OLE Automation warnings

I keep getting several of these alerts:

Date/Time :2007-02-14 04:11:50
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\Windows\explorer.exe
Protocol: TCP Out
Destination: ###.###.###.###::http(80)
Details: C:\Program Files\Maxthon2\Maxthon.exe has tried to use the Parent application C:\Windows\explorer.exe through OLE Automation, which can be used to hijack other applications.

I guess I can create a rule for these but I want to know what exactly this is warning me about. My confusion is what is Maxthon using OLE have to do with Firefox. I get these with other combinations of programs also.

Ignore it or disable the OLE monitoring .

I get these “warnings” whenever i click a .torrent and Azureus isn’t running .
The browser is trying to start Azureus (because .torrent is associated with it) …
big deal, isn’t that what I told it to do by clicking the “download torrent” link ?

It also happens if Thunderbird isn’t running and I click a “send mail” link .
It’s not a bad thing that Comodo detects it, just kinda annoying.

So far my experience with Comodo is that it gives me far more control
than I actually need, but then I’m just a “normal” home-user and it is
very comforting to know that this firewall WILL notice and alert about anything
that COULD be exploited by mall-ware …

I makes sense to get an alert when the browser launches another application. In this example neither application launched the other; they were both launched from the Start menu (frequently used program list). Both apps are running simultaneously and they have the same parent, explorer.

It seems that I get several of these alerts when when a program uses IE (or the system browsing functions) to access the Internet. But the alerts concern/affect other programs which access the Internet: Firefox and Newsbin.

Same here:
Date/Time :2007-02-22 00:07:19
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (Skype.exe)
Application: C:\Program Files\Skype\Phone\Skype.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: 82.242.108.41::13999
Details: C:\Program Files\Mozilla Firefox\firefox.exe has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.

Skype is running and authorized to go out. What has Firefox got to do with that?

The OLE Automation warnings have confused lots of new users, including myself when I started.

Simple rule of thumb without the technical explanations: if you recognize the applications as trusted programs then you may safely allow the alert. Moreover, by checking the Remember option (if there is one) you won’t be bothered by the alert in the future.

I must admit since 2.4 was released, I have not seen even one of these alerts. Comodo is constantly improving. When version 3 is out, it’ll be even better as the architecture will be different with HIPS.

Here is another one:

Date/Time :2007-02-24 16:30:34
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\Program Files\Mozilla Firefox\firefox.exe
Protocol: TCP Out
Destination: 63.245.209.31::https(443)
Details: C:\Program Files\Mozilla Thunderbird Beta 2\thunderbird.exe has tried to use C:\Program Files\Mozilla Firefox\firefox.exe through OLE Automation, which can be used to hijack other applications.

I had to authorize it but it does not make sense. FF is connecting and is authorized and I dont see what Thunderbird has to do with it!!! >:( >:(

You are right this is quite confusing and the additional issue is that all of these authorizations, even when remembered, do not leave any trace (rules) behind, so it is really hard to understand what is going on!!!

I mostly use the app control module and I have to say, it needs to be polished.
I am not saying CPF is not a good app but it almost looks like beta stuff, not mentioning that I am not a noob. I will hold until CPF 3.x but I trully hope for something better.

I could simply disable these protections but then what is the point of having CPF :slight_smile:

I used to use Kerio and although a good program, I dont believe it is that great to monitor leakage and programs trying to use other programs. Thats one of the reason I decided to give CPF a try. On the other hand, I am sure CPF is on the right path but needs some “tuning” one more reason to wait for v3!!!
Comodo: any feedback please?

As far ar as multiple requests from CPF are concerned, there seems to be some interconnection between apps such as for instance when gmail notifier tries to reach the internet and there was “some previous” action from Thunderbird (for instance), I get a popup from CPF asking me to authorize GMail notifier (already authorized) but being “OLEd” by Thunderbird ?!?!?! this is the kind of thing I have a hard time understanding.

And it does not occur all the time but only in special circumstances …
Tough one I guess but weird :slight_smile:

Keep up the good work until April 16th! (v3 beta)

If you want the technical explanation look at this.

Ok thanks, point taken. Let’s be patient :slight_smile:

One of the reasons why these alerts are confusing is because the Help file is not completely documented with examples like Egemen’s. There needs to be general guides and tips like re: my first post in this thread.