(R) I have a program that i just instaled called “Manycam” that my Defense + has warned me that it wants to “modify the user interface of cfp.exe” ??? what does that mean and is it safe?
In terms of D+ access rights Modify the user interface involves sending message to an application.
Windows Messages - This setting means Comodo Internet Security Pro will monitor and detect if one application attempts to send special Windows Messages to modify the behavior of another application (e.g. by using the [url=http://msdn.microsoft.com/en-us/library/ms649028(VS.85).aspx]WM_PASTE[/url] command).
Sending Windows Messages is a way to interact with other applications and trigger specific actions (events)
[i]Messages and events [/i] In the past, what is now called an event was called a message. What is now called firing an event was called sending a message.
Some automation and macro utilities like autohotkey also use Windows messages to carry automation tasks.
Even if Windows messages have legitimate uses they can also be used for malicious purposes (eg termination of an application that it is supposed to run until the system is shut down using WM_Close Messages)
D+ alerts don’t provide information about the specific messages (IIRC exception made for termination ones) but you can deny said alerts if you don’t expect/want an app to interact with another.
In this specific case you can safely assume that no app need to explicitly interact with cfp.exe and thus you can safely deny that alert.
You can also add Manycam.exe to you pending file list and use the lookup button to check if that app is considered Safe by Comodo.
If it is still unknown to Comodo you can send that app to Comodo for analysis and if CFP is not configured otherwise this step will be automatically carried for all unknown files after a Lookup.
Additional references:
hmmmm well i’ve been blocking ALL the programs that have been trying to do that to not only my firewall but my antivirus as well and the programs in question seen to be working just fine. I didn’t think ANY PROGRAM should have that kind or any other kind of access to my security programs.
Although I agree, I assume there are legitimate uses for these functions even though in some cases (without any implicit reference) they may not be really necessary provided that only developers or reverse engineers can provide a reason for a specific implementation.
And the thing that realy makes me go hmmm is that the programs in question are trying to do this modifacation to only my firewall and antivirus----again i go----hmmmm
Did you sent them to Comodo for analysis?
You can also send it directly to the AV labs to have it analyzed faster as per Reporting False Positives/Suspicious Files & Submitting them to the lab
yes i did