I recently switched to Nod32 (antivirus, not the whole suite), and found that Comodo was logging a lot of traffic for “ekrn.exe”, which is part of Nod32’s Web Access Protection. I searched for, and found a lot of stuff on this issue, but most of the discussion was too complicated for me. I’m one of those who has installed CIS and then done what is recommended in the two guides for achieving maximum protection with the Firewall and Defense+; I don’t policies and all.
From what I’ve understood, ekrn.exe is acting as a proxy, and if I open anything in Firefox, instead of Firefox directly connecting and getting logged in CIS, Nod32 is doing this and first scanning the traffic and then handing it over to Firefox. In the discussions I read, many were saying it is better to have the firewall first, and any scanner afterward.
So what would you all, specially those using Nod32, recommend? For the time being I’ve disabled Web Access Protection entirely, and CIS is logging the traffic like it used to earlier. When it was enabled, I had noticed that there was always some sort of data transfer going on.
