Why over 8000 alerts in D+ for TiVoNotify.exe

Using XP Pro … latest Comodo … everything up to date.

I keep getting alerts for one file “TiVoNotify.exe” (over 8000 so far). The ‘Flag’ is ‘Memory Access’ and the ‘Target’ is ‘cmdagent.exe’. Why the tivo is trying to access that file makes no sense to me. Perhaps that’s why Comodo is blocking it…Ideas? Do I have a nefarious bug here?

Having all these alerts always displayed make me nervous.

Thanks Much,

Hey and warm welcome to comodo forums!

What you see comodo’s self-defense which is normal if something is trying to get Memory access to CIS files. Can you tell me what this is for software.

Valentin N

Belongs to the TiVo Desktop application…Use to transfer video from a TiVo DVR to the Computer.

Did a search for TiVo instead of TiVoNotify.exe, and found this post by Jacob.

<<<<<< Re: tivo notify alarming every 15 seconds >>>>>>>

Fits my case to a ‘T’.

Did that, but still shows 8462 blocked intrusions. Perhaps I need to reboot to clear it. I tried the log file clear, no joy. The machine is currently busy, I’ll try a reboot later.

Thanks for the reply,

If I were you I would let it be as it is; as long as the application and CIS is not disturbing then it’s all good. Does CIS give problems or you were just worried? If you want these alert to not appear I have a solution at that.

To be honest I find it strange that this application tries to access cmdagent.exe.

Valentin N

Yea, it kind of bothers me that it wants to access a Comodo file…don’t make sense why it should.

It is a free app from TiVo Inc, and never updated, so I imagine it is a bit buggy. I never use it anymore because of problems it had transferring files reliably. Found a better app to do the transfers with, but it still has to be installed for the decoder to allow conversion of .TVIO files to a .TS files with the VideoReDo app.

If I could just get rid of the alerts, as you suggested, I think that may be the best way to go.
I just don’t like looking at the ‘Comodo Status Screen’ and seeing all the ‘Blocks’. Then of course, you have to keep checking the log to see if it’s anything new.

What’s your idea on doing this?

Thanks Much,

  1. CIS → Defense+ → Computer Security Policy → Protected Files and Folders → Groups → Add → New Group… Now click once on “add files here” and Add then Add → Select Fromand → Browse… and add find the wanted folder

  2. CIS → Defense+ → Computer Security Policy → Add → Select → File Groups and make mark “Use a Predefined Policy” and select “Trusted program”

  3. CIS → Defense+ → Computer Security Policy → select Comodo Internet Securiy and press edit → Customize → Interprocess Memory Accesses → Modify → Add → File Groups → select the wanted group.

If it’s hard to follow tell me and I will make a video for you.

Valentin N

In step 1), Am I correct to assume that I give this ‘New Group’ any name I wish? …I called it TiVo; Did I do the right thing?

After completing all 3) steps, it seems like I’ve basically done the same thing that Jacob told me to do: Tell Comodo Defense+ to trust Tivonotify.exe…Right? If so, then I am still allowing a file to run that is doing an odd thing by accessing a Comodo file…Right?..Just …now, the file is in it’s own group.

If so…Guess I’ll just have to trust that file is doing nothing nefarious.

Thanks For Your Guidance,

Man…this editor is really screwy…can’t see what you’re typing. :slight_smile:

CIS is protecting its self. That’s what you are seeing.

There are two ways to go here. Don’t care that the logs fill up. Or allow Tivo to access CIS in memory as described by Valentin. It will make CIS a bit less secure; in case the Tivo program would get infected then the malware could try to take down the firewall.

My bottom line is to only allow memory access when the program requiring it, Tivo in you case, would not function properly.

Well…I thought I did this right, (Valentin’s ‘Group’ method) but I’m still getting the same TiVoNotify.exe alerts…just noticed that today.

His method seems right. Please check again.

May be you made a mistake somewhere; it happened to me that I closed a dialogue box not by using the Apply or OK button but using the X in the upper right corner… then it won’t save the changes…dohoh… :wink:

Got Me…Guess I’ll have to put up with the alerts.

Can you check to see if you all steps were followed?

When the problem persists post screenshots of the groups you made, the list of groups in set up and memory access exception you made?

The 4 attachments are numbered in the order opened.

If I’ve left something out, please let me know.



[attachment deleted by admin]

Thx. I think I see where the problem could be.

Could you move the rule for Tivo, in Defense + rules, to a place above the All Application rule and report back?

I dragged the TiVo folder to above the All Application folder, as shown in the attachment. Still getting the alerts. I assume the change is imeadiate…Just click OK…no reboot required?

[attachment deleted by admin]

Thanks for trying. The changes are instant like you said.

Did you make the exception in the CIS policy under the Access Rights tab? If that is the case; you need to make it under the Protections tab under Interprocess Memory.

Yes, I did, as shown in the attachment ‘Access Rights tab’…Did I do that on the wrong tab? Or do I need to do that on both tabs? The Protections Settings tab is a bit different (see Protections tab attachment) …Do I mark the Interprocess Memory "Active box’ then click ‘Modify’ to add the ‘TiVo Group Folder’ to the rule?

Seems a bit confusing…You’d think it should go under ‘Access Rights’, where as ‘Protection’ would prevent the file access.

EDIT:OK, I tried that, but stiill the same issue…if I did the correct thing.
Do I need to remove the Access tab part?

[attachment deleted by admin]

You need to edit the Protection rule for Interporcess memory access. That’s the key here because we want to allow Tivo to access CIS files in memory.

See attached picture as it may say more than a thousand words.

[attachment deleted by admin]

“A thousand words can make a deaf man blind.”

I think I see what you have done…the alerts have stopped anyway.

Instead of giving an executable ‘access permission’ to poke into Comodo’s memory, you told Comodo not to block access to the intrusion. I tried to make the change to the one file (cmdagent.exe) that TiVo wanted access to, instead of all in the group…but it wouldn’t let me…something about a Group and the changes would be discarded when the Group was modified…or something similar.
Seems it would be a bit safer if I could just grant an exclusion for access to just the one file (cmdagent.exe).

I removed all the other changes …‘TiVo Group’.

I noticed one odd thing I’d like your opinion on. (shown in the included attachment)
All the items in the ‘COMODO Internet Security’ Group have the Comodo Icon, except the one item that TiVoNotify.exe wants to poke around with…Coincidence or not?

Thanks Much,

[attachment deleted by admin]

With me cmdagent doesn’t have an icon either. That’s how it is.

You are right that it is better to only exclude for one file. But since cmdagent.exe is the executable that does the actual protection work and therefor has the biggest influence when it comes to security. When the other files would get terminated that is not much a problem; it’s not much of a risk there.