Services.exe, spoolsv.exe refusing to communicate with CFP [Resolved]

I’ve attached a log to help with a problem regarding services.exe and spoolsv.exe. No matter how many times I’ve allowed this, it still pops up every single time I open a print dialogue box. It states that the parent, services.exe refuses to communicate with Comodo Firewall Pro and is behaving like a trojan, virus, etc.

Here is a typical log entry:

2007-03-23 14:20:25
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (spoolsv.exe)
Application: C:\WINDOWS\system32\spoolsv.exe
Parent: services.exe
Protocol: TCP Out
Destination: 192.168.42.252::3396
Details: The parent services.exe refuses communication with COMODO Firewall Pro.

Why would you put your logs in HTML when you don’t allow it as an upload?? Plain text is universal. Also, why can’t you cut and paste entries from the log easily?

Any help appreciated.

Thanks,
RWCinci

[attachment deleted by admin]

You might try creating an application rule manually, as such:

Application: spoolsv.exe
Parent: either set to services.exe, or just “Learn”
Apply Criteria -
Action: Allow
Protocol: TCP
Direction: Out
Destination IP: Any
Destination Port: Any
Miscellaneous: Skip advanced security checks

OK. Reboot computer just to clear everything out and set the rule. If that doesn’t do it, you might try adding “Allow Invisible Connections” under the Miscellaneous tab.

Hope that helps,

LM

Thanks and I appreciate your reply. Aren’t these Microsoft apps?

Actual application rule settings to eliminate the issue:

Application: C:\windows\system32\spoolsv.exe - you need to browse for it, it won’t let you type it
Parent:C:\windows\system32\services.exe - ditto
Action: allow
ProtocoL: TCP
Direction: Out
Destination IP: Any
Destination Port: 3396
Miscellaneous: Skip advanced security checks, Allow invisible connections

Again, thanks.

RHW

Great, I’m glad that’s working. Sorry, I should have mentioned that you have to browse for the filepath; can’t shortcut it, I’m afraid. (wish we could, if knew the path already…)

Since all appears to be well and good, I’ll mark the topic as resolved for other users’ benefit. If you find you’re still having trouble with it, just PM me or another Moderator with a link to this topic and request it be reopened. We’ll be glad to do so.

LM