What's Running & cfp

I’m getting thousands of log entries similar to these:
11/7/2008 10:36:31 AM E:\Program Files\WhatsRunning\WhatsRunning.exe Access Memory E:\Program Files\Comodo\Firewall\cfp.exe
11/7/2008 10:36:35 AM E:\Program Files\WhatsRunning\WhatsRunning.exe Access Memory E:\Program Files\Comodo\Firewall\cfp.exe
11/7/2008 10:36:37 AM E:\Program Files\WhatsRunning\WhatsRunning.exe Access Memory E:\Program Files\Comodo\Firewall\cfp.exe
11/7/2008 10:36:39 AM E:\Program Files\WhatsRunning\WhatsRunning.exe Access Memory E:\Program Files\Comodo\Firewall\cfp.exe

This continues every few seconds as long as I have What’s Running running.

64 bit CPU
32bit WinXP pro SP3
CIS Configuration Report attached
Administrator account.

[attachment deleted by admin]

Cpf.exe memory is protected that is why you keep getting these blocked memory accesses by WhatsRunning.exe I presume it checks the memory during it’s check for processes running.
Dennis

Yes is checks memory often as it updates which processes are using what percentage of cpu cycles.

Is there a way to stop defense+ from worrying about what What’s Running is doing?

You can allow it access to the memory of cpf.exe, but thats not a good idea really as it creates a way to attack cpf.exe through WhatsRunning.exe.
Dennis

How do I allow it access?

OR, is there a way to disable logging of that specific item without stopping other logging? I often keep WR open for long periods - but with thousands of that specific entry, other entries that I might really need to are constantly getting buried.

(I’ll admit that I’ve yet to grok but a few of the possible ways CFP/CIS might be bent to my will.)

I do not advise you to add it.
Sorry I do not know of a way to stop logging.

Defence+/Advanced/Computer Security Policy.
Screenshot below this was for CPF3 but the same applies for Comodo Internet Security choose this to edit and follow screenshot add WhatsRunning.exe in the last page at the bottom from running processes or browse do not forget to click apply on all four pages.
Dennis

[attachment deleted by admin]

I’ve been using WhatsRunning for years and trust it as much as I trust COMODO.

Are you saying that WR can be used as a vector by nefariousware from a third party?

Select Defense+/Advanced/Computer Security Policy.
Scroll down to Comodo Internet Security, select Edit/Protection Settings.
Interprocess memory Access (Active Yes) select Modify/Add/Running processes.
Scroll down to locate the application. Click it and click “Select”.
Then just “Apply” to each window as you exit.

I’ve used this method several times with programs/drivers trying to access the memory CIS is using.
I also noted the same programs/drivers were tested by CLT and D+ blocked each of them successfully.
(my score 340/340)
The above is your answer/solution.

As you trust it as much as you do your firewall I do not see a problem allowing access.
Thank you
Dennis

Cynic that I am, trust can never be a 100% thing. As far as I can I trust WR and COMODO, as offered by their respective vendors, to Do No Harm.

But that still leaves me with the newbie question: “Can WR, or other apps existing on my system for that matter, be compromised by nefariousware from a third party and used as a vector into other running processes?”

Anything is posisible but the chances of it happening are very small.
There is easier ways of doing this thorough windows.
I have seen someone allow Windows Media Player access, why I do not know?
Dennis