During a virus scan, Comodo asked me if svchost could modify a protected file- a file in System Restore.
I allowed the action and ticked the box for Comodo not to ask me again about a similar action, but the same pop-up about svchost appeared many, many times- all .exe…dll files in System Restore. Had to to set Defense+ to Allow All, then click yes to about a dozen more pop-ups before the last of then disappeared.
More endless pop-ups trying to download a file from BetaNews and view Hotmail:
HIPS is like laying bear traps around your house just in case you get burgled, and wearing a bullet proof vest 24/7 just in case the burglar has a gun.
Defense+ Plus set to ‘Allow all’. (:KWL)
Still getting the Defense+ alerts trying to download even with ‘Allow All’ ticked! (:AGY)
It’s not going to reset automatically… you’ll need to Exit the firewall, wait a minute, and then restart it (as from desktop icon, etc).
This is (as I understand it) because it uses system-level drivers, and re-writes to the registry with these changes; it doesn’t seem to work very well “on the fly.”
I looked in the log this morning for what was causing the problem, and as far as I can see, both incidents were caused by Firefox modifying temp files:
24 August 2007 21:24:44 C:\Program Files\Mozilla Firefox\firefox.exe Modify File C:\Documents and Settings*\Local Settings\Temp\wb4bnk49.exe
24 August 2007 21:26:44 C:\Program Files\Mozilla Firefox\firefox.exe Modify File C:\Documents and Settings*\Local Settings\Temp\wb4bnk49-1.exe
24 August 2007 21:29:12 C:\Program Files\Mozilla Firefox\firefox.exe Modify File C:\Documents and Settings*\Local Settings\Temp\wb4bnk49-2.exe
24 August 2007 21:35:24 C:\Program Files\Mozilla Firefox\firefox.exe Modify File C:\Documents and Settings*\Local Settings\Temp\jdglaou7.exe
24 August 2007 21:37:47 C:\Program Files\Mozilla Firefox\firefox.exe Modify File C:\Documents and Settings*\Local Settings\Temp\lk4cmqxy.exe
24 August 2007 21:41:27 C:\Program Files\Mozilla Firefox\firefox.exe Modify File C:\Documents and Settings*\Local Settings\Temp\nkjawr3z.exe
The log only shows two entries for the first incident and four for the second, but both times there were a much larger number of pop-ups. I clicked ‘Remember my answer’, but that didn’t help.
I couldn’t reproduce the problem with Hotmail this morning, and a download from BetaNews only produced a couple of pop-ups:
Obviously I put my foot in a bear trap last night, and it wasn’t a pleasant experience: endless pop-ups when trying to perform an innocent action will just cause users to disable HIPS.
I have it back on now with fingers crossed for a bit more testing.
Is there any way to let Firefox modify any and all temp files when necessary, and are there any security risks in doing so?
What version are you using? 126.96.36.199 is the latest. Your problems sounds very much like the previous version (208).
It seems ridiculous to me that Defense+ will load you with alerts just because a file is being modified on a temporal folder!!!