(I think I found the right list to post this problem - finally)
Hi,
My laptop suddenly became slow and unusable, and I eventually tracked the problem down to the comodo Help service which seemed to be slowing things down terribly.
I downloaded and (re)installed comodo, but after rebooting I kept getting a message from comodo that “SynTPhelper.exe is trying to modify cfd.exe user interface”. Shocked
To make matters worse the mouse kept freezing which prevented me from replying to the message. The message would timeout after a while and the mouse (touchpad) unfroze.
SynTPhelper.exe is the helper task for the laptop touchpad, and cfd.exe, of course, is Comodo!
Q1. Is this a virus or malware trying to modify comodo?!
Q2. When a Comodo message does timeout, what is the default action: is it blocked or allowed?
I submitted SynTPhelper.exe for analysis but nothing came up.
The comodo panel suggested that the action could be allowed, even to itself(!) which seemed odd.
I would put CIS into training mode until it learns rules for the touchpad driver. maybe put firewall and D+ in training mode and then reboot. After boot , Check your rules to see if one has been created for the touchpad file and if so, then return the Firewall and D+ to your preerred settings. That should fix the problem. I would also think that having D+ in Clean PC mode when you boot would fix it as well.
Cfp.exe is a comodo process, cfd.exe as you mention in your post is not.
Cfd.exe appears to be associated with Broadjump’s Client Foundation, which is apparently some sort of broadband troubleshooting software that is installed with various companies broadband package.
So to answer your questions, no, if the message you are getting is in regards to cfd.exe, nothing is trying to modify Comodo.
And the default action if a message times out is deny. So it is indeed blocked, and the next time it happens, you should get another alert.
My mistake, it is, in fact, cfp.exe and not cfd.exe that it is trying to modify.
So it sounds like it is normal for the touch pad process to modify Comodo? Is this correct?
Also I am getting programs that try to insert itself or another .dll, say, into another process. Is this normal too?, and also asking for access to protected resources such as COM, and registration.
The real problem for me is: trying to determine what is legitimate and what is not, on the fly.
For instance, When I try to print a document from another local network attached PC, thru to the laptop where a printer is attached, Comodo on the laptop comes up and says something like: “blah.exe is trying to execute photo.jpg” when the printer fires up - or it might try to execute a text file - ie a non-executable(!)
Indeed, that file is a Synaptics Pointing Device Driver which is for your touch pad. Unless a malware has some how infected your machine and/or that particular file - It’s a safe executable.
Can you go to Defense+>>View Active Process list, And see if there are any weird or odd executables there? You can also post a screen shot here of the running processes too.
Hello dph, if the suggestions allready put forward don`t help you could try adding a couple of the Synaptics executables to the exclusion list for Comodo Internet Security.
To do this go to Defence+/Advanced/Computer Security Policy->Find the entry for Comodo Internet Security and double left click on it->In the new window click on “Protection settings” and then on “Modify” next to “Interprocess memory access”
Now click on Add and use either running processes or Browse and add these entries,
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Now APPLY to close all windows.
Now go back to the CIS exclusion list to make sure the above entries are there.
Cheers,
Matt
p.s. Had a quick look at the Hijack log and it looks fine. One thing you can do is where there is an entry which has (no file) after it can be fixed.