I start a document, I get a popup from CFW stating…
Date/Time :2006-10-22 23:45:10
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP Out
Destination: 192.168.2.1:dns(53)
Details: C:\Program Files\Microsoft Office\Office\WINWORD.EXE has tried to use C:\Program Files\Mozilla Firefox\firefox.exe through OLE Automation, which can be used to hijack other applications.
I start up my reader and get another popup:
Date/Time :2006-10-22 20:55:47
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP Out
Destination: 192.168.2.1:dns(53)
Details: C:\Program Files\CFS-Technologies\Speakonia\Speakonia.exe has tried to use C:\Program Files\Mozilla Firefox\firefox.exe through OLE Automation, which can be used to hijack other applications.
I deny these programs access, my DSL connection stops working. I have to close down Firefox and start it over again. However, if I start ANY program on my hard drive, I get the same popup for every one. Even hours later. And, I get more than one destination dns address (sometimes up to 8 or 9). How do I put a stop to this? I have blocked all of these programs through ‘activity–connections’ and through ‘security–app monitor’ and ‘security–component monitor’. I have used Avast and CAV to check for viruses, Ad-aware SE to check for trojans, and have found nothing. How can I set up CFW to block the programs without blocking Firefox??? I also get this with Windoze IE, not just Firefox.
If you do a search of the forum you will find many queries regarding OLE automation and the problems you have been encountering.
Right now there seems to be no easy solution. You could go to Security/Advanced/Monitor COM/OLE Automation Attempts and uncheck the box, but personally I feel thats a poor soultion.
Basically watch this space, hopefully it will be fixed it a future release, but now it seems to be by design.
The other side of things, if you deny things like firefox, etc…no , you won’t get connected. Most of these programs access the internet for some good reason and if you read the above, you will know a bit more about OLE automation. Let me explain this way, yes there is a problem when blocking OLE’s, that you lose connection. However, many like microsoft office are probably looking for updates, etc…and since they don’t have their own update engine, they use ole automation. The second, well, if you deny Firefox, it’s obviously not going to connect. CPF can’t distinguish between all good and bad OLE’s so it’s up to us to do so. The problem once again, even if we decide, it still blocks the internet. Now, if you have trusted apps and know what they are, like the two you mentioned, I would simply allow them. You can set the alerts Go to Security, Advanced, Application Behavior and Analysis, uncheck monitor OLE\Com box. If you dont’ want to do so, you can also set how often or severity of alerts, Do same as above but go to Miscellanious and set the level to low, you will get less of them and this is what I did as well until the issue is resolved.
Hi, Toggie,
Thank you for the info. I will indeed be keeping up with this post. However, I did do a search first, but what I found did not cover ALL programs on the hard drive trying to access the internet. The posts I found were for Explorer or svchost.exe or services.exe. I’m talking about OpenOffice.org, Speakonia, Word, Excel, Powerpoint, and several other .exe’s that I can’t think of right now. Any finger pointing in the direction of a solution or at least an understanding would be nice as well. later.
later.