives me some extra features. However, with Defense+ set to “Clean PC Mode” or above, I get the above flagged.

I have tried setting setting Tabtip.exe to a “Trusted Application” and I’ve also tried setting it to a “Windows System Application”. Neither settings stop it being flagged. Now as it is only occurring with “cfp.exe” I guess it may be some protection setting for Comodo files.

Anyone know how to stop “Tabtip.exe” being flagged as an intrusion attempt?

Regards
Andy

gibran · November 10, 2008, 4:44pm

These blocked attempt are triggered by Comodo Internet Security Protection Settings

In order to allow Tabtip.exe access to Cfp.exe since it is a trusted application it is needed to find Comodo Internet Security (or Comodo Firewall Pro) group in Defense+ Tasks > Advanced >Computer Security Policy and edit its protection settings for Interprocess Memory Access.

Interprocess Memory Access Protection should be left to No to protect CFP against malicious tampering and and exception should be added for Tabtip.exe.

[attachment deleted by admin]

abailey152 · November 10, 2008, 7:35pm

Many thanks for the detailed fix, which has done the trick. I had looked at the protection settings but I wouldn’t have known what to edit.
Your help is much appreciated.

Regards
Andy

system · November 10, 2008, 7:54pm

Thread Will Be Closed -
Reason: Issue Solved
To Unlock: PM A Moderator

CG