I tried doing a panda scan on my computer recently but it sent my firewall crazy. I have recently downloaded a new firewall called comodo and am still learning the ins and outs of it. When I started the scan i got alerts saying that iexplore.exe was trying to create/modify folders. I had a look and the target was in comodo. At about the same time I got a pop up from panda saying that it had detected a file called security.dll that should be sent to their lab for closer examining or along those lines at least. I started to panic and closed the internet down. I restarted and tried the scan again. I got the alerts from comodo again but no warnings from panada about this security.dll. I had a bit of a read and set the rule on the firewall to allow but not to remember my answer. Within moments i got another alert about the same thing but the number at the end of the file name had changed. I allowed and got another. So ive given up until i can get a more knowledgable opinion on the matter.
So in a nutshell, is this usual behavior of a firewall when doing online scans (if so why didnt it happen with my old firewall?)? Also, what the hell is this security.dll and why would it make pandascan worried?
Thanks in advance for any help.
Mod Edit: Topic moved to a more appropriate forum.
Full Version: Possible Comodo Troubles
Hello,
The simple answer to your question is yes this is usual behaviour for the firewall, the reason this didn't happen with your old one would probably be because it focused on one connection for example pandascan and allowed it and every subsequent packet from panda through and did not monitor the system unlike comodo. Security.dll is part of windows, if it has been infected it may triger an alert.
If you have downloaded the latest comodo, it contains a new feature called defence, the defence feature is really quite good as it will monitor areas in windows that can be used maliciously. The first time you use the firewall and a browser such as IE, you will be swamped by alerts saying its trying to modify something and is trying to connect to the internet, most of these are harmless although some can be legitimate threats.
The system is quite robust as it has two layers of protection, the first is a firewall monitoring inbound and outboud traffic, if anything gets past the firewall and starts to install or modify something, you will be alerted to it. Again, if you are installing something then you will be alerted and can be quite annoying, however its better safe than sorry.
The security.dll file I believe comes with windows, however it may have been infected and you may want to submit it to them for analysis
The simple answer to your question is yes this is usual behaviour for the firewall, the reason this didn't happen with your old one would probably be because it focused on one connection for example pandascan and allowed it and every subsequent packet from panda through and did not monitor the system unlike comodo. Security.dll is part of windows, if it has been infected it may triger an alert.
If you have downloaded the latest comodo, it contains a new feature called defence, the defence feature is really quite good as it will monitor areas in windows that can be used maliciously. The first time you use the firewall and a browser such as IE, you will be swamped by alerts saying its trying to modify something and is trying to connect to the internet, most of these are harmless although some can be legitimate threats.
The system is quite robust as it has two layers of protection, the first is a firewall monitoring inbound and outboud traffic, if anything gets past the firewall and starts to install or modify something, you will be alerted to it. Again, if you are installing something then you will be alerted and can be quite annoying, however its better safe than sorry.
The security.dll file I believe comes with windows, however it may have been infected and you may want to submit it to them for analysis
Ok ill do a complete scan and if the security.dll comes up again ill submit. Thanks for clearing this up for me
No problem, let us know how it goes.
So i tried the panda scan and allowed it to create/modify the file or whatever it wanted to do and set it to remember my answer. I still get another warning though because the files it is trying to create/modify are different names, which pauses the scan. I dont know how long this would take if it means i have to sit here and allow a file every 100 files panda scans.
I never got this problem with the windows firewall and i got to ask. In your opinion, what is the better of the two? Windows firewall or comodo?
Also, I had a search on my computer for the security.dll file and i have a few apparantly. I think the one spotted by panda was this one:
C:\ProgramFiles\Linksys Wireless-G USB Wireless Network Moniter
I also have one in system32, service pack and C:\WINDOWS\Microsoft.NET\Framework\ (then it states 2 different versions). Sound normal?
I never got this problem with the windows firewall and i got to ask. In your opinion, what is the better of the two? Windows firewall or comodo?
Also, I had a search on my computer for the security.dll file and i have a few apparantly. I think the one spotted by panda was this one:
C:\ProgramFiles\Linksys Wireless-G USB Wireless Network Moniter
I also have one in system32, service pack and C:\WINDOWS\Microsoft.NET\Framework\ (then it states 2 different versions). Sound normal?
Regarding the firewall alerts, there should be an option on the alert to treat the application as then choose trusted, this will stop it from alerting you about most of it.
With regards to which is better comodo or windows firewall, If I had the choice 10/10 times I would choose comodo I believe that it is far superior to windows firewall.
The security.dll is an interesting issue I have searched my computer and only have one. However, I have not installed any linskeys products so can't say if it is a part of them or not, either way you should submit it to be safe.
With regards to which is better comodo or windows firewall, If I had the choice 10/10 times I would choose comodo I believe that it is far superior to windows firewall.
The security.dll is an interesting issue I have searched my computer and only have one. However, I have not installed any linskeys products so can't say if it is a part of them or not, either way you should submit it to be safe.
thanks again for the help 
No problem, let us know if it is giving you any more troubles.
Sorry me again. I just switched back to comodo as you recommended and its asking a load of questions. Its saying that it couldnt recognise iexplore.exe but i allowed that. the one i couldnt understand though was svchost.exe. It tried to connect to the internet and it didnt think it should. Also, straight after i clicked block (but not to remember just incase i have to change) i got an alert saying svchost.exe was trying to recieve from the interent. Sorry for all the questions but im used to the windows firewall and it was never like this. I dont want to be blocking something im not supposed to and allowing something thats dangerous... I think im over my head abit.
Edit for terrible typos
Thats no problem, I had the same problems when I first started out, you can use trial and error, or you can use search engines to identify each program trying to connect to the internet.
iexplore is your IE browser and svchost is a collection of pocesses. In comodo there is a section in the defence+ where you can tell it to add files to be ignored in the future or you can set the firewall to not display as many pop ups.
The best way to learn is to go through the program and make a list of questions and make note of areas that are confusing.
The reason why windows firewall didn't display these warnings is because it wasn't designed to do all the features that comodo does.
iexplore is your IE browser and svchost is a collection of pocesses. In comodo there is a section in the defence+ where you can tell it to add files to be ignored in the future or you can set the firewall to not display as many pop ups.
The best way to learn is to go through the program and make a list of questions and make note of areas that are confusing.
The reason why windows firewall didn't display these warnings is because it wasn't designed to do all the features that comodo does.
When you do stuff like this in Comodo V3 when the alert box comes up there is an option to treat as an installer/updater. Check this box and you won't get the constant pop up boxes. Comodo also has a popup asking if you want to set the Firewall back to the normal mode wait until you have finished scanning before clicking yes.
Comodo is without doubt the best Firewall in the business in my opinion. Just set both Network Defence and ProActive Defence to Train with Safe Mode and forget about it. They also have an excellent support forum at the link below for anything you are unsure of.
http://forums.comodo.com/
Comodo is without doubt the best Firewall in the business in my opinion. Just set both Network Defence and ProActive Defence to Train with Safe Mode and forget about it. They also have an excellent support forum at the link below for anything you are unsure of.
http://forums.comodo.com/
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.