OLE Automation alert when switching between apps [Resolved]

I actually have three issues, but I’m going to separate them out and do one at a time. Here’s my data as requested in the “How to Post” post:

  • Version of Comodo Firewall Pro: 2.4.18.184
  • Internet connection type: DSL Modem, single computer connected, no router.
  • OS/SP: Windows XP SP 2
  • How you are logging in to the OS (Admin, User): Admin
  • Other Security applications installed: AVG Anti-Virus Free Edition
  • Security related applications removed/disabled before installing CFP: Norton PF, Norton AV (both uninstalled), Windows Firewall (disabled)
  • Security related application which have been removed/disabled after installing CFP: None (may have disabled Windows Firewall after install—don’t remember).
  • Detail the problem, such as which applications are running when you have the problem: See below
  • Please inform us if you have created any custom rules: Yes, two Network Control Rules and an Application Rule: Created a trusted zone for a VPN I use to move files to and from the LAN at work, allowing IP in and IP out to the zone (these are the two Network Control Rules), and a rule to block TCP/UDP In or Out from Winword.exe, because I kept getting erroneous OLE Automation Alerts about it (see below). Incidentally, I’m using Word 97 and Excel 97.

I’m a noob, don’t really know what I’m doing, just trying to figure this out as I go. Have tried reading the FAQs and the Tutorials. Either I don’t understand what they’re about, or they don’t apply to me, or—usually—both.

OK, here’s my first problem:

Sometimes when I have Firefox open, then use a different application (e.g. Excel, Word), then go back to Firefox, Comodo pops up an alert that the other app (Excel, Word, etc.) is trying to access the Internet through OLE Automation. This is clearly not a case of the one app calling the other, unless I’m a lot more confused than I think (always possible), since all I’ve done is activate one window and then gone back to the other. I’ve read the FAQs on OLE Automation and they do not seem to address this specific problem. I believe I saw mention of it somewhere but no indication of how to deal with it. I am aware that there are issues when one app calls another and uses it to connect; however, as I say, this is pretty clearly not what’s happening here.

I’m at a loss as to what to tell CFP to do, because all choices seem wrong: Blocking is wrong because it ends up terminating my connection to the Internet and I have to restart repeatedly, to get it back. I think I had to mess around with rules some too, which is why I ended up creating that one rule for Word. Allowing and remembering is wrong because what if later some malware uses the same app to connect? Allowing and not remembering is wrong because I have to keep clicking through alerts. It’s all wrong because it’s based on an erroneous analysis of what is going on. I think.

Your help appreciated…

I know there are posts that address your question, as it’s at the core of the whole OLE issue. However, I don’t feel like taking the time to search them out… :wink:

All this has to do with communication behind the scenes, which is perfectly normal. Doesn’t mean one app is controlling another, or necessarily accessing the internet. However, this behavior can be exploited/used by malware.

The rule of thumb from the developers is that if you recognize both applications (ie, Firefox and Word) it is safe to Allow w/Remember so that you won’t see that specific alert again. The ONLY time to be concerned is if you don’t recognize one of the applications; this could mean that some malware is trying to exploit this type of inter-process communication. Then you would want to Deny and start searching for more info.

If both applications are on Comodo’s encrypted safelist, you won’t see these alerts. If one or both are not on the safelist, you will. CFP 2.4’s safelist is not very large; v3 will definitely make significant improvements in this area, to minimize these types of confusing popups.

Hope that helps,

LM

Great, that explains that one. Thanks very much. Appreciate your going over it again.

I’ll post my next question when I have a moment.

No problem; glad that helped.

I’ll mark the thread as Resolved and close it. If your other question is related, or you otherwise need the thread reopened, just PM a Moderator (please include a link back here) and we’ll be glad to do so.

LM