comodo firewall blocked the following 180 times
C;/VTRoot/HardiskVolume4/programfiles(x86)/comodoicedragon/icedragon.exe
i have norton and mwb running now, and both so far are clean.
The VTRoot folder is the folder used by the Comodo Sandbox.
What alerts are you witnessing in the logs? Memory access attempts?
Hi Eric!
First of all, I just wanted to mention that it is vt root volume 4. i thought sandbox was volume 1?
secondly, comodo blocked 219 of the same thing, before i unplugged the router and modem, and it stopped.
lastly, they were indeed access memory alerts. The target was to the system. The last alert was different though the target was to c/programfiles/comodo/comodoInternetSecurity/cmdagent.exe
so does everything sound normal?
btw,how do i know if my fireall is updated properly? i never get alerts for anything because of my configuration, so i never get update alerts…but i went to the update tab on the home screen, and it said im up to date, but i still have doubts, as i never did it. is there any way to see further?
The volume number is according to what number Windows assigned to that partition.
secondly, comodo blocked 219 of the same thing, before i unplugged the router and modem, and it stopped.Are you referring to the (network) Firewall logs or Defense+ logs?
lastly, they were indeed access memory alerts. The target was to the system. The last alert was different though the target was to c/programfiles/comodo/comodoInternetSecurity/cmdagent.exe so does everything sound normal?This is normal. What you are witnessing is the self protection of CIS at work.
btw,how do i know if my fireall is updated properly? i never get alerts for anything because of my configuration, so i never get update alerts...but i went to the update tab on the home screen, and it said im up to date, but i still have doubts, as i never did it. is there any way to see further?The latest version is 6.3.302093.2976. When you are using v5.x you won't get an update alert because Comodo still has not decided to bring those users up to speed.
If you want to update from v5.x to v6.3 you can use the updater installer as provided in COMODO Internet Security 6.3.302093.2976 Released!.
I actually am using the 6.32796 version. I dont know if that is the software version or the database/definitions version. how do i know that comodo has the latest definitions?
ok so it sounds like everything is normal right? not sure why it kept blocking it though, any ideas?
thanks eric.
You can always run the av updater manually or check Comodo Anti Malware Database Latest Version & Additions 2023 .
ok so it sounds like everything is normal right? not sure why it kept blocking it though, any ideas?The self protection does not allow any process to access CIS (and other protected) executables in memory. It is regardless whether a file is trusted or not. That’s why it keeps on registering it. That way CIS will stay protected even when trusted executables have gotten compromised.thanks eric.
On a side note one could argue that executables that keep on trying to get memory access without noticing they are not getting it are not properly written; the answer is not and does not change so why keep on asking?
thanks for the reply, but i dont understand your answer. maybe im slow.
what does ‘‘the answer is not’’ mean? im not trying to keep asking the same thing, just wanted to make sure that it wasn’t a root disk, and that it was not something to be concerned with/completely normal. that’s all im trying to find out. i was concerned it was a hacker.
regarding the manual update, as I stated earlier, iclick the update button, and it says im up to date, but it doesnt show me the definition version. all i see is the software version of 6.3 etc.
thanks again!
That comment was meant as a side step and is not directly related to your question. In my I wondered why a program would to try to keep on repeating a request when it is not allowed.
just wanted to make sure that it wasn't a root disk, and that it was not something to be concerned with/completely normal. that's all im trying to find out. i was concerned it was a hacker.I assume when you say root disk you mean rootkit. The message "C;/VTRoot/HardiskVolume4/programfiles(x86)/comodoicedragon/icedragon.exe" is expected behaviour. It is not a sign of being infected with a rootkit or otherwise.
regarding the manual update, as I stated earlier, iclick the update button, and it says im up to date, but it doesnt show me the definition version. all i see is the software version of 6.3 etc.To see the database version that is loaded click on the question mark (it is towards the upper right corner) and choose About. You will then see what database is used.thanks again!