Is there any way to block programs from acessing svchost.exe? The programs that try to go through it are fairly common programs such as Acrobat reader and WinRAR, and other programs that I can find no substitue for.
Once I choose to block these attempts, my entire internet connection is lost and the only way I have found to start it back up is to restart my whole system.
Can anybody tell me if there is a way to stop the program at the source instead of stopping svchost completely? Or is there any way to restart my connection after successfully blocking svchost.exe with comodo without letting the program connect to the internet through it?
Current version does not have an option to block these requests before it happens. But it will be in the future versions.
As a workaround, you can allow and remember common applications like adobe etc. CPF wont even ask about such safe applications if auto approve safe is enabled.
(:SAD) CPF seems to have a memory problem when it comes to applications and svchost.exe.
Like the poster above, I find CPF noting suspicious behavior in the logs and then “Application access denied” – but the logs do NOT identify which application has brought my internet connection to a halt – just that not very informative notation about svchost.exe. I can’t seem to have an unattended download – CPF wants me to sit here and repeatedly answer yes to the popups (and yes, I AM checking for it to remember.).
If I walk away for a few minutes and come back only to find my internet connection frozen and a long list of svchost notations on the log, but I can’t find which application is involved or how to check yes and remember short of being nailed to the chair and staring at the screen waiting for the next popup. Is there no way to go back to a popup you missed (or weren’t fast enough to answer) in order to provide the needed intervention? Am seriously considering going back to my old firewall since it didn’t require so much babysitting!
You can always go and disable Security->Advanced->Monitor COM/OLE Requests option or alternatively, enable Security->Advanced->Automatically approve safe applications option.
Unfortunately, without activating Security->Advanced->Automatically approve safe applications option you will have to answer every question CPF asks.
Try disabling Security->Advanced->Monitor COM/OLE Requests option at worst.
OK, but doesn’t doing that leave me wide open to real threats?
I think maybe you are missing my points.
Is there no way to go back to a missed popup? If not, is this going to be changed in the future? When?
Why don’t the logs show specifically which program caused the svchost suspicious behavior, or am I not looking in the right place? Am I missing something, or are these real issues that ought to be addressed?
Don’t get me wrong – I want a secure environment – just not one that requires my undivided attention ALL THE TIME!
Ummm…I’m not entirely sure but I think I’m having the same problem. Any program that I deny internet access to while I’m online results in losing ALL internet browser function, and I have to restart and log on again to correct it. The leak tests, for example. After I deny the test thingy popup I can’t move to any other site or page, it comes up can’t find server. I wouldn’t want to leave the OLE monitor disabled all the time, would I? (I already have the browser as a safe application.)
you should be able to see the corresponding log and explanation in the Logs section. Especially application behavior analysis logs are always there. For example for svchost.exe, you must find a log entry stating something like “c:\windows\winauctl.exe has tried to use svchost.exe through OLE automation”.
Things got even more weird on Saturday night when I found ALL access to the internet blocked, even my email (Thunderbird) came back with server not found errors. Rebooting did NOT get me back on the Web.
Thought maybe it was my ISP, but after having me right click on local connections and repair only to have it immediately come back with a failure citing that ip address could not be renewed, they suggested re-installing Windows XP. Not wanting that time-consuming hassle, I tried everything else I could think of, checking CPL’s logs and again, found no way to bring back a popup to give it an answer, which has been my question all along.
Even tried using Windows restore and it failed no matter which restore point I checked.
No internet all Sunday although my daughter’s wireless connection through same modem/router was OK. Uninstalled CPL and went back to Zone Alarm but only got two intermittent connections that soon gave me “Server not found” errors. This morining everything works fine with Zone Alarm so far (two hours and counting). This has got to be the strangest experience I have ever had with Windows. Am not positive that it was Comodo – but the only thing different is the absence of CPL as far as I can tell.
At least for now I will NOT be using Comodo. Thought you at least deserved to know why.