I am currently running Windows 7 Ultimate using Comodo security, and for some reason explorer.exe keeps on trying to terminate Comodo’s cfp.exe application. Although the Defense+ blocks the attempts, I was wondering if anyone here knew why this is happening, and if it could possibly be the result of an infection.
By the way, I also noticed that the “X” icon in the corner that usually closes the application became greyed out after this happened. Correct me if I am wrong, but isn’t cfp.exe the actual IS interface itself? If so, then it actually might be possible that the system glitched when I tried to close that window, and Comodo might have thought it to be an intrusion attempt… that is, of course, just a hunch based on pure speculation.
No, I do not have any other security softwares installed.
And I have rebooted twice since it happened… so far it has not occurred again… however now it is telling me that osk.exe (I presume the built-in On-Screen Keyboard application I used for the PrntScrn key) tried to “access memory” from cfp.exe.
I’ve done a full system scan with both Comodo on my Windows partition, and with Sophos on my Mac partition. Neither of them detected any problems, and since then I have received no further troubles with the Defense+. I suppose for now I can safely assume that this may not have been the result of an infection after all. Thanks for your help.
I do have one other question: What does it mean when the Defense+ blocks an application for attempting to “Create process, Block File”? I notice that this does seem to happen at some times, mostly when trying to install new software.
To Create a process means to start/extract a process/executable (Usually Installers/Archives Do this type of action even Browsers once you are downloading a installer/exe/msi
Create Process, Block File Means You have recieved an alert for to sandbox or allow to run with admin powers or when you are extracting a file and Defense+ Sees an executable and ask’s you if its ok… and Defense+ blocks the action until you have click’d allow or deny
Create Process, Block File; You should receive this type of event when Defense+ Alerts you that a Installer or a File is trying to extract a executable and has blocked the extraction until you have answered the alert;
Create Process, Block File; Can typically take place when a installer starts to extract and you receive a sandbox alert whether to allow it or sandbox it or deny
If i’m not mistaken This should be a sandbox alert; alerting you whether to sandbox it; run with admin privleges or deny.
I got this alert when trying to installing halo as well
CIS > Defense+ > Defense+ Events > More
Here you can go through the events that happened with defense+, If you highlight a event when it has Related Alert in blue on the right side; you can click and it will tell you when you recieved an alert for that specific event; and then you can double click the autommatic highlighted alert and it will tell you more information about the alert
By the way, I think I found a small glitch in the log viewer… whenever I highlight a Defense+ event that does not have the “Related Alert” text, and then try and double click on the area where that normally would be, I get an error saying “Internal error! The logs database is probably corrupted.” Diagnostics don’t reveal any problems, so it may simply be a bug.