Weird security problem (Defense+)

xman98493 · November 4, 2008, 10:12pm

Hi,

I have Vista Home Premium machine with SP1 and latest updates installed, Comodo 3 latest version, AVG Antivirus, Lavasoft Ad-Aware. After the recent update some strange things started to happen with Defense+.

Now all kind of applications (including Windows one’s such as notepad.exe) try to access DLL’s randomly and direct disk access, here is a log example (it didn’t happen before). This is really annoying, after thinking that it may be a virus, I ran a full scan and tried to track down any file modification. The MD5 signature of those executables wasn’t altered and corresponds to the one of original files provided by Microsoft. It’s set to “Paranoid Mode”.

04/11/2008 22:29:59 C:\Windows\System32\notepad.exe Modify File C:\Windows\System32\shdocvw.dll
04/11/2008 22:30:16 C:\Windows\System32\notepad.exe Modify File C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
04/11/2008 22:31:07 C:\Windows\System32\notepad.exe Direct Disk Access C:
04/11/2008 22:31:09 C:\Windows\System32\notepad.exe Direct Disk Access C:
04/11/2008 22:31:12 C:\Windows\System32\notepad.exe Direct Disk Access C:
04/11/2008 22:31:15 C:\Windows\System32\notepad.exe Modify File C:\Windows\system32\PhotoMetadataHandler.dll
04/11/2008 22:31:18 C:\Windows\System32\notepad.exe Modify File C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL
04/11/2008 22:56:28 C:\Windows\System32\FirewallControlPanel.exe Direct Disk Access C:
04/11/2008 22:56:33 C:\Windows\System32\FirewallSettings.exe Modify File C:\Windows\system32\ieframe.dll

When I allow it to “modify file” for testing purposes the file remains same (MD5 signature not changed). What could cause this?

system · November 4, 2008, 10:46pm

Yes, in version 3.5, Defense+ acts in crazy ways. It freaked me out. I had to set some of the apps as trusted applications. Even the single thing of saving files with Opera browser turned into a living hell!!! I had to set it as trusted application.

I think I will go back to version 3.0, if Comodo doesn’t work D+ better.

xman98493 · November 4, 2008, 10:59pm

Yeah, there is also ICS problems which didn’t happen prior the update, I was thinking it may be because it need some reconfiguration but after trying a lot of possibilities, I think it’s related to the update itself.

xman98493 · November 18, 2008, 10:10pm

So this problem isn’t going to be fixed in the latest update?

Also I just updated Comodo to the latest version and there is another bug, it keeps popping up saying that there is updates available (although they are already installed), then when I click on install nothing happens.
When going to Check For Updates (in the miscellaneous tab) it says that updates are available but clicking on install shows a installing updates message and says there is no updates available… but it’s not really a problem
just some minor issue. In the about box product version is 3.5.55810.432.

Another problem is that the Windows Security Center doesn’t recognize CFP anymore even after the latest udpate.