Is this a concern?

Help for v2
1

First I’d like to say I’m a new Comodo user and am thus far impressed with the program!

However, ahem I am no firewall expert. I dunno if this is obvious or not. Here is my concern:

When setting up Comodo, and allowing this and that program, I’d recieved a suspicious activity warning (I’d made some screenshots, but alas, that’s not gonna happen. I believe the problem is sufficiently explained without them).

The details of this warning state “C:\WINDOWS\system32\WgaTray.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications” carrying a HIGH severity rating for svchost.exe

I didn’t know what wgatray.exe was, but Googled it and determined that it was a normal Windows component and I probably didn’t need to worry.

Now, on the SUMMARY overview, the “Traffic” panel displays two things: System running at 97-99%, and svchost.exe at 1%.

Also, when I check the list of connections, there are four svchost connections. Three are listening, and one is connected to an IP address with a UDP in/out, and is also the only one generating traffic.

I whois’d the IP and it came back as being the IANA. Am I just uneducated? Paranoid?

I just want to be sure, is all. Any help or insight is greatly appreciated

2

You are, just like anybody else, now finding out (thanks to CPF) what is actually happening in your computer. Likely everything you report are normal activities :slight_smile:

so enjoy the power of information and being in control with CPF :slight_smile:

Melih

PS: we are working on getting information on many of the applications so that you don’t have go searching for it. It will take us time.

3

I’d like to show you something.

Open a command window…
Press the “Windows” Key and “R” Key to open the Run window, type “cmd” and press “Enter”

In the command window, type “tasklist /svc” (without the quotes), then press Enter. Alot of information will fill the screen, but just watch the left hand side and look for instances of “svchost.exe”.

What you should find is something quite similar to what I am showing here…

svchost.exe ### AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem, helpsvc, lanmanserver,
lanmanworkstation, Netman, Nla, RasMan,
Schedule, seclogon, SENS, SharedAccess,
ShellHWDetection, srservice, TapiSrv,
Themes, TrkWks, W32Time, winmgmt, wscsvc,
wuauserv, WZCSVC
svchost.exe ### Dnscache
svchost.exe ### LmHosts, RemoteRegistry, WebClient

… and basically what this shows you are all the windows services (and/or other applications) that are using svchost.exe as their “middle man” for communication… so like you said, you have 4 instances… and each one is either listening or talking like you said, and the “programs” hiding behind svchost.exe are now listed for you to see… peek-a-boo :wink:

So what CPF was asking you was… “I have found another application that wants to use svchost.exe for communication”… now wgatray.exe is a bad example, as not everybody loves what MS is doing with this EXE… but let’s pretend that MS is our friend and the communication should be allowed… at least CPF gives us the choice.

The insite and power that Melih was talking about is that you now have knowledge of anything/everything (inclucing viruses, trojans, etc… known and unknown) that want to try get out on their own, or hijack another windows service/application that already has the access it wants… and you can stop it with CPF!

(L)

4

It would be valuable for all CPF users to submit the files of which little or no information is obtainable, suspicious or not, so they can be analyzed and incorporated in CPF. These way users can know what xyz.exe is, and how it should be dealt with.
(L)

5

I believe this is coming in a future release. Stay tuned :wink:

Ewen :slight_smile:

6

latest beta already has this feature.
so Submit us all your files at will :slight_smile:

Melih