Under behavior analysis, I unchecked
-Parent Application leaks
and
-Com/OLE automation attempts
However, I still get alerts for both.
Under behavior analysis, I unchecked
-Parent Application leaks
and
-Com/OLE automation attempts
However, I still get alerts for both.
Hi Trel
Could you post the alerts CFP is giving you. You can export CFPs Log to an HTML file (right-click on the Log), open in your default browser and do a simple copy ‘n’ paste operation to post the Log here. Remember to mask any private IP numbers that you do not want made public, thanks.
The logs show a different error than the popup message.
The popup message said it was OLE Automation (100% sure)
Log for that time says
Date/Time :2007-05-12 13:20:21
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (seamonkey.exe)
Application: C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: xxx.xxx.xxx.xxx::http(80)
Details: C:\WINDOWS\explorer.exe has loaded C:\WINDOWS\system32\dinput.dll into C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe using a global hook which could be used by keyloggers to steal private information.
(I usually get the parent application warnings and OLE automation messages a lot when I switch windows quickly which is why I have it turned of)
Yea, that’s not the one. That’s an ABA DLL Injection warning I think. Can you get CFP to reproduce the message/alert?
I’ll post the log and a screenshot of both the alert and what I have unchecked as soon as it happens again.
Ok, I was viewing an embedded WMP movie in Seamonkey, when I got an alert that said explorer.exe wanted to load dinput.dll, I allowed that, and here is the log of that
Date/Time :2007-05-14 14:30:59
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (seamonkey.exe)
Application: C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: 140.211.166.81::http(80)
Details: C:\WINDOWS\explorer.exe has loaded C:\WINDOWS\system32\dinput.dll into C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe using a global hook which could be used by keyloggers to steal private information.
Next, right after allowing that, I got this alert
http://i4.tinypic.com/52fbtid.jpg
There is no entree in the log to go with that alert though.
Also, here are my settings which I belive say that alert should not have happened
Yep, that looks like an OLE message to me. You had better go to Comodo Support, register on their system & raise a ticket on this issue. You had also better give them your screen shots… not sure if you can attach these to a ticket… you might have to email them separately when Support asks for them. It is very odd that the OLE pop-up didn’t create a Log entry.
Anyway, please post-back any feedback/resolution that Support gives you. Thanks.