Possible Comodo Troubles

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > AntiVirus, Firewall and Privacy Products and Protection Methods

Possible Comodo Troubles, plus an interesting pandascan encounter

Options

athelos View Member Profile	Jan 27 2008, 07:47 PM Post #1
Member Group: Members Posts: 136 Joined: 10-December 06 Member No.: 100,544	I tried doing a panda scan on my computer recently but it sent my firewall crazy. I have recently downloaded a new firewall called comodo and am still learning the ins and outs of it. When I started the scan i got alerts saying that iexplore.exe was trying to create/modify folders. I had a look and the target was in comodo. At about the same time I got a pop up from panda saying that it had detected a file called security.dll that should be sent to their lab for closer examining or along those lines at least. I started to panic and closed the internet down. I restarted and tried the scan again. I got the alerts from comodo again but no warnings from panada about this security.dll. I had a bit of a read and set the rule on the firewall to allow but not to remember my answer. Within moments i got another alert about the same thing but the number at the end of the file name had changed. I allowed and got another. So ive given up until i can get a more knowledgable opinion on the matter. So in a nutshell, is this usual behavior of a firewall when doing online scans (if so why didnt it happen with my old firewall?)? Also, what the hell is this security.dll and why would it make pandascan worried? Thanks in advance for any help. Mod Edit: Topic moved to a more appropriate forum. This post has been edited by quietman7: Jan 27 2008, 10:53 PM -------------------- Don't worry about the world coming to an end today. It's already tomorrow in Australia. --Charles Schultz

nigglesnush85 View Member Profile	Jan 27 2008, 09:20 PM Post #2
Forum Addict Group: HJT Junior Classmen Posts: 4,104 Joined: 7-January 07 From: UK Member No.: 105,123	Hello, The simple answer to your question is yes this is usual behaviour for the firewall, the reason this didn't happen with your old one would probably be because it focused on one connection for example pandascan and allowed it and every subsequent packet from panda through and did not monitor the system unlike comodo. Security.dll is part of windows, if it has been infected it may triger an alert. If you have downloaded the latest comodo, it contains a new feature called defence, the defence feature is really quite good as it will monitor areas in windows that can be used maliciously. The first time you use the firewall and a browser such as IE, you will be swamped by alerts saying its trying to modify something and is trying to connect to the internet, most of these are harmless although some can be legitimate threats. The system is quite robust as it has two layers of protection, the first is a firewall monitoring inbound and outboud traffic, if anything gets past the firewall and starts to install or modify something, you will be alerted to it. Again, if you are installing something then you will be alerted and can be quite annoying, however its better safe than sorry. The security.dll file I believe comes with windows, however it may have been infected and you may want to submit it to them for analysis -------------------- Regards Alan

athelos View Member Profile	Jan 28 2008, 07:07 AM Post #3
Member Group: Members Posts: 136 Joined: 10-December 06 Member No.: 100,544	Ok ill do a complete scan and if the security.dll comes up again ill submit. Thanks for clearing this up for me -------------------- Don't worry about the world coming to an end today. It's already tomorrow in Australia. --Charles Schultz

nigglesnush85 View Member Profile	Jan 28 2008, 08:22 AM Post #4
Forum Addict Group: HJT Junior Classmen Posts: 4,104 Joined: 7-January 07 From: UK Member No.: 105,123	No problem, let us know how it goes. -------------------- Regards Alan

athelos View Member Profile	Jan 28 2008, 08:33 AM Post #5
Member Group: Members Posts: 136 Joined: 10-December 06 Member No.: 100,544	So i tried the panda scan and allowed it to create/modify the file or whatever it wanted to do and set it to remember my answer. I still get another warning though because the files it is trying to create/modify are different names, which pauses the scan. I dont know how long this would take if it means i have to sit here and allow a file every 100 files panda scans. I never got this problem with the windows firewall and i got to ask. In your opinion, what is the better of the two? Windows firewall or comodo? Also, I had a search on my computer for the security.dll file and i have a few apparantly. I think the one spotted by panda was this one: C:\ProgramFiles\Linksys Wireless-G USB Wireless Network Moniter I also have one in system32, service pack and C:\WINDOWS\Microsoft.NET\Framework\ (then it states 2 different versions). Sound normal? -------------------- Don't worry about the world coming to an end today. It's already tomorrow in Australia. --Charles Schultz

