what is explorer.exe doing and why does DF+ block it in such high frequency?

hello, everyone!

the defense+ component has been behaving insanely since the firewall was installed. it blocks explorer.exe many times per second, and i got thousands of items in the DF+ logging in an hour!!! I’m expecting your suggestions to fix the problem. thank you!!

2012-03-02 10:53:03 C:\WINDOWS\explorer.exe Access Memory D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
2012-03-02 10:53:03 C:\WINDOWS\explorer.exe Access Memory D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
2012-03-02 10:53:03 C:\WINDOWS\explorer.exe Access Memory D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
2012-03-02 10:53:03 C:\WINDOWS\explorer.exe Access Memory D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
2012-03-02 10:53:03 C:\WINDOWS\explorer.exe Access Memory D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
2012-03-02 10:53:03 C:\WINDOWS\explorer.exe Access Memory D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
2012-03-02 10:53:03 C:\WINDOWS\explorer.exe Access Memory D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
2012-03-02 10:53:03 C:\WINDOWS\explorer.exe Access Memory D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
2012-03-02 10:53:03 C:\WINDOWS\explorer.exe Access Memory D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
2012-03-02 10:53:03 C:\WINDOWS\explorer.exe Access Memory D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
2012-03-02 10:53:03 C:\WINDOWS\explorer.exe Access Memory D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
2012-03-02 10:53:03 C:\WINDOWS\explorer.exe Access Memory D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
2012-03-02 10:53:03 C:\WINDOWS\explorer.exe Access Memory D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
2012-03-02 10:53:03 C:\WINDOWS\explorer.exe Access Memory D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
2012-03-02 10:53:03 C:\WINDOWS\explorer.exe Access Memory D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

Hi louis007, welcome to the forums.

The following URL tells you how to resolve this issue…

 [url=https://forums.comodo.com/defense-sandbox-faq-cis/access-memory-event-log-entries-how-can-i-suppress-these-v5-t61745.0.html]'Access memory' event log entries - how can I suppress these? [v5][/url]

These messages are merely part of CIS’s default self-protection mechanisms.

However, it is fairly unusual for these messages to be generated by Explorer.exe. I can only imagine that it is an Explorer add-on that is causing this… quite likely a Right Click context menu add-on. I can think of no reason why Explorer, itself, would require or need access to CMDAGENT’s memory space. This type of issue if most often caused by processes that have a reason to scan other processes memory space… eg. Security Applications, Process Managers, etc.

What Kail suggests will fix the apparent problem, but I do wonder why explorer is giving these alerts

  • do yo have a patched version of explorer?
  • have you previously changed the memory protection exclusion settings for the Comodo group in D+ rules?

Else something could be using explorer to do this, which opens up less pleasant possibilities.

Best wishes

Mouse