Since Yesterday I am getting too many Defence + alerts , regarding modification of protected interface device\NamedPipe\Isarpc.
Several Program like wercon.exe,itunes,avg…Etc…all are trying to access this protected interface.
I was wondering (seeing the amount of alerts) what exactly this interface is? Is it some kind of trojan/virus/worm?
The increased number of D+ alerts are likely to be a byproduct of some changes to “My protected files”
The only named pipe configured by default is \Device\NamedPipe\atsvc which pertains Scheduler service.
ok.
So should i put this piped configuration device\NamedPipe\Isarpc in protected files list? Is it safe? Because now , practically every program i opens (smplayer,word,firefox…) D+ demands authorisation to access this piped configuration.
Nope. If such above mentioned entry is already in protected list it should be removed. If such entry is not there it would be reasonable to check all entries that do not match protected file defaults. There ought to be either new entries (eg a single *) or some changed defaults that enabled the alerts you have been experiencing.
In any case importing and activating one of the configs in %programfiles%\Comodo\COMODO Internet Security (eg COMODO - Proactive Security.cfg) would reset the configurations to defaults and restore CIS normal operations.
sorry, but i did not understood…u mean to say that i should not allow this configuration (device\NamedPipe\Isarpc) access to any file. Does that mean, it is a kind of malware??
i checked the entries of protected file list. device\NamedPipe\Isarpc is not listed in this list.
Basically, i was eager to know that allowing this device\NamedPipe\Isarpc will harm me in anyway?
Basically it looks like your CIS was mis/configured and behaved the way you mentioned.
If you import and activate a default config (see previous post) and launch some applications again that alert won’t be there anymore.
ok. i understood. But there is some problem importing the configuration.
First, I dont see this box(http://wiki.comodo.com/Image:Export_configuration.gif) . In my manage configuration, i see something like this (see attachement1). Now first question, what to activate? Firewall security, proactive security, internet security??
Secondly, which file to import. I mean i saw 4 files in that folder with cfg extension. (COMODO - Antivirus Security,COMODO - Firewall Security,COMODO - Firewall Security,COMODO - Firewall Security).
Third, When i tried to import the the file (for example say COMODO - Firewall Security.cfg) i got this error (see attachment2)
[attachment deleted by admin]
Was COMODO - Firewall security the one marked as “Active” when you opened “My configurations” dialog?
If so the corresponding configuration default would be COMODO - Firewall Security.cfg
To successfully import such config file it would be needed to launch CIS gui as administrator beforehand:
Close CIS GUI (right click on the shield icon in the tray bar and then select Exit)
Right click on CIS Shortcut and select “Run as Administrator”
Thanks a lot…it worked…i imported the config file…then restarted the comp…and i didnt got the D+ message 
:-TU :-TU
You’re welcome.
If you compare the protected files list between the new active config with the old one you could identify the differences and edit “My protected files” of the old config to match the defaults.
ok…but unfotunately i didnt saved my last configuration…so cant compare 
As long it wasn’t manually removed, it should be listed in “My configuration” though is not marked as active.
To check the old config though it would be needed to activate it temporarily (perhaps after launching CIS GUI as administrator).
no…actually i imported the config by overwriting on the current existing configuration…
so i dont see any other config file beside the normal 4 files
