I’m new to CPF… just installed version 2.4 actually. I read the help file that came with CPF, but I’m still having a hard time understanding how alerts work.
In the help file, under types of alerts, there was a example of an application… iexplore.exe trying to connect to the internet… and the parent application was ghost.exe (malicious program).
If I was to deny and ticked remember, am I denying IE or Ghost? Or am I denying the IE / Ghost combination?
Also in the help file, under types of alerts, is another example… iexplore.exe is the application and tooleaky.exe is the parent application, but the security consideration mentioned PCFlank.exe tried to use iexplore.exe to connect to the internet. Huh?
Was tooleaky.exe instructing IE to connect or was it PCFlank.exe instructing IE to connect? I don’t get it.
A search for alerts comes up with about 14 pages, too much for me to troll through.
The basic thing with any firewall alerts is do you know the program wanting to connect.
“In the help file, under types of alerts, there was a example of an application… iexplore.exe trying to connect to the internet… and the parent application was ghost.exe (malicious program).
If I was to deny and ticked remember, am I denying IE or Ghost? Or am I denying the IE / Ghost combination?”
IE is a safe program. On installation you have comodo scan for known apps. It will set up a rule for IE with explorer as the parent (this is the way it should be). IE can access the net. Ghost.exe is malware. For it to do its work it needs to go through IE. When you deny this you are stopping ghost from hijacking IE. It will not affect you using IE to browse the net.
One of the experts might be able to explain this better.