nigglesnush85 View Member Profile	Jan 28 2008, 08:44 AM Post #6
Forum Addict Group: HJT Junior Classmen Posts: 4,104 Joined: 7-January 07 From: UK Member No.: 105,123	Regarding the firewall alerts, there should be an option on the alert to treat the application as then choose trusted, this will stop it from alerting you about most of it. With regards to which is better comodo or windows firewall, If I had the choice 10/10 times I would choose comodo I believe that it is far superior to windows firewall. The security.dll is an interesting issue I have searched my computer and only have one. However, I have not installed any linskeys products so can't say if it is a part of them or not, either way you should submit it to be safe. -------------------- Regards Alan

athelos View Member Profile	Jan 28 2008, 08:48 AM Post #7
Member Group: Members Posts: 136 Joined: 10-December 06 Member No.: 100,544	thanks again for the help -------------------- Don't worry about the world coming to an end today. It's already tomorrow in Australia. --Charles Schultz

nigglesnush85 View Member Profile	Jan 28 2008, 08:52 AM Post #8
Forum Addict Group: HJT Junior Classmen Posts: 4,104 Joined: 7-January 07 From: UK Member No.: 105,123	No problem, let us know if it is giving you any more troubles. -------------------- Regards Alan

athelos View Member Profile	Jan 28 2008, 09:02 AM Post #9
Member Group: Members Posts: 136 Joined: 10-December 06 Member No.: 100,544	Sorry me again. I just switched back to comodo as you recommended and its asking a load of questions. Its saying that it couldnt recognise iexplore.exe but i allowed that. the one i couldnt understand though was svchost.exe. It tried to connect to the internet and it didnt think it should. Also, straight after i clicked block (but not to remember just incase i have to change) i got an alert saying svchost.exe was trying to recieve from the interent. Sorry for all the questions but im used to the windows firewall and it was never like this. I dont want to be blocking something im not supposed to and allowing something thats dangerous... I think im over my head abit. Edit for terrible typos This post has been edited by athelos: Jan 28 2008, 09:03 AM -------------------- Don't worry about the world coming to an end today. It's already tomorrow in Australia. --Charles Schultz

nigglesnush85 View Member Profile	Jan 28 2008, 10:05 AM Post #10
Forum Addict Group: HJT Junior Classmen Posts: 4,104 Joined: 7-January 07 From: UK Member No.: 105,123	Thats no problem, I had the same problems when I first started out, you can use trial and error, or you can use search engines to identify each program trying to connect to the internet. iexplore is your IE browser and svchost is a collection of pocesses. In comodo there is a section in the defence+ where you can tell it to add files to be ignored in the future or you can set the firewall to not display as many pop ups. The best way to learn is to go through the program and make a list of questions and make note of areas that are confusing. The reason why windows firewall didn't display these warnings is because it wasn't designed to do all the features that comodo does. -------------------- Regards Alan

bluesjunior View Member Profile	Jan 29 2008, 05:03 AM Post #11
Forum Regular Group: Members Posts: 326 Joined: 6-October 06 Member No.: 88,787	When you do stuff like this in Comodo V3 when the alert box comes up there is an option to treat as an installer/updater. Check this box and you won't get the constant pop up boxes. Comodo also has a popup asking if you want to set the Firewall back to the normal mode wait until you have finished scanning before clicking yes. Comodo is without doubt the best Firewall in the business in my opinion. Just set both Network Defence and ProActive Defence to Train with Safe Mode and forget about it. They also have an excellent support forum at the link below for anything you are unsure of. http://forums.comodo.com/

« Next Oldest · AntiVirus, Firewall and Privacy Products and Protection Methods · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th January 2009 - 04:35 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides