A person I know has accidentally blocked some processes which use the file Shell.dll.
I have found that by disabling the Defense (not antivirus or firewall), that the processes are able to execute normally.
How can Comodo Defense rules be “unlearned”?
I am trying to save him the hassle of re-training the program.
Defense+ → My security policy
You should be able to remove the rules manually from there… Hope this helps.
Just so that I have an idea once I get to his PC, what will the rule look like for the Windows XP Add/Remove Programs app attempting to execute Shell.dll to run?
I’m asking because I am looking at my list of rules, and I’m not exactly sure which system event that would fall under. The system apps are grayed out on my list, and don’t seem to be editable.
Hello, If running in safe mode it should use comodo’s white list and that should make that file allowed by default.
Shell.dll is not run when you use add\remove programs (run32dll.exe is though) Maybe it’s more application specific. As I do not recall ever having an alert for shell.dll.
Can someone else please pitch in?
You must have either XP or a 32-bit OS, as my Vista x64 only shows Shell32.dll. This is associated with many apps (including svchost.exe).
You will have to look at the D+ rules (Defense+/Advanced/Computer Security Policy) to see what is blocked and decide if it is incorrectly blocked or not.
Alternately, you can remove (from the rule list) the programs that are blocked, and next time they are run, a new alert will be generated which can be answered accordingly.