Today I uninstalled GFI’s Languard. When the uninstaller finished it tried to connect to the internet. A pop-up from Comodo’s FW appeared but before I could answer the connection was allowed.
Imediatly after, a pop-up from D+ jumped in with a buffer overflow attack warning (see snapshot).
So, two questions:
1 Why didn’t the FW work?
2 What am I to make of the D+ message?
[attachment deleted by admin]
I think you should make rules so that you will have VERY little alerts. In short you should block all unnecessary things. After you will make it you can be calm… very calm
The firewall alert says setup.exe is a safe application. When Firewall Behaviour Settings are set to Safe Mode it will allow that of course.
The Defense + message means it found a buffer overflow problem in explorer.exe. When you are sure GFI Languard’s uninstaller is a safe application and you are sure you downloaded Languard from a safe location then there is more than likely nothing trying to exploit explorer.exe.
When you want to be 100% certain terminate explorer.exe. You can start it again from Task Manager → File → New Task → now type explorer.exe in the run field and push enter.
Thanks for the answer Eric.
I went to D+ Events and confirmed that it really was C:\Windows\explorer.exe and not something undesirable.
But my FW is Custom Policy Mode. It shouldn’t allow a connection by default. Or should it?
It should not the connection when in Custom Policy Mode unless there is a rule made for the installer in the past. Check under Network Security → Application Rules.
I’ve checked it. You’re right Eric. Thanks.