everytime after a windows update, it screws comodo up completely

Using comodo with the FX browser. For about a week after a M$ windows update, I get tons of PUs, that weren’t there previously. Here is the latest, and it’s happening just when I go to my ISP homepage. For some reason it always involves brosiui.dll or wininet.dll, but the "system32/Schannel.dll is a new one. I almost hate to do an xp update anymore, because for about a week after, it’s nothing but comodo PUs.
and just to visit/post on this site was a comodo PU with about 10 different components requesting an “ok”. If I don’t allow them the server connection goes “dead”. Suggestions? thx

How long have you been using Comodo FW?

All these alerts relate to Component Monitor. By default, CompMon should be set to “Learn” after install. During this time, you will not see any alerts for components used by applications in accessing the web. It should be kept this way (usually a few weeks) until the majority, or all, internet-connecting applications have been run. Once that has occurred, you can change it over to “On.”

Once it’s set to On, you will get alerts for each component change, such as through updates, a module used for the first time, and so on.

My thought is that your must be set to On, given the number of alerts you’re getting. While some updates can generate a number of alerts, yours seems a bit high…


How long have you been using Comodo FW?
Since last fall.
Once it's set to On, you will get alerts for each component change, such as through updates, a module used for the first time, and so on.
So after a M$ windows update, you should set the component monitor to "learn"? I've never seen a tutorial about the "component monitor" as it pertains to the xp (or vista) processes in the "component monitor", all I've ever seen is "just set it to learn", but perhaps I've just missed it. An example is that C:\windows\system32\schannel.dll ---I've never seen this thing before, and have absolutely no idea what it is? should I allow it.---? All I can tell you is that if I don't (such as if I click on the post button below , after writing post) and don't allow it, when I try to enter the post, I just can't connect. Now if I run a search engine on "schannel.dll" I get this
schannel.dll is a library which contains the functions for 128-bit strong encryption in Internet Explorer 3.x or 4.x.
and I've haven't run IE 3 or 4 in forever, infact, my IE is supposedly shut down --- program access and defaults---custom--etc, as I'm using FX. So perhaps someone could tell me why, after a M$ windows update, all the sudden this s-channel.dll is getting a comodo PU? and I can't connect if I don't allow it? thx

My apologies for being unclear… this is not what I’m saying; I’m referring ONLY to the period immediately following a new installation of CFP, that’s all.

The way CFP works on these Component Monitor alerts is that if you Deny the Alert (and thus the Component), CFP blocks not just the component, but the application using it (ie, the browser). The only way CFP can interpret your actions is to presume that your computer must be compromised, since you have Denied the alert. So it blocks everything to protect the machine and give you the chance to figure out what’s going on.

Basically what you’ll have to do is make a note of those components (or find them from the Activity/Logs) and go back in to Component Monitor to block them individually (if you want to block them). Be sure to click the Apply button after making changes in Component Monitor. Then restart your browser and it should work.

It’s odd to me that you are getting this much activity, so long after installing the firewall. There have been some MS updates that generate a few alerts for me, but I don’t think to that level. There are always some oddball things from MS, though (regarding the old IE files). Generally doing detailed searches are in order to figure out what some things are. You can also upload to VirusTotal
http://www.virustotal.com/en/indexx.html Jotti VirusScan
http://virusscan.jotti.org/ or other online sites that will scan and provide you a report. That may help you make an informed decision, then you can reverse any block, or delete the component, etc.


If my intervention is unwanted, let me know and I’ll kick myself out. Otherwise, here’s the legendary source for additional info: ** FAQs/Threads - Read Me First **:

[b]Component Monitor[/b] https://forums.comodo.com/index.php/topic,5396.0.html https://forums.comodo.com/index.php/topic,793.0.html https://forums.comodo.com/index.php/topic,4057.0.html https://forums.comodo.com/index.php/topic,6241.0.html https://forums.comodo.com/index.php/topic,7526.0.html