"Parent application" feature

Hello all :slight_smile:

I would like to ask what exactly is the use of the “Parent application” feature of the application rules: i.e. in my Firefox appl. rule, Comodo PF linked firefox.exe to explorer.exe, but is explorer.exe the only application that can activate Firefox when the user clicks on its icon? Also there is not the risk that explorer.exe could be modified by some malware? In this case it would be better to set the application rule of Firefox to “skip parent” ?

Thanks in advance.

Hi stonewall, welcome to the forums.

The Parent-Child relationships are monitored because they can be exploited by Trojans. Check out GRCs famous Leaktest or the equally famous PC-Flank test. These types of leak tests exploit the relationship between explorer.exe & iexplorer.exe, by attacking explorer.exe the non-internet application to get at iexplorer.com.

Can your default browser be run by anything other than explorer? Sure, any other application that has click-able URLs (email clients, text editors, etc…) will launch your default browser. Many apps call the default browser to check for updates, add-ons, etc.