I recently updated winxp manually, it had been a long time since my last update (approx 5 months). After the update i began having problems with kernel32.dll and explorer.exe. From the research i gathered kernel32.dll had been changed during the update and my AV kept bringing this up because i hadn’t verified the changes. Are there any ways to verify windows made theses changes? I dont want to tell my AV every things cool and to accept the changes if kernel32.dll has been modified in a harmful way.
To my comodo firewall question, this issue occurs when starting mozilla after the update. On opening mozilla a comodo message appears that reads something like this (next time it happens i will record the exact message and edit this post) explorer.exe is trying to use explorer.exe to connect to the internet this may be a global hook which could be used as a key logger. I had no choice but to allow the action (mozilla wouldn’t connect to the net otherwise) to get to this forum (left remember my action box unchecked), but when i closed and reopened mozilla the message didn’t appear, as mentioned above i will type the message word for word next time i see it but for now I’m hoping someone knows what i am talking about and can provide some answers.
In CF application monitor i had 4 boxes containing mozilla rules, i have removed two of them that had explorer.exe as mozilla parent application (presumably added during xp’s upgrades?) is this the same as blocking them? Or do i need to add the mozilla/explorer.exe rules again and select “block” for explorer to be denied assess as a parent.
Thanks for reading.
EDIT: Now when opening mozilla i get a “mozilla firefox is trying to act as a server” message from comodo firewall, I’m searching the forums now for some related threads.
This is a normal behavior of explorer.exe, and yes, it’s difficult to use Firefox without allowing it because that’s the way CPF works. I’ve also wished many times that I could block explorer.exe’s attempts to use Firefox for internet access, but I think it’s harmless so you can allow it.
Removing a rule is not the same as blocking. It’s not like allowing, either. CPF will just ask you again if the same scenario occurs again. To really block, you should add a rule like you suggest, either manually, or - which may be easier - wait for an alert from CPF and let it create the rule as you click “deny”. But, as I wrote above (and you wrote yourself), this will block the Firefox browser.
As for your Windows update issue, I have no answer, but remember that antivirus software sometimes generate false positives. If you made a proper update from Microsoft’s servers, this could be the case, but please don’t hold me on that one.
