each time I run a virus scan with “Malwarebytes” I get a blocked intrusion logged in comodo despite that Mbam is already trusted, the log say it tried to “access memory” I also have another application called “SMS sender” by Microsoft that get logged there in ‘access memory’ despite being trusted and it’s annoying because I keep an eye on that log (the number shown on the main comodo GUI) and if I see a blocked intrusion I want to see only real intrusions and not false positives, can I add these two applications to some list of REALLY IGNORED applications? thanks!
What you’re seeing is the self-defense of CIS, the process you mentioned is trying to access the memory of cmdagent.exe which is a process of CIS - Suspicious behavior from an SMS sender if you ask me.
You can’t stop the action from being logged however you could set up CIS to allow the SMS sender application to access the Comodo process in memory (not recommended) or when checking the logs you could filter out the event in question, although that is only temporary.
thank you Sanya, yes I agree it’s suspicious I mean why does it have to bother with Comodo at all? It’s a simple application which I use to send sms over bluetooth through my mobile phone…
is there a way I could figure out what “SMS sender” actually want from the cmdagent.exe? why does it want to access it’s memory?
also when I run a scan with Malwarebytes I get the same issue but with Malwarebytes I fully trust it, so if you don’t mind to explain I would like to know how to “set up CIS to allow the SMS sender application to access the Comodo process in memory”
so I can use this method at least to allow Mbam…
and thanks again
BTW Sanya I was thinking, could the suspicious behaviour of “Sms sender” have to do something with me having to run this application in "Windows xp compatibility "? I’m in windows 7 64 bit but “Sms sender” is an old application that would not work on windows 7 so I run it in “Windows xp mode”… maybe it causes problems with Comodo?
I tried it and it worked,
but now I kind a got worried because I don’t know for sure what “Microsoft SMS Sender” wants to REALLY do with my computer and so I decided after all to keep blocking it despite the annoyance of seeing it logged in Comodo…
I’m not sure about compatibility mode, I don’t really know what that does in practice, maybe it has something to do with it but then again maybe not. I can’t think of any reason the SMS sender would have to access the memory of the process. I’m not sure if you can figure out what the SMS sender actually wants to do, I guess you could with a third party application but you can’t with CIS and I don’t know what those third party applications would be.
For MBAM I would assume that it’s the module that scans the memory, I would assume that MBAM would try to scan the memory of cmdagent.exe (and all other processes loaded into memory) but the CIS self-defense would block it and log it. You can use the method you found in the other thread to allow MBAM but generally I would suggest against adding anything to the exclusions there if possible, but you may of course do what you want.
thank you yes after all I think i’ll just stick with the default comodo setting which is to block these, just to be on the safe side…
I mean what if Mbam get exploited by malware or some other scenario as such? thanks for everything Sanya