Hi all, CFW incorrectly determines which process is communicating.
I downloaded big files from browser (Firefox). Comodo’s “View Connections” says AvastUI.exe was downloading it. What the hell?
This is not the first time. Comodo repeatedly alerts various processes (Minesweeper.exe, notepad.exe, or even Windows Operating System) are trying to connect to the Internet, while it is indeed from other process (mostly browsers). I’m sure for that, as blocking these accesses ruins browsing.
Does anyone have similar issues?
Windows 10 2004 x64 (clean installed a few days ago)
Comodo Internet Security 188.8.131.5236
Firewall - Custom Ruleset, Alert frequency level set to Very High
Doesn’t avast web shield make it so all web browser connections go through an avast process? Otherwise I would say it is an incompatibility issue with having another 3rd party security software installed alongside CIS. If you complete remove avast does it still happen?
Recently I reinstalled Windows 10 expecting to solve many issues I had (including this) and yes, same things happen without Avast. So I decided to post it here. Screenshot is just taken after Avast installation.
And AavstUI.exe is just an UI process. Its scanning engine is called AvastSvc.exe or aswEngSrv.exe, not AvastUI.exe.
OK I think I found a possible conflict, between CFW and a local proxy software called Proxydomo (you can see its name on first post screenshot).
Proxydomo is a local proxy and I set my Firefox to send most connections toward it, to filter ad, modify pages and so on.
(“Filter loopback traffic” on Advanced settings is enabled here)
I verified CFW “View connections” correctly shows connection source if I stop using proxy.
I also verified this might be caused by “async connection” introduced in Proxydomo v1.102 and v1.103, as when using v1.101 “View connections” seems working correctly.
It seems this “async connection” thingy effectively blinds CFW from seeing connection details.
Could malwares use same technique to bypass CFW? Maybe?
Edit: happening with Proxydomo v1.107, not with v1.110 (current latest)
It seems there is other conflicts than Proxydomo, I encounter similar situation even without it although frequency is lower. :-\