Mysterious firewall alerts for process that isn't running

Around once or twice a day, I’ll get a firewall alert for a process that isn’t running.

Usually this is javaw.exe, but sometimes a handful of other random ones.

Usually it’s trying to access my home server on my local LAN, but sometimes it’s trying to get to some CDN or other cloud machine somewhere. I know this because I manually look up the IP addresses sometimes; I wish Comodo provided some kind of link to be able to do this, or at least let me copy the IP address instead of making me manually transcribe it by hand.

I know the process isn’t running because I’ve set Process Monitor to look for javaw.exe and it shows absolutely nothing when these happen. I tried doing this in an effort to retrieve the command line or other process that invoked the supposed process — I wish Comodo would also provide this info for me. Logs don’t give any more info, either.

How can I track down what’s going on here?

1 Like

any luck?
Did you check that the process monitor is set up (via Filters → Event Class ) to also record process events? By default, it might capture only file and registry events? (I don’t remember the defaults, my installation has been too many years ago) :wink:
This tracks among other things

  • when a process is created
  • the creating (the parent) process
  • when DLLs (aka images) are loaded into memory, by what process.
1 Like