Security considerations in security alerts

Hello,

I’m using Comodo firewall for some month and it blocks quite well. Maybe too much…

Often I get an alert like this. (see attachment)

The actions I did to get to this alert are:

  • start Outlook express by double click
  • click ‘send and receive’
    Outlook express is in de list of the ‘application monitor’ in Comodo firewall with options; msimn.exe- any-any-tcp/udp out - allow.

The strange thing is the ‘security consideration’ in the alert???
I have no idea what the bluetooth application has to do with my action of checking my mail.
When I click on ‘deny’ my complete internet connection is blocked.

The only thing I know is that I did connect my bluetooth mouse to my laptop before I checked my email in outlook express.

What I want is, to block the bluetooth application to connect to internet through my outlook express(as stated in the securtity consideration), but I do want outlook express to connect to the mail server to get my email!!??

How can I solve this problem?

[attachment deleted by admin]

Two solutions:

  1. you can allow it.
  2. you can send it to comodo for analysis

Nowhere it is stated in the securtity consideration that bttray.exe is using outlook express to connect to the mail server to get your email.

That alert means: Outlook express is a child process of Explorer.exe and is attempting an internet connection. But explorer.exe was somewhat modified by bttray.exe . This activity could mean that bttray.exe would be a malicious program and that the connection of outlook e. would not be safe. Do you trust bttray.exe and allow Outlook express to connect?


If you don't trust btttray.exe you should uninstall it. If you trust it and allow that connection, you still should get an alert in the event that bttray.exe binary file gets changed (if you do a legit update and that file got changed, but also if it got infected by a virus, CPF will alert you that the cryptographic signature of the file got changed.Being that the case If you didn't update that file It would be wise block that connection).

Thanx for your help.

I would like to let Outlook connect to internet as usual and I don’t want bttray.exe(bluetooth driver of my dell laptop) to connect to internet through any application.

What I don’t understand is what these two programs have to do with each other.
I understand that bttray.exe possibly changed something in explorer.exe but this doesn’t have anything to do with outlook express I guess.

thanks again!

The actual strength of a chain is equal to its weakest joint…

Actually Oullook is launched by explorer.exe which it just got sneezed from bbtray.exe If bbtray.exe didn’t got flu then outlook will be safe. ;D

Usually these bbtray apps add some BT icons in My computer (if i recall it correctly it is named like “My bluetooth places”)

If you really don’t want that to happen you should try to remove bbtray.exe from the list of startup apps after you created a restore point manually.

Bttray.exe is not necessarily connecting to the internet. The Message alert is part of Application Behavior Analysis (ABA), as gibran has noted. Here’s the scenario:

MSIMN.exe (outlook express) is the connecting application.

Explorer.exe (the Windows desktop/shell) is the parent to msimn.exe.

Bttray.exe has communicated with the desktop in a way that could be similar to malware, when msimn.exe connected to the internet.

Applications communicate behind the scenes all the time; this is not necessarily a cause for concern. If you know both applications, it is safe to Allow. If you Allow & Remember, you shouldn’t see that combination of alert again. If you Allow (without Remember) it will be for that session only. If you Deny (without Remember) it will be for that session only, and CFP will determine that your system must be compromised; thus it will block all involved applications. Restarting one or both applications should re-enable the connection; sometimes a reboot is better. Deny with Remember will make it permanent (create a rule).

If you do not want Bttray.exe connecting in any way, do this:

Go to Application Monitor.

Add a new rule. Make it for bttray.exe as the application. Set the Parent to either: Skip, Learn, or explorer.exe. Set the Action to Block. Then reboot.

That should take care of it.

LM