Why is CPF - Defense+ Blocking these items?

I am using Comodo Firewall Pro version (32 bit, Windows XP SP2) which is set on: Firewall Security Level = Custom Policy Mode, Defense+ Security Level = Clean PC Mode.

When I boot up my PC, D+ automatically blocks the following suspicious attempts:

  1. C:\WINDOWS\System32\CSRSS.EXE - Terminate Process - C:\Program Files\COMODO\Firewall\CFP.EXE
  2. C:\Program Files\COMODO\CBOClean\BOC425.EXE - Access Memory - C:\Program Files\COMODO\Firewall\CFP.EXE
  3. C:\Program Files\COMODO\CBOClean\BOC425.EXE - Access Memory - C:\Program Files\COMODO\Firewall\CMDAGENT.EXE

When I performed an Update via CFP, D+ automatically blocks the following suspicious attempts:

  1. C:\Program Files\COMODO\CBOClean\BOC425.EXE - Access Memory - C:\Program Files\COMODO\Firewall\cfpupdat.exe
  2. C:\WINDOWS\EXPLORER.EXE - Terminate Process - C:\Program Files\COMODO\Firewall\cfpupdat.exe

(Please see the attached Print-Screen)

Isn’t Comodo a ‘trusted application’? Why is BOC425.EXE being blocked?

I tried to alleviate these ‘blocks’ by going into D+ “Computer Security Policy”, to “COMMODO Firewall Pro”, “Protection Settings”, and modifying “Interprocess Memory Accesses” and “Process Terminations” by adding BPC425.EXE as an exception. The strange thing is in this version of CFP, when I tried to ‘Apply’ these changes, they didn’t “take” at all and disappeared when I went back to check it. In CFP version 3.0.15, I was able to make this change without any problem. Why isn’t this procedure working in this version of CFP? How can I prevent these ‘blocks’ from occurring? Thanks.

[attachment deleted by admin]

My Logitech Set Point is showing memory access being blocked but yet everything works fine. .277 worked fine.

I even put it as trusted in D+.

These blocks are of actions by explorer and crss that do appear suspicious. You do not want them to terminate cfpudate or cfp. The boclean blocks look normal, due to cfp protecting itself. The others look like a virus that is trying to shut down Comodo.

You beat me to it sded,it looks fishy does that CSRSS.EXE cant see why that would be trying to terminate cfp.exe.
Allthough cmdagent.exe is the main program and cfp.exe just the GUI (i think) i`ve not seen it before.


ps get .295 and do the scan

How to get Comodo to trust Logitech fully and not block memory access?

Try this Vettetech it might work.Find the Logitech .exe`s in Defence+/Advanced/Computer Security Policy
Right click/Edit/Use a Custom Policy and click on access rights.You will get a Process access rights window/choose Modify next to Interprocess Memory Accessess and change to allow.

Should have asked this first,what target is Logitech trying to access?


No it never did. But I will try that.

Still having a problem even after doing what riggers said.

[attachment deleted by admin]

CFP protects itself and will not allow you to access its memory. It is a security issue to allow ANY program to do that.

This only happens when I I open up Comodo and click threw the menus.

Wasn’t happening with .277.

In 277 all you needed to do was

D+ → Advanced ->Comodo Firewall Pro (Allow for Protection Settings → Memory Access) → Add the
executable(s) in the exception list

This looks like it is broken or no longer allowed in 295. You can add stuff but it is ignored and disappears after applying the changes. Can someone verify this?


Maybe part of the Improved Self Defense in the release notes? Sounds like a bad security practice to allow memory access to the firewall. Or terminations or … by other programs. :frowning:

Is this a mouse click fix which was found out by PC Mag.?

U mean the fake mouse click series ? 88)

Read here.


Yeah I know, I know. I read it a long time before (:LGH) And I think that Comodo took that in mind and it is or will be fixed (:WIN)

Then I don’t understand why the ‘Protection Settings’ was left enabled. It may be an improvement, but I don’t like the sloppy way it was implemented. I guess we’ll have more D+ events to ignore now that we can no longer allow CFP exceptions. I previously had SAS, AVG, A-Squared, etc. in the exception list to keep the Access Memory warnings out of the D+ event log when running scans.


Rather annoying when it says there is 1 blocked item or 3 or 5 in your D+ log and the item has been around longer then Comodo. Logitech software is a trusted apps and should not come up as a suspicious item.