SysInternals Process Explorer being logged as intrution

Hi Guys…

I’ve added Process Explorer (from Sysinternals - Sysinternals | Microsoft Learn) to the DEFENSE trusted applications, as well as exclusions list in the Defense settings… but it’s still getting logged as intrution

http://cl.ly/3h65/Screen_shot_2010-12-20_at_12.05.13_PM.png

… not sure if this is a bug but this is annoying…

TJ

No it is not a bug, I presume it is trying to access the memory of CIS which is protected, memory access should only be allowed if you 100% sure that the application is safe.

See here how to allow
https://forums.comodo.com/defense-sandbox-help-cis/superantispyware-entries-in-d-log-t48525.0.html;msg349077#msg349077

Moved to help.

Dennis

I have a similar query
In the screenshot titled Comodo Defense+ Trusted you can see I have CleanMem & Emsisoft Emergency Kit as Trusted and Alaunch as Custom (Trusted just gives me a pop-up)

In the screenshot titled Comodo Defense+ log those same software are being logged and I guess blocked in some way.

How can I set Comodo Defense+ to allow the software that I trust to do everything that it needs to do ?
Thanks in advance :slight_smile:

By the way, the link in the above reply goes to a one year old post and things have changed since then

All the best, woz of oz

[attachment deleted by admin]

It`s still exactly the same principle as it was back then. Basically a program is trying to access CIS in memory, whether it be Process Explorer, Emsisoft or even perfmon, CIS will not let it unless it is on the list that is allowed.
Double click the Comodo Internet Security entry in Defence+/Computer Security Policy->Customize->Protection Settings->Modify next to “Interprocess memory access”->Add, then Browse to the executable (with path) or add from running processes.

Matty

[attachment deleted by admin]

I adjusted the settings last night and shutdown.

Started up this morning which is when Alaunch is ‘active’ updated Emsisoft Emergency Kit and CleanMem has been used both automatically and manually.

No logs, it’s all good :-TU

Thanks very much for the help and Ho, Ho, Ho ;D

Update for those using CleanMem
After following the above steps the automatic cleaning every 30 minutes (:06 & :36) by CleanMem is not logged but any Manual launch of CleanMem is still logged. The Manual launch was not logged yesterday so I don’t know why this changed today.
Anyway, it’s necessary to put Comodo in the cleanmem_ignore_list (this is usually at Program Files > CleanMem)

Follow the instructions in the cleanmem_ignore_list.txt file and add these 2 to the list:
cmdagent.exe
cfp.exe

Save the changes and don’t forget to run Apply_Ignore_List_32bit_OS or Apply_Ignore_List_64bit_OS (MS-DOS Batch File) after that.
You will need to allow this in the Defense+ pop-up

Happy days ;D

All the best, woz of oz