Repeating alerts when trusted file tries to access explorer.exe in memory

The bug/issue

  1. What you did:

Tried to run custom software across a network.

  1. What actually happened or you actually saw:

Constant requests for allowing operations -despite the program being in the trusted files section and having “remember my answer” being ticked.

Alert says ‘Feedex.exe is trying to access explorer.exe in memory’

  1. What you expected to happen or see:

I expected my program to run without having to do about 30 “allows”

  1. How you tried to fix it & what happened:

I added the software to the trusted files list. And that shut it up for one use but now comodo is nagging again and again.

  1. Details (exact version) of any software involved with download link:

Custom software. Worked up until this recent update.

  1. Any other information you think may help us:
    Works when re-added to trusted files - but if I have to do this every time I use it it will get silly…

Files appended

  1. Screenshots illustrating the bug: Note to devs - replace [at] by symbol in URL[at]N02/5043239247/
  2. Screenshots of related event logs or the active processes list:
  3. A CIS config report or file.
  4. Crash or freeze dump file:

Your set-up

  1. CIS version, AV database version & configuration used:
    Latest update
    virus sig database version 6260

Stateful, safemode, safemode

Diagnostics tool does not find an error with my setup.

  1. Whether you imported a configuration, if so from what version:
  2. Defense+ and Sandbox OR Firewall security level:
  3. OS version, service pack, no of bits, UAC setting, & account type:
  4. Other security and utility software running:
  5. Virtual machine used (Please do NOT use Virtual box):

If I re-add the program to the trusted files it seems to remember it’s ok and doesn’t pester me for “allow action” … but the original one is still listed there.

Thanks very much for making your report in standard format. To fix it we’ll need some information that you have not yet included. We would be very grateful if you would edit your first post to include it.

A) About your software.
i) Is it frequently compiled or changed?
ii) Please supply a screens shot of the alerts

B) The answers to questions ‘Your setup: 2-6’ in the format

c) A screenshot of your D+ event logs and your active processes list. The latter when the alert is being displayed.

Many thanks in anticipation


Does CIS remember the program until you reboot or log off your Windows? And it had forgotten after you rebooted or logged back in? Is the program on ran from a disk on a network share?

Having looked at this again I think this is probably a settings issue.

If you look in Computer Security Policy ~ D+ rules, you should find a rule for explorer.exe. If you look at the protection settings tab, you have probably got ‘interprocess accesses’ set to ‘ask’. Protyections settings over-ride permissions, so setting the file trusted won’t help this problem.

For the moment I will transfer you to help so you can work through this issue and hopefully resolve it. Please ask any mod to move this report back to the bugs forum if it becomes clear that it is a bug/issue.

Best wishes


Hello. I’m having exactly the same issue. I’m getting thousands of Defense+ events for Access Memory issues where Anvir.exe (a trusted file) is targeting Explorer.exe.

I’ve gone through the Computer Security Policy, found Explorer.EXE, edited the policy, and allowed all of the “Access Name” items. I also tried adding an exclusion for the program with the issue (Anvir.exe), but that didn’t work either.

Note: when I view Anvir.exe in the “View Active Process List”, it shows as partially limited but I can’t figure out why. Is that part of the issue?

Any suggestions would be appreciated.

Welcome to the forum David Witkin, first off lets start with the Anvir.exe
Could you have a look in Defence+ → Unrecognized Files to see if Anvir.exe is there. If it is tick it and move to “Trusted Files”

Iv`e downloaded the free portable version of Anvir and am getting no logs regarding explorer (getting them for trying to access CIS), just wondered what version you have and what settings do you have for CIS (especially Defence+).

Could you also have a look in Computer Security Policy → Double click the explorer.exe entry and tell us if the setting for Interprocess Memory Accesses is Ask or Allow.

Also possibly go to Computer Security Policy and Add the Anvir.exe then give it the pre-defined policy “Installer or Updater”.
You could create a group for the whole Anvir folder via protected files/folders ->Groups->Add->A new Group->Browse to the folder and hit the right arrow so you end up with C:\ProgramFiles\Anvir*

Best of luck,