I have Comodo set :To “Do Not show any alerts for applications certified by Comodo” and Alert frequency set to “medium”. On my system Comodo warns me about Wallbreaker on all 4 tests. It only names wallbreaker in the 2nd test. In the other three it states OLE is trying to connect through Internet Explorer. If I deny, Wallbreaker fails. This is true with or without an instance of IE open. See attached picture.
[attachment deleted by admin]
I am unable to duplicate your results. I pass all 4 tests if I uncheck that box. But I fail 3 of 4 tests if I have that box checked an have IE open. Go figure…?
I was having the same problem several weeks ago. Egemen told me to go to HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal\AppCtrl and delete the IPC key. (Comodo has to be closed before it will delete.) then reboot computer and you should pass all 4 tests. Just to be sure, always backup registry before modyfying.
Here I found the post with his exact words:
Please do the following:
1- Delete HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\IPC key
2- Restart your PC
3- Open IE and restest.
I fail with 1,3,4 no matter what settings i use… >:(
dlhan, do you mean that i should delete the folder IPC and all subfolders (9) with it?
Yes, When you delete the IPC key all subfolders will also be deleted. If you are a little leary of deleting this key. I suggest you right click and choose “Export” save it somewhere easy to find like Desktop. Later if necessary you can “merge” it back into your registry. I don’t think it will be necessary to put it back, but better safe than sorry
Thanks!
Now I pass all tests in wallbreaker. 
Deleting IPC did make it pass. Why is it so?
I really don’t know. Be sure and give credit to egemen. I just passed the info along. I would make a note of this registry hack, just in case you need it again. That is what I did.
I’m with Solo on this one. I really don’t want to take off the “Do not show alerts for the applications certified by COMODO” option because I don’t want to see 1000 popups per day from which I don’t even know half what is what, why, where and when. I also have alert frequency level set to “very low”. My solution to this Wallbreaker test, while keeping the precious option on, is to remove the rule where svchost.exe is the parent of iexplore.exe, since svchost.exe is used in tests 1,3 and 4. I just took that rule off and so far I’ve noticed only Windows Update Site to use svchost.exe as the parent of iexplore.exe.
So in the future I’ll only click allow BUT not the “remember this setting” when going to Windows Update, to prevent Comodo to create the rule. Now there is a popup and Comodo prevents Wallbreaker sending that info using iexplore.exe.
My questions are as follows:
Should my way be used instead of taking off the option “Do not show alerts for the applications certified by COMODO” in sense of preventing these (OLE automation) type of attacks?
Is iexplore.exe used sometimes, mostly or almost always in these OLE Automation techniques by bad guys (sending personal information to crackers)? i.e. has Firefox ever been used in such techniques?
What other events/programs in Windows XP use svchost.exe as the parent of iexplore.exe like Windows Update Site does?