First of all, let me say you that I’m far from being an expert in Firewalls, so I´m sorry for the (probably) dumb question;)
I usually have a lot of events in the Proactive Defense events list. Normally they are always the same (explorer.exe, realplayer.exe, etc) and they try to “access memory” (the target is almost always cmdagent.exe). I know that it´s possible to “hide” these events, but that´s not my question right now.
However, yesterday I checked the events list and I saw 5 events in about 1 hour in which iexplore.exe (not explorer.exe!) was blocked. Is it normal? What can have caused these events? I´m asking this beacuse I check often the events list and it´s the first time I see iexplore.exe being blocked.
I didn´t notice nothing different in the internet explorer, so it´s just to know of this is a normal situation or not.
I realized that the behavior I described before also happens with Mozilla Firefox, since I began using Mozilla Firefox and a saw a few events in the Defense+ Events list with C:\Programs\Mozilla Firefox\firefox.exe trying to Access Memory. The target was, once again, C:\Programs\COMODO\COMODO Internet Security\cmdagent.exe.
So, I believe that this is being caused by some particular websites (not a lot of them, since these events are not so commom) that, for some reason, make the web browser act like this.
Should I be worried or has this some kind of “normal explanation”? I confess I don´t know what these events really mean, so I´m waiting for your help:)
What you are seeing is the self protection of CIS. It is nothing to worry about even though some program keep on trying to access CIS (and every other program loaded in memory). According to some those programs can be accused of using sloppy programming techniques.
Is it normal to try to access memory of cmdagent.exe by iexplore.exe hundreds of times in one minute by making thousands of defense+ logs every power-on?
As mentioned in my previous post, like the guy I linked, even though I closed iexplore but one wierd iexplore.exe is still alive and consuming CPU resource as well as trying to touch cmdagent.exe by leaving thousands of logs continuously.
I’m periodically checking running process list to find out that wicked iexplore.exe to kill it. Haven’t found out when it appeared yet.
As I know, this began to happen recently in my case, as i’ve checked CPU resource & process list periodically since 5 years ago.
If IE is running in the background even when you closed it then there is a BHO or so using IE engine. That could be a phone home module from a regular program (typically from an OEM like HP, Dell etc) or a malware.
You mention it started recently. Did you recently install a driver or new application?
Try scanning with the following scanners to see if you’re infected:
Hitman Pro
Malwarebytes Anti Malware
Super Antispyware
Go to Defense±>Computer Security Policy. scroll down and select Comodo Internet Security, click Edit. Click Customize. Click Protection Settings.
On the line, ‘Interprocess Memory Access’, click Modify.
Click Add->Browse. Find IExplore.exe (program files, x86 if you have x64 running) and single click it. click the right arrow button to place it on the right panel.
Click Apply, Apply, Ok, Apply, Ok.
This will add an exception so that IE will stop logging memory access issues in your Defense+ logs.
Use this method with other [valid] applications as well (such as Logitech and printer programs).
For now focus on the malware scanning to see if your system is infected or not.
As to why I don’t agree with John in this particular case hastwo reasons. Your system could be infected and opening up CIS to an infected IE is a dangerous proposition. Second I am not sure IE in normal operation hammers for memory access like it does with you; that means the solution would not be needed if it is the result of malware.
Allowing a program memory access to CIS files is always a bit risky and allowing a browser to do so is more than a bit risky.
Sorry, Eric. I was responding to serghy25. yes, you are right, Browsers should not be accessing CIS memory to start with (an indication something is wrong here). There are programs that need to be exceptions for CIS memory access, I listed those I have running.
