Set up CFP on a neighbor’s computer (while they are away the Oz will play) and except for a pop up at boot time which keeps asking me an allow or deny, but no ‘apply’ box, all is well.
W2K machine - also have a Linksys router hooked up. CFP version is 2.4.18.184
I get a “svchost.exe is trying to act as a server” Parent: services.exe Also have:
remote: IP Listen Port : ms-rpc(135) - TCP
svchost.exe refuses communication with Comodo Firewall Pro.
I tried rootkit revealer, the only ‘hooked’ processes were cmdmon.sys, all others were ntoskrnl.exe
The log shows:
Description: Suspicious Behavior (svchost.exe)
Application: svchost.exe
Parent: SERVICES.EXE
Protocol: TCP In
Destination: 0.0.0.0::ms-rpc(135)
Is there a way to have this stop popping up on every boot? Tried searching the forums but didn’t seem to find any hits on my problem. Apologies if I missed it :-[
You should not install CFP - or any product, for that matter - on anyone’s computer without their express permission. If any other warning came up, they might think CFP was installed through spyware and that could taint Comodo’s reputation.
The process “svchost.exe” is a critical part of the operating system. As long as you make sure that it’s coming from C:-somethingsomething-\System32 and that the file name is svchost, not svhost, it should always be allowed.
I was being TIC (tongue in cheek). My neighbors who are currently living the high life in Vegas, while I’m stuck in Chicago, gave me permission to get their computer in better shape. At first they had broadband, with no firewall or router. Talk about playing with fire!
Anywho, back to my original Q - is there a way to have it stop popping up on very boot???
I merged these 2 threads because of the same topic titles. Sorry if it looks confusing in some areas ;D.
Is the certified apps by Comodo option enabled?
The ‘act as a server’ is due to CFP checking TCP loopback connection. The option can be toggled in Security > Advanced > Miscellaneous > Configure > 2nd option. Be aware that you should only enable the skip check option if you’re not running any proxy server.
If you don’t know what it is, chances are you aren’t running one. Rather than trying to define it myself (which would be lousy), take a look at this: Proxy server - Wikipedia
By design, CFP will automatically deny the alert if not answered in a certain amount of time (whatever you set it in the Miscellaneous screen). If you think about the default-deny principle, this is for your own security in case the alert is on malware.
I now have both skip loop back (127.x.x.x) checked off and it made no difference - still get allow or deny for ‘act as a server’. Should I uncheck ‘do not show any alerts’? I know they’ll have me remove CFP if that option never goes away.
***Update - unchecking ‘do not show any alerts’ did no good.
The ‘do not show any alerts for the applications certified by COMODO’ option should prevent the svchost.exe alerts (at least for me I have never been alerted). Partly one of the reasons why it’s enabled by default is to reduce alerts.
You may have to reboot to see a difference.
In the first post, I’m curious as to why it’s 0.0.0.0 rather than 127.x.x.x. I saw that somewhere in this forum, but don’t remember…hopefully someone with better knowledge can answer. :-[
I rebooted at least 10 times trying various things - never stopped the pop up from appearing. On my install it was disabled, not enabled.
I’m done with for the day. They come back tomorrow evening so I’ll give it one more try, otherwise they’ll have to rely on the router only for protection.
Can you please try completely uninstalling CFP (including leftover registy keys and files/folders) and try installing an older version of CFP, rebooting, and try again?
If that doesn’t work, try completely uninstalling CFP again and try another older version and try rebooting again.
If all else fails, try version 2.3 instead of version 2.4.
If the “Do not show alerts…” was disabled after install, something was buggy with the install. Quwen’s suggestion for uninstalling, clearing registry keys (and not just for Comodo) and reinstalling would be mine as well.
However, I’d say you can stick with the current version, rather than rolling back to an older one. Just make sure you do the following regarding the reinstall:
Disable any active security applications prior to installing - AV, antispy, HIPS, etc. CFP installs its drivers in the kernel, which is frequently interfered with by other active security. So do that, then reinstall CFP.
After you reboot following the install, go to Security/Tasks/Scan for Known Applications, and run that. Follow the prompts, reboot. Do the Skip Loopback thing, and make sure the “Do not show alerts for applications…” is checked as well. OK.