Modified in Memory

I am trying a Task Manager replacement and now receive High Security Alerts that DTaskManager is modifying explorer.exe in memory. I’m not really concerned about the legitimacy of DTaskMan but it is classified as exhibiting potential bad behavior. It appears to be trying to connect to my hosts file. Is that correct? If so, should I not be concerned and remember and allow?

I selected to have it replace Windows Task Manager and it was downloaded from Dimio Software .

More generally, is it usually OK to allow trusted programs that modify something in memory?

Thank You

[attachment deleted by admin]

If the program is trusted and the MD5 Hash matches the download. I would allow it.

cheers, rotty

As a general rule of thumb, most apps won’t modify another unless they are a low level utility that accesses the system by hooking itno another system app, like explorer.exe. These low level apps can be, like yours, a replacement task manager, a third party defrag or undelete utility etc.

On the other hand, malware can hook goods apps and use them for bad purposes.

Whether this is a good app or a bad app, CPF doesn’t know, so it alerts you that a particular type of activity is taking place. The onus of responsibility falls back on you to decide.

It comes down to being able to make an informed decision about your system. Step 1 is information. Is this report the result of something you have consciously decided to run? Do you know the application referred to in the alert?

If you don’t feel comfortable, click BLOCK but don’t click REMEMBER. This will give you the chance to check the app out and make a better decision next time.

Hope this helps,
Ewen :slight_smile:

Rotty

Thanks. I have heard this advise about checking that MD5 Hashes match before but have not done so because I don’t know how. I better stop being lazy and get to it. Thanks for the nudge. Off to Google …

panic

The advise you gave is very much appreciated. It is pretty much what I thought but I’m new to Comodo and I needed a little “hand holding” I guess. Your post was very easy to follow and more importantly easy to understand.

Thanks

Rotty,

This is what I came up with:

A MD5 Hash is provided at the site the download is from. Security programs often use a MD5 Hash while many other programs do not.

Download the program and copy the MD5 Hash if it has one somewhere.

Use a tool such as “MD5 Checksum Tool” from http://www.mgillespie.plus.com/ to compare the previously copied checksum from the download site and the downloaded program Before installing. If they match you are certain the download is legit.

Do I got it?

What MD5 Checksum Tool do you recommend?

Thanks

LOL, ok well you caught me, i actually never check MD5 sums either. It is a good idea but i don’t do it )-:. But if i were in your situation where the program was doing something low-level i would. Maybe someone can post a good MD5 checker, as i would like to know a good one too (-:

cheers, rotty

Well Rotty, thats just too funny.LOL It is super easy to check and the tool is only a few KB. What’s even funnier is that while looking for the settup video for someone in FAQ I found “Do Packet Checksum Verification” - Should I Use It? https://forums.comodo.com/index.php/topic,2305.0.html

It is not the same thing but useful info nuntheless.

Yes, i am familiar with how they work, what they are used for etc. I have never had to use one, so i don’t know what the “Best” hash checker is.

cheers, rotty