System trying to create sistem32\logfiles\wmi\rtbackup\etwrtcittelcontrol.etl


for some mysterious reason Comodo started warning me every day that System tries to create sistem32\logfiles\wmi\rtbackup\etwrtcittelcontrol.etl

I have opened the folder and allowed the creation but no file was created (I have refreshed and still nothing).

Should I worry?

Also, from time to time happens that when I turn off the PC (actually notebook, with Win 7 64bit) Comodo warns that System is trying to do something. I never could do a screen or really read what, because the system shut off before.

I think that in some moment I got tired and I took the opportunity that the shutting off was delayed and I have just authorized that thing forever so not to receive the message.

But it was already happening once before that I have formatted everything. When I have formatted it did not happen for a while but then it happened again.

Is it a known bug?

Sorry for the two different questions in one thread but it seemed silly in that moment to me creating two threads.


Look at your HIPS rules to see if “Windows System Applications” is listed and treated as Windows System Applications, if the rule doesn’t exist create it and use the predefined policy windows system applications.

Hi, it was not there, I did what you’ve suggested, thanks :slight_smile:

About the other theme (Comodo warning that System is trying to do something when I want to shut off the Notebook) it did not happen again so probably I really did allow the thing in long term (like “remember my answer”).
Any risk that it was something wrong? Should I trust anything called system?
For example now I saw that among the Hips rules there was one for “system”. It was treated as “custom rules” and allowed.
I have changed it to “windows system application”.

Right? :-[

“System” is part of the Windows System Applications file group so once you added the rule for that group, you will no longer get alerts for system or other applications listed in the file group. Yes you can trust system as it is part of the windows operating system. You can delete the independent System rule as it is redundant that is already part of the aforementioned file group.

Thanks :slight_smile: