Weird Firefox Application Monitoring

nikos.no-ip.org/test/firefox.jpg

Look the above pic plz and give me an idea why iam having almost 10 similar enries in application monitor.

Was it part of the RC attack?
Is there a way to tell firefox onlt to be opened after my call and not after every trojan like tmp file call it to open?

Parents are different. When you install, or configure and restart firefox, usually setup.exe or the configuration utility become the parent. If I were you, I would only keep the rules whose parent explorer.exe and/or outlook.exe and delete the rest. Redundant.

Egemen

Thatws what thought also. but when firefox restarts it askes me to allow more connectiosn like in 127.0.0.1 dns and such.

what should i do? and what explorer.exe does exaclty? is it like services.exe?

Egemen

Would it be possible to have an option so that you could ignore the parent by default? So CPF would only be interested in the application that is communicating.

:slight_smile:

Hey Nikos try cleaning out your temp folders and delete unecessary files. Then get rid of all applications referring to firefox.exe in comodo and have it reset itself. Then launch your browser over.

Thanks yankin, i did all that yesterday after the last attack, calso updated comodo and fixes the rules.

also chnaged some things in htaccess settings, but somehting tells me that they can hack me again and redo the cgi-temp hack thing sicne they alreay found 2 ways.

also i am noticing connections on 127.0.0.1 very often.

Any one knwos why is that? why an app would want to bind to 127.0.0.1 instead of my 10.0.0.2 that the router forwrded traffic leads to?!

ps. When v2.4 Comodo will be out?!