Getting D+ alerts for non-protected apps [HELP]

Hi,

I am getting Defense+ alerts for many applications that they are accessing the memory of ctfmon.exe. This is the language bar, not the trojan with the same name. In the protection settings of ctfmon.exe I don’t have Interprocess Memory Access protection enabled. Why is it that this process is still protected? Does the global setting in Defense+ Settings/Monitor Settings override the protection settings of each application?

Thanks,
hojtsy

I think that the protection settings will completely stop any access to the app they are protecting.
That is to say, if you enabled the memory protection, cpf3 would prevent any app from accessing ctfmon’s memory.

As you have not expressly told cpf to prevent this, it just asks instead. (i think)

Could somebody with a more definite knowledge on the subject please explain this to me?
How does the global setting of “Interprocess Memory Access” protection interwork with the identically named per-application setting?
Apparently an application is protected even if it doesn’t have the per-application setting enabled.

I can’t say I definately qualify, however the reason you get this alert is ctfmon.exe is in the (protected)system32 directory. I am not sure exactly how you could disable this alert, except for removing “%windir%\system32*” from your protected files or uncheck “Interprocess Memory Access”, and I do not think this a good idea. we´ll have to see what the experts say

OD

When an exe access the memory for the first time, or when you update an application it appears that ctfmon.exe alert asking you if that exe should or not to access the memory if you know that it’s legitimate exe (application) check Remember it the next time and depending of the Network Defense and Pro Active Defense maybe it’s in the Training Mode, I suggest you to adjust to Safe Training Mode (less alerts). I have this program installed two days ago and eventually I have not alerts, well till I install or upgrade a program. And take a look at your Network Security Policy (FirewallTasks Advanced ) and Defense+ (FirewallTasks Advanced)

I hope this help you to understand

Regards

Miguel AngelXP

(R) (V) (B)