review suspicious activities

hello, i just installed comodo firewall and defense+. i have searched and not found any results for what i am looking for, so I am sorry if this is a dumb question. I’m pretty technically inclined, but I just cant figure this part out. I installed the software, computer restarted, and then opened up comodo. Right then I saw that defense+ had already blocked 3 suspicious events. looking at the event log, one of them is a .exe for my avg antivirus, and the other 2 are wmiprvse.exe in the system32\catroot. now this is practically a brand new system, any i did the spyware sweep during installation as recommended. None of these 3 events are “pending” for my review… so how can i allow this events to take place?? in the log it says the action was “modify file” but the summary screen says that they were blocked. i dont want it to be blocking files for my antivirus.

thanks for your help,


ok i just rebooted my computer and now it says “0 suspicious events blocked” on the summary page. im confused.

An installation of CFP normally requires 2 reboots.


ok, so would that be why the first time the prog opened it said “3 suspicious events blocked” but now it says “0 suspicious events blocked?”

also, when viewing the firewall/defense log, if it says the action is “modify file” does that mean the attempt was not blocked and the file was allowed to be modified, or that “modify file” just means that the attempt tried to modify the file but was blocked?

thanks for your help,



“Suspicious events” go for any “block” log entries i guess.

Exactly. Any similar activities in Defense+ log mean block actions. At least by my observations :slight_smile: