New to this forum. Yesterday I was installing Winamp 5.541. At the very beginning of the installation process, I got a warning from D+ that winamp5541_full_emusic-7plus_en-us.exe is trying to access hard disk directly. I blocked that attempt, and the rest of the installation went fine.
The installer itself was just downloaded from winamp.com, and scanned with avast! 4.8, so it was clean from infections.
Why would an application installer need such an access? I’m out of thoughts
Anyone stumbled upon this? Any ideas?
I’m using CIS 3.5.54375.427 (without CAV component).
Nope Everything works fine. I’ll try to clarify: it was a single attempt at the very beginning of the installation process. I told D+ to block this attempt, but not to remember. After that, I decided not to switch to Installation Mode, so I could watch every change Winamp installer was about to make. There were no more direct disk access attempts through the rest of the installation.
Curiously, I noticed that some installers do that, not just Winamp installer. Secunia PSI, for example. I blocked such an attempt for PSI installer, and installation went just fine too.
I’m far from thinking that these installers REALLY wanted to write something to hard disk at physical level, not at file system level. It has to do something with how D+ detects such attempts, and might just be false alarms. I may be wrong, of course. Anyway, I think that fellow programmers at Comodo really should investigate
D+ intercepts direct disk access attempts in order to prevent malware from trying to erase/modify important system files, etc.
If you know that an application is safe, you may safely allow it. But, as you mentioned, you blocked it and still functions. But, you also said that you unticked the Remember my answer option, so that’s why Winamp is still able to fully function. Maybe if you try to open/save some file to your local disk, D+ will try to intercept it.
In other words, D+ alerts about “direct disk access” when some program tries to modify files which are listed in My Protected Files? Did I get it right?
D+ complained about the installer itself, not about winamp.exe, which was installed by installer. I guess that’s why Winamp is still able to fully function
Can’t confirm this to be happening with regular applications. As for now, I noticed this only with installers. But my setup may differ from yours. I have Proactive Security configuration selected, with all settings in their default state.
I have it from Firefox, Thunderbird, Internet Explorer, Windows media player, Adobe Reader, XNView, etc etc. I can’t believe they are all trying direct disk access. They did not with version 3.0. I think it is now too sensitive and security is reduced if they all get allowed.
If I well remember, D+ always asked for permissions when a process tries direct disk access. But, I agree, when you say that version 3.5 is more sensitive than ever. Something that should be worked.
May I suggest that you return CIS settings to their defaults? Shall you still get these alerts, then something might be very wrong with your system, like viral activity. If not, then you could apply your customizations step by step, eventually finding the one which causes those excessive alerts.
I can’t see any setting to return to default that might make a difference. I am sure I have no virus as I have a very secure PC (Limited users + software restriction policy + CFP + nod32 + a lot of knowledge).
Does anyone else have lots of applications doing direct disk access?
