I guess when I had first installed CFP a while ago, I hadn’t seen these balloon messages telling me what Frostwire ws accessing. I have been going through my D+ rules and saw that Frostwire accessing wierd things on its startup.
I know Frostwire is safe and it’s on COMODO’s safe list.
See SS:
The first 4 programs are Okay but why would Frost need the rest?
[attachment deleted by admin]
that screenshot pertain run an executable access.
This usually mean you made some actions tha required Frostwire to run other apps.
Eg: hh.exe to see Frostwire help file, works or Powerpoint to view some documents etc.
You can safely remove all programs you don’t think frost will need and eventually check when they will be added again or you can also explicitly block them (I assume this will prevent some doubleclicking actions on frost downloaded files)
It does it automatically. In the SS, everything from hh.exe and down gets added automatically on Frostwire startup. And there is no help file for Frostwire, only online FAQs.
It does make sense that it would add things such as MS PPV and works for docs it needs to open, but by default? The one I’m most curious about is msiexec installer, maybe something to do with java?
and why Windows mail…?
This is quite uncommon.
Those entries can only be added it an application attempt to run something (AFAIK only if the lauched apps are trusted they could be automatically added by safe mode).
And usually those apps are only launched by explicit user action (double click).
I would like to suggest you to not use frostwire until you asked about these behaviours in their forums http://forum.frostwire.com/index.php and eventually confirm the executable you have is genuine.
and sent your frostwire folder (as many files you can) to Comodo as per Reporting False Positives/Suspicious Files & Submitting them to the lab explaining that you didn’t explicitly run those apps and also adding a link to this topic.
I posted this issue on the Frostwire forums and and sent the file to COMODO
Thanks.
I found you topic titled FW access wierd things
I guess it could prove useful to mention FW version number, FW MD5sum and specify that FW likely requested to access and run those apps without any explicit action from your side.
Done.
I set D+ to Safe mode and installed FrostWire 4.17.1 (I attached a md5 signature of all Frostwire files generated using DVDsig)
I manually added FrostWire.exe to D+ Pending files List to manually run the Lookup function and have D+ contact Comodo just in case this new FrostWire version was not added to the bundled safelist released with CIS 3.5.54375.427.
FrostWire 4.17.1 policy was automatically created by D+ safemode but the resulting policy Run an executable access right didn’t have any allowed nor blocked application entries.
To confirm this I manually closed Frostwire soon after it was fully loaded and running.
In the attached pic I manually copied an help file to Frostwire shared folder and I launched it by right-clicking (doubleclicking on each file will work in the same way), only then hh.exe was added to Frostwire policy - Run an executable .
To confirm this I manually closed Frostwire soon after I launced the help file.
D+ safe mode automatically added to Frostwire.exe Run an executable allowed applications access right only other executables already safelisted by Comodo as soon as I launched them from Frostwire library.
Since Firefox recently released a 3.0.4 update which was not included in CIS 3.5.54375.427 bundled safelist, double clicking on Frostwire upper-right logo did not automatically launch Firefox but triggered a Run an executable alert.
As soon I performed a manual lookup for firefox.exe (manually adding it to my pending list to perform the lookup and removing it from pending list afterwards) D+ safe mode automatically added firefox to Run an executable allowed application access right of Frostwire.exe since Firefox 3.04 has been safelisted.
Provided that frostwire.exe is only a stub to launch the actual FrostWire.jar java application I can confirm that the frostwire.exe bundled with FrostWire 4.17.1 is the same you got on your PC hence any difference in observed behavior could be related to the other java files loaded by frostwire.exe stub executable.
It would prove useful to uninstall your current frostwire version and remove your current frostwire.exe D+ policy to install FrostWire 4.17.1 (or a more updated version).
[attachment deleted by admin]
Thanks for the help.
I was going to update to 4.17.1 and remove my D+ rule for it but hadn’t had a chance to until Sunday (which I did yesterday).
4.17.1 actually did the same thing as in my OP but lately it has stopped. Since I don’t share any files on FW and am a very light user of it, i just allowed FW to execute the exes i would really ever need it to: firefox, and the 2 java exes. But even launching FW, there is no longer anything in the D+ logs about FW wanting to execute winmail, etc.
Here is a response from FW forums:
I saw this earlier but not being a developer or Windows expert I didn't comment. I did Google most of the items and they all did seem to have a place here.A mail association is required as a couple of links to email addresses are present in Frost … Bug reports is one that springs to mind. I think the link does not work … but it is there …
msie.exe … hmm… from what I could make out this is present for any Windows installed program, but I did get distracted and didn’t get too far into it. Possibly hh gets connected to any program whether or not there actually is a help viewer.???
Frostwire launches all sorts of programs outside it’s self so … only a few Audio formats are (optionally) launched inside Frostwire.
Not a comprehensive reply, but my best suggestion is to Google any term you are wondering about and see what comes up. Happy reading
anyway, thanks again.
