.json triggering firewall

Curious · August 12, 2023, 8:41am

My apologies if I have placed this question in the wrong category. I have the freeware version of the Comodo firewall (version 12.2.2.8012). I am using a freeware program PDF24 which is triggering the firewall for temporary .json files that the program creates.

While trying to merge PDF’s, Comodo yields three separate messages regarding the created .json file. The following are the messages I receive:

Message: pdf24-Toolbox.exe is trying to execute cmd_7997296_2116800774.json
Details: pdf24-Toolbox.exe is a safe application. However, the executable cmd_7997296_2116800774.json could not be recognized.

Message: cmd_7997296_2116800774.json is trying to execute conhost.exe
Details: conhost is a safe executable. However the parent application cmd_7997296_2116800774.json could not be recognized. One the application is executed, its parent will have full control over its execution. If cmd_7997296_2116800774.json is one of your everyday application, you can safely allow this request.

Message: cmd_7997296_2116800774.json is trying to access the DNS/RPC Client Service
Details: cmd_7997296_2116800774.json could not be recognized and it is about to access the DNS/RPC Client Service. Windows DNS/RPC Client service allos applications to perform recursive network connections by using the Windows process svchost.exe. If cmd_7997296_2116800774.json is one of your everyday applicaitons, you can safely allow this request.

I was able to locate these .json files and open them with Notepad. For merging PDF files, the file created has the following:

{
“action”: “joinPdfs”,
“inputFiles”: [
“C:\Users\[my computer user folder]\AppData\Local\Temp\PDF24\ebb_3_26047937_2846514222.pdf”,
“C:\Users\[my computer user folder]\AppData\Local\Temp\PDF24\ebb_4_26048031_340020885.pdf”
],
“outputFile”: “C:\Users\[my computer user folder]\AppData\Local\Temp\PDF24\mergePdf_5_26048078_3942879876.pdf”
}

while for editing PDF’s, the .json file has the following:

{
“action”: “listTrueTypeFonts”,
“fontFilesDirs”: [
“C:\WINDOWS\Fonts”,
“C:\Users\[my computer user folder]\AppData\Local\Microsoft\Windows\Fonts”
],
“outputFile”: “C:\Users\[my computer user folder]\AppData\Local\Temp\PDF24\fonts_0_25307609_897590633.json”
}

I am uncertain as to why the firewall is being triggered by these temporary files. The files are uniquely named even if it is the same function (two jobs of editing will yield two uniquely named .json files). I do not know if they represent any kind of security issue.

If these files are not a security risk, I do not know how to classify these files with Comodo to prevent further warnings (options: 1) allow, 2) treat as an installer or updater, 3) treat as a Windows System Application or 4) treat as a Contained Application).

Sorry for the long post and thank you for the help.

1807 · August 12, 2023, 11:28am

Hi Curious thank you for reporting May i know ur HIPS settings whether is on Safe Mode/Paranoid Mode or Training Mode.and do you have any other security software other then CIS.Kindly provide us the PDF24 official download page and PDF24 version so we can look further.

Thanks 1807

Curious · August 12, 2023, 2:13pm

Thank you for your assistance.

HIPS mode is on Safe Mode. I have Avast Antivirus (freeware version) running in the background. Malwarebytes (freeware) and SUPERAntiSpyware (freeware) on demand. I have an antimalware subscription associated with my router from Gryphon.

https://tools.pdf24.org/en/creator

1807 · August 12, 2023, 2:44pm

Hi Curious kindly Uninstall any other security product because it may inflect and try again if there are issues kindly contact us again

Thanks 1807.

Curious · August 13, 2023, 5:55am

I uninstalled the programs on my computer and the firewall still gets triggered by the program with the same messages.

Are these uniquely named temporary .json files generated from PDF24 represent a security risk when the program is determined to be a “safe application”?

If these files are not a security threat, what setting should I select and remember to prevent notification (ie. allow, treat as an installer or updater, Windows System Application or Contained Application)?

Thank you once again for your assistance.

1807 · August 13, 2023, 6:23am

Hi Curious if HIPS alert pops up hit Allow if you think its a safe application

Thanks 1807

C.O.M.O.D.O_RT · August 14, 2023, 9:20am

Hi Curious,

Thank you for reporting.
We do not recommed customers to run multiple security softwares simultaneously as it causes compatibility issues, BSOD, crash…etc.
Kindly uninstall the other security software and check.
Let us know your feedback.

Thanks
C.O.M.O.D.O RT

Curious · August 14, 2023, 8:12pm

At the suggestion of 1807, I did uninstall the other programs and found that the problem still triggered the firewall. PDF24 itself didn’t trigger the alert. It was the resultant .json file that was created that seems to trigger the firewall three separate times while trying to merge PDF files (please see above).

Curious · August 14, 2023, 8:16pm

Thanks 1807. I can only go by the initial indication from Comodo labeling PDF24 as a safe app. Prior to uninstalling the security software, both Avast Antivirus Free and MalwareBytes Free scans were performed without any warnings. The question is if the resultant .json file safe? How do I determine if the resultant .json files created by PDF24 are safe to allow Comodo firewall to overlook these files in the future?

Thanks again.

1807 · August 14, 2023, 8:22pm

Hi Curious you can Submit the file to Comodo/Xcitium for Analysis

Thanks 1807

Curious · August 14, 2023, 9:03pm

How do I submit the file? Are you referring to the .json file or the was the link to PDF24 sufficient?

Thank you.

1807 · August 14, 2023, 9:14pm

Hi Curious the json file submit it to Comodo/Xcitium and we will look further and rate it

Thanks 1807

Curious · August 14, 2023, 9:33pm

My apologies. How do I submit to Comodo/Xcitium? I didn’t see an option on the program itself.

1807 · August 14, 2023, 9:36pm

Hi Curious go to Tasks,Advanced Tasks and here you will see Submit Files

Submit the file to us and we will rate it

Thanks 1807
Best Regards Xcitium Team

Curious · August 14, 2023, 10:23pm

I have attempted to send the files, but after two tries, both files failed to upload. No warnings given from my computer, only from Comodo program. The error message from Comodo was “Failed(0x80004005) - Unspecified error”.

1807 · August 15, 2023, 6:25am

Hi Curious could you send us the .json file so we can look further and rate it.

Thanks 1807
Best Regards Xcitium Team

Curious · August 15, 2023, 1:23pm

I have tried to send in the file, but got the “unspecified error”. Is there another way to send in the file? Thank you.

1807 · August 15, 2023, 1:25pm

Hi Curious send us the file here and we will download it and look into it.

Thanks 1807
Best Regards Xcitium Team

Curious · August 15, 2023, 4:19pm

json files.zip (724 Bytes)

I had to zip the files because the json files were not supported. I tried to send the zip file, but that also failed with an unspecified error.

1807 · August 15, 2023, 4:21pm

Hi Curious Thank you for sharing us the json file we will check it and rate it.

Thanks 1807
Best Regards Xcitium Team