Comodo Firewall

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > AntiVirus, Firewall and Privacy Products and Protection Methods

Comodo Firewall, What's this about?

Options

Wendy K. Walker View Member Profile	Jan 31 2008, 04:56 AM Post #1
Senior Member Group: Members Posts: 511 Joined: 28-June 05 Member No.: 25,107	Hi Everyone, I have just recently installed the Comodo firewall to see how it worked. Everything seems to be working as it should, however, I've started getting an alert that has me wondering. It says --> abcxyz.exe is trying to obtain elevated privileges and is about to obtain System Time Privileges. [EDIT: Please note that 'abcxyz.exe' is NOT the actual name of the files that I am talking about here.] I've gotten that alert on several different programs. Can someone tell me what the heck "System Time Privileges" are and whether it's safe to let a program get them? Another alert that has popped up on several programs says --> abcxyz.exe is attempting to access a2service.exe and tells me that --> this will allow the parent application to fully control the target. [EDIT: Please note that 'abcxyz.exe' is NOT the actual name of the files that I am talking about here.] I know what the abcxyz.exe programs are BUT I don't understand why they would want to access the a2services.exe thingy. I think that the a2 thing is part of my anti-dialer program. Thanks for any insight into this stuff. Wendy This post has been edited by Wendy K. Walker: Jan 31 2008, 05:10 PM -------------------- Democracy is what allows two starving wolves to sit down at the kitchen table, with a nice fat sheep, to discuss what to have for dinner. Freedom is what the sheep has because he has a gun. Windows XP Home Edition SP 2

DASOS View Member Profile	Jan 31 2008, 06:33 AM Post #2
Malware hunter Group: HJT Team Posts: 1,471 Joined: 7-February 06 From: Greece loutraki 6 km from korinth canal Member No.: 54,061	Hi Wendy abcxyz.exe Is a part of the Wareout infection See here: http://www.bleepingcomputer.com/startups/A....exe-14237.html I suggest you post a HijackThis log for examination. A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer. Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it difficult to properly clean your system. Please read, and follow, all directions carefully!!! Read Preparation Guide for use before posting a HijackThis Log. Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet. A member, of the HJT Team, will help you out. It may take a while to get a response, because the HJT Team are very busy. Please, be patient. NOTE: Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner. -------------------- Stelios BleepingComputer Security Blog Stelios-DASOS & Black_Swan security info

Wendy K. Walker View Member Profile	Jan 31 2008, 05:02 PM Post #3
Senior Member Group: Members Posts: 511 Joined: 28-June 05 Member No.: 25,107	Hi DASOS, Thanks for the reply. DRAT & DOUBLE DRAT!! Now who the heck woulda thunk that there was actually such a thing as a file named abcxyz.exe ? I will be editing my original post to indicate that abcxyz.exe is not the actual name of the files that are wanting to up-grade their status. I just used that designation instead of listing the actual files by name. I know that the .exe's that are trying to get more privileges are safe as I've been running them for a couple of years. I actually think that I may need to change a setting or two in COMODO to stop that from happening because I had opened them previously with no such alert being generated. Then in a moment of blondness, and while acting like I knew what I was doing, I went click happy in some of the settings and changed some things and that was when those alerts started popping up. I'm mostly curious as to what the System Time Privilege thing is and whether or not .exe's should have it. Thanks again for your reply, and I'm sorry about the confusion too. Wendy -------------------- Democracy is what allows two starving wolves to sit down at the kitchen table, with a nice fat sheep, to discuss what to have for dinner. Freedom is what the sheep has because he has a gun. Windows XP Home Edition SP 2

DASOS View Member Profile	Feb 1 2008, 08:33 AM Post #4
Malware hunter Group: HJT Team Posts: 1,471 Joined: 7-February 06 From: Greece loutraki 6 km from korinth canal Member No.: 54,061	You hit the jack pot!!! Anyway I’m glad your comp is not infected!! I believe almost every program .exe (looks) at the time and synchronize with the system, e.g. AVG anti Spyware 30 day trial, needs to know time date, to tell you hm… you forget to pay I’m going to stop the real time protection, and update. Your antivirus can’t do a scheduled scan if it doesn’t know the time. Also windows monitors the time that every exe is running. Probably someone else can explain the above with better terms, but I believe you got the main picture! -------------------- Stelios BleepingComputer Security Blog Stelios-DASOS & Black_Swan security info

Drewcat View Member Profile	Feb 1 2008, 10:54 AM Post #5
New Member Group: Members Posts: 4 Joined: 16-January 08 Member No.: 183,852	Comodo has a support forum you can use. Id go over there and ask. Also having the specifics written down will help. Might not be a bad idea to also have a HJT log looked at here to check for any malware. I have comodo firewall and havent had any issues with it. Only thing maybe is your protection settings somehow got set too high? Really, they'd know more about this over at Comodo if it is a false alarm of some sort. Until then I would deny it and see if it caused any problems.

Wendy K. Walker View Member Profile	Feb 2 2008, 04:58 AM Post #6
Senior Member Group: Members Posts: 511 Joined: 28-June 05 Member No.: 25,107	Hi DASOS, Thanks for the reply. OK, I can understand things needing to know the time in that respect. I denied it though and things seemed to work fine. But I couldn't figure out what I had done wrong so I had disconnected from the Internet and un-installed COMODO. Then reinstalled Zone Alarm, got back on the Internet, downloaded COMODO and started the install wizard. I stopped at the Zone Alarm incompatibility notice and had started un-installing Zone Alarm. That was when the SpyBot S&D resident kicked up an alert > Category: System Startup Global Entry, Change: Value Added, but the Entry and New Data fields were both blank. Me being nosy, I clicked the Info button and found > Current File Name, it was blank and followed by; Database Status: Not Required-Virus, SpyWare, malware, or other Resource hog. Value: was blank, Filename: System32.exe, Description: Added by the AGOBOT-KU WORM! Note- has blank entry under the Startup Item/Name field. Source: Paul Collins Startup List. Needless to say I denied that operation and ran my AV program and sure enough it found that Trojan hiding in two different places. I was able to quarantine one instance of it but had to delete the other instance for some reason. The file where that thing was hiding has BEEN in my PC since at least 22 May 07 but for some reason my AV has never picked it up before. Hi Drewcat, Thanks for the reply. Yeah, I went over there and opened an account, now I'll be doing a lot of reading over there too. But now I'm off to post a HJT just to make sure that I got all of that Trojan. Wendy -------------------- Democracy is what allows two starving wolves to sit down at the kitchen table, with a nice fat sheep, to discuss what to have for dinner. Freedom is what the sheep has because he has a gun. Windows XP Home Edition SP 2

« Next Oldest · AntiVirus, Firewall and Privacy Products and Protection Methods · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th January 2009 - 07:23 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides