I’d like to know how CF handles the things to prevent outgoing connections at boot time…
(Advanced configuration => advanced detection => Misc. Tab)
CF is launched by the registry key “HKLM\SOFTWARE\Microsoft\Windows\Current Version\run”
Is that not a bit too late ?.. :-[
Some nasties “calling home” are launched by “HKLM\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon notify” before, no ? :-\ I mean, it’s just a question, i don’t know myself
What’s the best config to apply for preventing ANYTHING to connect-out at launching time ?
The entry in the HKLM run key is just the GUI part of the application (well maybe not just this)
The core part of the program that does the blocking is loaded much earlier.
Too see them…
run device manager and select show hidden devices
under the non plug and play drivers you will see a couple of comodo entries
If it works anything like an NTFS filter driver, then I believe Microsoft assigns the order that these start by assigning a unique value, but this is getting to the edges of my knowledge.
Thanks for the informative links, and sorry to have not find these before my question here. I should have search more this forum before asking… :-[
Still, i am not completely satisfied by the explanations… How window manage to load things at boot time and in wich order ? What’s the key to determine what should be launch first ? I think that the progs mentionned in the “HKLM\SOFTWARE\Microsoft\Windows\Current Version\run once” are launched before those in the “HKLM\SOFTWARE\Microsoft\Windows\Current Version\run”. Is it true ? Or am i completely “out of phase” ? (probably)
Yes, “Comodo Application Engine” and “Comodo Network Engine”. Should be the last one who handles the trick…
