I want to reply on it but I saw this ‘’ Warning: this topic has not been posted in for at least 120 days.
Unless you’re sure you want to reply, please consider starting a new topic. ‘’ so I came here and started this topic.
On the old topic the file is sessionstore.js , but in my Defense+ alert the file is WebContentConverter.js, however I see alerts in random times, yesterday I allow it without Remember My Answer then today it came again, I didn’t do anything and Comodo block it as auto. After that I restarted my computer, than it will came again. This time I checked Remember My Answer and Allow this Request section.
sessionstore.js and WebContentConverter.js, they are both components of Mozilla Firefox. But I don’t know they are safe or unsafe. What the head heck with this rundll32.exe module? And I’ve understand this: Why this alert did start to come these days, not in past days?
One more thing. I used CCleaner also. Day by day or power off to power off. Thanks a lot.
Rundll32 and Firefox both like this ; Run an executable (ask) , Protected Registry Keys (ask), Protected Files/Folders (ask) the others are allow. Comodo did this, I didn’t touch anything.
If you want I can give you Firewall policies too.
sessionstore.js and WebContentConverter.js, I pointed if I use or not use CCleaner they are still coming as an alert of Defense+ . I blocked them until I take an answer in there about these things, block or allow.
I’ve used this computer since three or four months, Windows 7. That is a clear system, I first installed my modem than Comodo. Everything was OK. But after a few months, my connection is gonna blow. I did everything but it didn’t come back. I uninstalled Comodo and see it came back, after that quickly I installed Comodo back too. Just this I did. I hadn’t got any problems like these before.
Just in this week. Only I did these: I opened my computer and connected to internet. After that I started Firefox then in about one or two minutes these alerts had came. Only this.
I apologize for spelling errors because of my limited English.
None. I noticed this behavior after running Firefox not on system idle position. I didn’t take any alerts except these from rundll32. I said my policies too. My Firewall and Defense+ settings are like Kyle’s suggestion on Guides forum section.
My own Firefox (3.6 for xp sp3 pro) firewall policy is default web browser, its defense+ policy has every item at ask, HKLM\SYSTEM\ControlSet???\Services* is allowed in registry keys.
rundll32.exe has no firewall specific rule, and does not have to have one, as it is part of system as it lies under \system32; system is set as custom, with LAN specific rules, but no one is set at less then “ask”, and i am never asked anything for js.
I have a specific defense+ rule for %windir%\system32\rundll32.exe, set to custom altough i don’t remember to have it created myself and i am not sure it’s such a good idea , and edicting in “access rights” that items 1,8 and 9 are “ask”, all others “allow”, permission for item 1 is %windir%*, HKLM\SYSTEM\ControlSet???\Services* for item 8.
“settings” are not active.
rundll32 is crucial because of it is a system processor. My Defense+ rules are like you. But I have no rule for 8.
My Firewall rule was appointed by Comodo after re-install (I mentioned it my post). Should I remove it?
I looked both sessionstore.js and WebContentConverter.js about them there are limited informations. My Firefox don’t hold any cookies. They are all gone after I close it and yes I can do clear history all the time when I close my Firefox.
What happens if you write the same 8 rule that Comodo wrote for me?
What happens if you choose not to clear history when you close Firefox?
Again, sessionstore and webcontentconverter are perfectly legit and innocuous: the first one registers informations to restore from crash (and is thus rewritten each time you quit Firefox) and the second one what to do in the firefox “applications” menu, not to be changed so often, but only when you install a new concerned software.
Nothing to worry about and, at least concerning sessionstore, it is under the xxxxx.slt folder, xxxxx is random precisely to keep whatever software (including Comodo?) to reach it. You can disable it in about:config (session restore). Or allow them.
No, the REAL question is the behaviour of Comodo with a js file downloaded in a temp file or wherever else from a malicious software.
Did you put your Firefox profile on the “My protected files” maybe?
I’m running D+ in paranoid and can’t remember having seen these ever…
Comodo did change the behavior of script handling in V4 it now alerts also on for example a perl script that chains other commands or tools is now added on the security policy as the script name and path, and not just as an action caused by perl.exe. This way you have more granular control over scripts…
My Firefox have only one add-on : AdBlock Plus. There is no thing except this. But I can remember, I installed McAfee SiteAdvisor but it cause problems. My Firefox was working too slow and I uninstalled it. I installed and uninstalled it on 24 February. And these started to come on this day or 25 February. So there is something associated with SideAdvisor and these alerts I think. How can I clear SiteAdvisor’s history from my computer. If you say use CSC (Comodo System Cleaner), I can say I’m afraid of it because of it found much thing and I don’t know what they are. So I can’t use it. But if you say you have to use it, I can try.
brucine, I think there is no need to write ControlSet rule for rundll32, because it is for services.