HIPS pop-up alert mentioned that: OfficeClickToRun.exe located at C:\Program Files\Common Files\Microsoft shared\ClickToRun\Updates\16.0.19328.20158\ could not be recognized and suggests that “You must make sure the .exe is a safe application before allowing this request”. (Please see picture below).
Clicking on OfficeClickToRun.exe, in the HIPS pop-up alerts, opens another pop-up saying “Windows cannot find…” the file that HIPS blocked.
Since there seems to be no temporary folder for unrecognized .exe associated with CIS, just like there is for scripts (C:\ProgramData\Comodo\Cis\tempscrpt), and that in this case, the .exe file would possibly be deleted without fulfilling all of its roles: could HIPS be updated to retrieve the SHA256 (or other hash of the file) of unrecognized files and check it against a database to help the user decide in such circumstances (and in a timely manner) whether the .exe file should be trusted?
Thanks for the reply both EricCryptid and Gene. To provide more information, when clicking on CIS “Blocked Applications” we can see the .exe that was blocked by the HIPS alert, but right-clicking it won’t allow to display info about the file as “File Details” is greyed out. (Please see picture below).
Thus, in this case, how the user can validate info about the file via HASH comparison on VirusTotal for example (or Valkyrie Verdict) if the blocked file cannot be located?
The program has no visible window.… OfficeClickToRun.exe is able to record keyboard and mouse inputs and monitor applications. Therefore the technical security rating is 5% dangerous ; but you should also compare this rating with the user reviews.
My security provider is Comodo and it’s alerting me of the “clicktorun.exe” program trying to modify a protected file or directory. I don’t know what that means. Should I allow it or block it? The reason why I have this installed is because I suspect my pc to be infected with malware or viruses. Please help. Should I delete “Officeclicktorun.exe”?
Anonymous:
Feb 4, 2024, 8:01 AM
officeclicktorun.exe is part of Office and should m=not be blocked. One of its functions is to check for Office updates.
Those steps can help once the user know that the file is clean; until the file can be uploaded to VirusTotal or Valkyrie Verdict or have its hash compared to confirm its authenticity, these steps are one step ahead…
