Security alerts

I keep getting alerts similar to the attatched screen shot. Should I allow or deny these.

[attachment deleted by admin]

These alerts are happening all the time now, what should I do? Are they normal? Some say low risk and others say high but if I deny them I cant browse the internet.

What are you doing when these alerts come up? Are you clicking on links within the page? Or on a Favorite?

Both. I open IE and then when I go to a page they start coming up. Sometimes it happens when I click on links. They just randomly come up. Most of the alerts are similar to the screen shot, going on about ole and things.

What CFP3 version and OS are you using? What are your D+ Policy settings for IE? What is your D+ mode? These look like normal transactions for IE, but don’t understand why you are getting alerts for them. Have you changed anything under image execution settings or D+ settings?

I am using V2 with XP. What are the D+ policy settings? Sorry I am not very good with this.

I am still getting these alerts while browsing, can anyone help?

An OLE Automation based hijack is only a threat if you dont know the application in question. For example in your case, you know nero.exe is a trsuted program. In windows Operating systems, OLE automation is as normal as moving mouse pointer. So are Windows Messages.

When automatically approve comodo certified applications option is enabled, CFP wont even ask anything to bother you for such known applications.

If there is something more critical you shall see “This is typical of virus/Trojan behavior”. Memory injections or DLL Injections are the alerts which should make you be more careful. But for OLE Automation and Window Messages, you dont need to be paranoid if you know the application. I dont remember I even denied such a popup before unless i was doing testing. And 99% of OLE Automation/Windows Messages popups for the PARENT application should be non-harmful type alerts.

Rules of thumb for understanding what to do :

“If the application in the security considerations section is not a known application(i.e. an application that you did not install but came from somewhere else), deny.”

“OLE Automation and Windows Messages are as normal as a mouse move in Windows”

Hope this helps,
Egemen


https://forums.comodo.com/cfp_beta_corner/unaddressed_problem_in_all_releases_including_latest_beta-t5207.0.html;msg38857#msg38857

Cheers

Try reducing the alerts go to security miscellaneous
Alert frequency level drop the bar to the bottom

D+ (Defense+) is a CPF 3 feature.

Iexplorer and explorer.exe are just communicating using OLE. Just be sure the site hasn’t been hijacked and that the URL is correct at the top. (Might want to consider using Comodo Verification Engine).

If you’re sure of the above then just allow the alert.

Eric

Wait a minute guys, The screenshot shown by Daffy Duck shows this alert is comming up for an attempted connection to a doubleclick ip address, which is undesirable by most. Not sure about an easy workaround for this in 2.4 atm. With the Opera browser, you can block specific content on certain sites. Not sure if you would get the Ole communication alert if you have these ads/sites blocked already via Opera.

Do all the alerts refer to the same IP address as shown in your attached screenshot?

If so, you can set up a block rule for just that IP address. This way the action referred to in the alert can occur but an outbound connection as a result of that action can’t and you can still surf the internet.

Ewen :slight_smile:

Thanks Panic. Couldn’t remember but I think what was happening back when I did run 2.4 everyday; is that if you clicked Block & remember, you wouldn’t be able to browser teh internet even if you closed the browser and relaunced it. For the rule with that specific IP in the screenshot, I think you would want to create a rule in network area to block outgoing to ip range 65.205.8.0 - 65.205.8.255 and place it above the 1st rule which should be the allow outgoing tcp/udp rule. I think there are better ways to take care of these Ads tho.

I don’t think there is, in V2. The bock action applies to teh app with the connection, in this instance iexplore.exe - ergo - no internet. The proposed method allows continued net access, but blocks access to specific IPs, which is what we were trying to achieve.

I have to admit it’s been ages since I even looked at V2, so it’s entirely possible that there is a better method. Hopefully someone will post it here and refresh and refresh our (or at least “my”) memories.

Cheers,
Ewen :slight_smile:

They have different ip addresses and some say tcp and others udp.

I don’t get it. Why is this a job for the firewall?

Because it’s about an IP connection which can be controlled by the firewall. Sure, it can be conrtrolled by other means, but the user already has the firewall and it can do the job.

He doesn’t have to use this method, but I believe it will work and requires no other application.

Ewen :slight_smile:

I understand Panic, but when you start going there with the firewall, there are plenty of IP’s to block :stuck_out_tongue:

And the alternative is to run a host blocker, which runs at a higher level in the OSI model and induces more lag.

The trio NoScript, Adblock Plus, CookieSafe. etc.
Admuncher, Proxomitron, WebCleaner…

You know :slight_smile: