Hundreds of log entries from a few apps

The log file is filled up with hundreds of log entries for the same alert “Access Memory” with a target cfp.exe from a few applications:

  • Roboform (robotaskbaricon.exe)
  • dllhost.exe
  • werfault.exe
  • WinPatrol.exes

Anything I can do about these? They are all already trusted applications.

Can CIS be configured to silently ignore these types of “Access Memory” against its own files or at least just log them once not hundreds of times?

  • Roboform (robotaskbaricon.exe) - is this exe file here: C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe. This can be a spyware…
  • dllhost.exe
  • werfault.exe - click here for info
  • WinPatrol.exes I suggest you uninstall it; it unwise to have two HIPS components.

there is away but I want to know if dllhost is safe and roboform; give program access memory can make you vulnerable to attacks and infections

I would appreciate if you could scan with malwarebytes and superantispyware

Regards,
Valentin N

Roboform isn’t spyware… 88)

The machine is clean, scanned with Malwarebytes, Hitman Pro and Superantispyware. In fact it’s a very clean install only a couple of days old. And it has MSE running on it (real-time a/v in Comodo is turned off as it doesn’t work as advertised but that’s another story posted in other threads).

WinPatrol is not really HIPS and I am not uninstalling it, it’s useful to me in other ways.

Roboform is not spyware, I’ve been using it for many years.

Here is explained how to stop logging Access Memory events in Defense+ for WinPatrol. Follow these steps for every application you want and know it is safe; just change Application Path.

Solution

1) CIS → Defense+ → Computer Security Policy → Protected Files and Folders → Groups → Add → New Group…(give this group a name). Now click once on “add files here” and Add then Add → Select Fromand → Browse… and add find the wanted folder

2) CIS → Defense+ → Computer Security Policy → select Comodo Internet Securiy and press edit → Customize → Interprocess Memory Accesses → Modify → Add → File Groups → select the wanted group.

Regards,
Valentin N

Thanks, I’ll give it a try.

Unfortunately this is not working for me. I tried via a File Group and also adding the applications directly, without the File Group. I’m sure the paths the exe’s are correct as I picked them via the Running Processes I didn’t type them in. I still see the same log entries coming in.

Ah, it works, but there’s a typo in step 2. It should be added under the “Protection Settings” tab, not under “Access Rights”.

2) CIS --> Defense+ --> Computer Security Policy --> select Comodo Internet Securiy and press edit --> Customize --> Protection Settings tab --> Interprocess Memory Accesses --> Modify --> Add --> File Groups --> select the wanted group.

Sorry it’s “Access rights”

Regards,
Valentin N

No, it needs to go under Protection Settings. Try it. Look at this post too.

It makes sense: Access Rights is for what other software CIS can access. Protection Settings is what CIS is protected from. See the help page, it’s all explained there.

Thanks :slight_smile: