I have a couple of questions. CFW is installed at home, and I am writing this from work so please bear with me, as I am trying to remember all of the details.
I don’t remember hitting allow for MS Outlook, and I can’t find anything in the rules to allow or block it. How does the firewall know about Outlook? If I did hit allow before, where can I find the rule?
I run xplorer2 for managing my files. I had an alert that xplorer2 modified internet explorer in memory? I think that was the message. What does that mean?
I also run Opera, and noticed that after I exit Opera, it keeps a port open? Does that sound right?
Thank you for your help. I will try to follow up from home, while I have the program running in front of me.
I can assist on question 2. Internet Explorer is an integrated shell, which is in turn part of the Windows Explorer shell. When a process is modified in memory, what that means is a process has accessed and changed stored variables in a memory address currently held by another process in one of the four memory types (CPU registers, CPU cache, RAM and HDD page files).
This can be a legit thing, but it can also be malware getting down and dirty with your OS. The question is what were you doing at the time you got the message - that is the only thing which you can use to determine if the action was legit. There is also a possibility that xplorer2 could contain malware or perhaps just a bug somewhere (don’t know, haven’t used it before).
For question 1. CPF has a database of known and verified products. It is possible that Outlook is in there, i can’t really say otherwise, because i use Pegasus mail. Mainly because it doesn’t use the Trident engine that Internet Explorer and Outlook use, so it makes emails safer and less prone to vulnerabilities.
Again, no idea on Opera, i use FireFox. But i would say leaving a port open doesn’t sound right.
For question 1: Yes, Outlook is in Comodo’s SafeList (if you look at the “details” section of the Application Monitor rule for Outlook, you’ll see it’s marked as “SAFE”). Scanning for known applications will automatically add it in there. Otherwise, on running the application, it will automatically be approved if you have not gone to Security/Advanced/Miscellaneous and unchecked the 2nd box, for “Do not show alerts for applications certified by Comodo.”
For question 2: Well, Rucia’s already answered that question most excellently…
For question 3: I’d do some more looking into that… Are you seeing that in the Activity/Connections tab of CPF? Does it happen every time (could’ve been Opera updating, perhaps…)? Have you used any program (TCP View, FPort, Port Query, etc) to verify the state of the port, and what’s using it?
