Global Hook and other access requests

Hi guys, I have been using NIS and the firewall conflicted with both Mozilla and Chrome so I found Comodo and no more conflicts but on the other hand, a LOT more “user input” (which I have not done below on Firewall requests) and would appreciate HELP. My gut feel is that if it sounds legit, let it go if it sounds like “why does it want to do that, reject it” and I have a few scenarios that I would like to review. I received a request for access by “Global Hook” that I REJECTED, my rationale was I don’t want to give GLOBAL to anything that I don’t know. I also was presented with access by “AVGui.exe trying to access keyboard directly” and figured that AVG does NOT need my KB so I rejected it as well. And an REJECT access request by McSACore.exe since I don’t know what that is and couldn’t find McSACore on my system. If you don’t mind, I would appreciate a little handholding on these and if their a Rule of Thumb that I can use as to what to allow and what not to allow COMODO access to, it would be a great help?

Do you use McAfee SiteAdvisor? McSACore should be part of it

Regarding Keyboard access right, AFAIK it is triggered also by application that monitor the clipboard.
It could be used also for application that provide keyboard shortcuts combos to their menu functions or abused to log keytrokes.

IIRC Global Hooks access rights might also be triggered by directx games (Dinput.dll) or visual basic applications (msvbvm60.dll or msvbvm50.dll) or mouse/keyboard driver companion softwares.

In some cases Dinput.dll Globalhooks can be abused for keylogging purposes (eg: AKLT DirectX test)

As far I understand some of those actions are featured by windows for legitimate purposes though they can abused for malicious ones as well.

Denying some access rights might prevent the risk of malicious abuses but also restrict some feature of the applications or in some cases prevent them from working.

AFAIK keyboard access right can be reasonably denied also in many legitimate apps.

If you are unsure about something, you can always block the process without ticking the “remember” option. This way if something is obviously broken you don’t need to go in and edit or remove the policy you’ve just created.

So basically, go through the application that made the request and make sure everything works. If not, restart and allow and remember the process. This isn’t 100% foolproof because things like global hooks could cause a loss of functionality that isn’t apparent to the user.

Thanks guys, thanks for your help. Endymion referred to Dinput.dl, msvbvm60.dll or msvbvm50.dll or mouse/keyboard driver companion softwares that might have initiated the Global Hooks request, I don’t believe that any of them apply to my situation and HeffeD said, if in doubt, reject it (but don’t click on the remember option. Good suggestions guys. Thanks, Bob