Differentiate between a program starting and a program launching a program

I believe I’ve expressed this before else where on these forums, and I’d like to reiterate it here (As it’s a wish of mine).

Right now, Defense+ will ask you if you want one program to launch another program, which I appreciate. However, I have run into at least one instance where I have an untrusted program launching and I have no idea what’s launching it, specifically when I put a DVD movie in my drive, the Windows Media Player setup starts without me having approved it. This is where I’d like Comodo to prompt me when a program is attempting to start, and give me the options of allowing it to start, preventing it from starting, or adding it to a predefined group or the blacklist.

I still don’t know what’s launching the WMP setup when I put in a DVD, but I don’t appreciate Comodo executing it without my permission.

What is your OS? It could be your auto play settings for inserting a DVD, maybe it’s set to launch Windows Media Player. I have mine set to launch Windows Media Center and I never get any alerts.

I’m currently running XP x64, and I’ve already changed my default player, but that’s side-stepping the issue. The program will still run unless I’ve blacklisted it.

Keep in mind, though, WMP is a Safe application, so CIS not stopping it would be reasonable unless one changed settings to prevent it from running.

I unchecked the box for “Trust the applications digitally signed by Trusted Software Vendors”. It’s probably something I have set to use the Windows System Application profile. Still, should unknown programs even be allowed to run without user intervention?

I’d like to re-emphasize my suggestion.

Now, because I haven’t given Explorer full access to everything under the sun, whenever I crawl through my folders and come across an unknown executable, I get a prompt asking me if Explorer can access this program. The only reason I’m asked is because it’s querying for the program’s icon. This seems a bit silly to me. If I accept, Explorer can show the icon, but it can also launch it, which is a behavior I’m not terribly happy about. I have no problem giving Explorer… I guess what would be considered file access to executables, but I’d still prefer to be prompted when a program is trying to load.

I suppose the question should be: “What is unknown by whom?” Microsift software are trusted (digitally signed) and Explorer is a key part of Windows. If you are not trusting this, then why use Windows (a view I am sure all you Mac readers like to hear). .FaZio93.
had asked about your windows settings and about AutoPlay. I still think he is correct about the direction you should be looking.

nmalinoski , I think your being a bit paranoid. Like John Buchanan said, the signed MS explorer.exe is a key part of windows and it set to “Windows System Application” as default by COMODO (and not many apps should get that privilege either).


If there’s something wrong with being paranoid, why even add a Paranoid profile to Defense+?

Also, my most recent post outlines a concern unrelated to autoplay. I’m almost surprised that it was ignored in favor of criticism of my original suggestion.

Nothing wrong with it. ActualIy, I use d+ in paranoid mode. but ms’s explorer.exe is a core part of windows and safe. no need to lock it down. :slight_smile:

No there is nothing wrong with using Paranoid Mode you can use custom policy for all if you like the only thing is if you have a lot of rules you can get slow down in alerts.
If you find you have still have not enough alerts check what is allowed in the All Application rule.
The reply for autoplay is correct.
PS Re Icon Explorer.exe shows a lot more than just the icon it shows all details if you hold the pointer over the icon for this it as to access the program.

I disagree with this. Please see Quickpost: /JBIG2Decode Trigger Trio | Didier Stevens for an example of why.