Comodo firewall v:5.3.181415.1237, Avast v6, are on my apple XP sp3, 32 bit computer. Every so often on startup, windows is frozen, no internet icon is showing,there is just the little arrows showing on Comodo, after about 8 minutes, some files from comodo popup, they are the same ones every time. "Windows notification centre, an HP printer exe file, windows wscntfy.exe. i have done the expected thing like “trust this installer, do not sandbox again, remember my answer, submit online, submit”. They keep appearing, even though they are in the trusted file list, i cannot add them to trusted file list as the box is greyed out, but they are in there anyway. how can I tell comodo to stop scanning them please?
hello,
Can you add some more infomation about this problem. avast!6 has sandbox tech too. I am not sure whether avast! has some conflict with comodo.
May be you can restore the comodo defualt settings. I am searching the wscntfy.exe on the google. It tells me the program belonging to MIcrosoft. So I think, there’s some thing wrong with your computer.
If you can give us more infomation. I think we can help you . :-TU
av2000, thanks for your reply. In the past I could not use Avast definition update with comodo, but that has been cured, there has been no sandbox alerts from Avast. Sorry but I do not see how there could be a conflict, when it is comodo scanning the files. I see that Microsoft is not in the trusted vendors list, how do I add them and reset firewall default (it does not say in help files) please? HP are listed as trusted.
Can you check that wscntfy.exe is in the system32 folder? That is where it is supposed to be when it is a system file. Otherwise it could be a malware. To know for sure that wscntfy.exe is the original file you can use Sigcheck to see if it is digitally signed by Microsoft.
Download this zip archive and unpack it to C:\Program Files\SysinternalsSuite\ . When done run sigcheck.reg to add it to the registry.
When this is done navigate to the system32 folder, look up and select wscntfy.exe, click right and choose Signature from the context menu. A black command box will pop up. See if it is signed or not.
As for the HP files. Does any of the workarounds in App. is not working correctly, but does not seem to be s/boxed. What to do? [v5] bring a solution here?
If you want to add a signature of Microsoft you can do that in Trusted Software Vendors list under Computer Security Policy. In your case I would make sure to add the signature from wscntfy.exe.
Thank you EricJH. Have checked for signature but there seems to be none, as the black box just disappeared. Then looked on the internet for program Files\HP\Digital Imaging\bin\hpqste08.exe. it seems to be a known problem. After reading your link page, I looked in Defence+ events, and found there is also hpqSTE08 it was scanned on line, and found safe, but my file was flagged as"Access COM Interface" and target was “\RPC Control\spoolss”, and presumedly sandboxed.
Sorry i forgot about a Windows notification centre file being shown as well, I said “always trust this installer”.
There does not seem to be a signature for hpqste08.exe, as the black box also disappeared. There is not a hpqSTE08 file in “bin”.
Does any of this help please?
The black box should only disappear when you push a key.It waits for that. Can you try again and see if wscntfy.exe is digitally signed?
Then looked on the internet for program Files\HP\Digital Imaging\bin\hpqste08.exe. it seems to be a known problem. After reading your link page, I looked in Defence+ events, and found there is also hpqSTE08 it was scanned on line, and found safe, but my file was flagged as"Access COM Interface" and target was "\RPC Control\spoolss", and presumedly sandboxed.Did you try adding the HP executable, or the complete HP installation folder, to the buffer overflow exceptions and giving it the Installer/Updater policy.
Sorry i forgot about a Windows notification centre file being shown as well, I said "always trust this installer". There does not seem to be a signature for hpqste08.exe, as the black box also disappeared. There is not a hpqSTE08 file in "bin". Does any of this help please?Try the signature check again. Can you access the Program Files folder in general?
ericJH, thank you. There is a signature for wscntfy.exe. C:\WINDOWS\system32\Cat Root<F750E6cC3-38EE-11D1-85E5-00C04FC295EE>nt5.cat. I have added it as you described. There is a signature for hpqste08.exe but I cannot see what the actual is. How do I add HP.exe files to the buffer overflow please? I can see the program files, by “general” I presume you mean normally, not a file called general.
To add hpqste08.exe to the Buffer Overflow exclusions go to Defense + Settings → Execution Control Settings → Exclusions and add it from there.
What I meant was can you access the Program Files folder when using Explorer.
Thank you ericJH for your help. the file has been added in Exclusions. I can see the program files with Explorer.
We await another comodo scan? 