Preferences ignored

Trel · May 12, 2007, 5:13pm

Under behavior analysis, I unchecked
-Parent Application leaks
and
-Com/OLE automation attempts

However, I still get alerts for both.

kail · May 12, 2007, 8:01pm

Hi Trel

Could you post the alerts CFP is giving you. You can export CFPs Log to an HTML file (right-click on the Log), open in your default browser and do a simple copy ‘n’ paste operation to post the Log here. Remember to mask any private IP numbers that you do not want made public, thanks.

Trel · May 12, 2007, 9:13pm

The logs show a different error than the popup message.
The popup message said it was OLE Automation (100% sure)

Log for that time says

Date/Time :2007-05-12 13:20:21
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (seamonkey.exe)
Application: C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: xxx.xxx.xxx.xxx::http(80)
Details: C:\WINDOWS\explorer.exe has loaded C:\WINDOWS\system32\dinput.dll into C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe using a global hook which could be used by keyloggers to steal private information.

(I usually get the parent application warnings and OLE automation messages a lot when I switch windows quickly which is why I have it turned of)

kail · May 12, 2007, 9:20pm

Yea, that’s not the one. That’s an ABA DLL Injection warning I think. Can you get CFP to reproduce the message/alert?

Trel · May 12, 2007, 10:43pm

I’ll post the log and a screenshot of both the alert and what I have unchecked as soon as it happens again.

Trel · May 14, 2007, 6:34pm

Ok, I was viewing an embedded WMP movie in Seamonkey, when I got an alert that said explorer.exe wanted to load dinput.dll, I allowed that, and here is the log of that

Date/Time :2007-05-14 14:30:59
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (seamonkey.exe)
Application: C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: 140.211.166.81::http(80)
Details: C:\WINDOWS\explorer.exe has loaded C:\WINDOWS\system32\dinput.dll into C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe using a global hook which could be used by keyloggers to steal private information.

Next, right after allowing that, I got this alert

There is no entree in the log to go with that alert though.

Also, here are my settings which I belive say that alert should not have happened

kail · May 14, 2007, 6:46pm

Yep, that looks like an OLE message to me. You had better go to Comodo Support, register on their system & raise a ticket on this issue. You had also better give them your screen shots… not sure if you can attach these to a ticket… you might have to email them separately when Support asks for them. It is very odd that the OLE pop-up didn’t create a Log entry.

Anyway, please post-back any feedback/resolution that Support gives you. Thanks.