BleepingComputer.com: COMODO

Although I have been trying to keep up with the COMODO pop-up messages of various

activities, the last one evaded me. If anyone who may be into COMODO messages, can

reflect on this, I will much appreciate some feed back.

The last message went something like this a program or file, may be used to connect to

the internet, with possible results that may be used to hijack.

Sorry I missed this one, I did attemp a screen shot but I must have missed keyed,

because it did not paste.

The thing is it mentioned word pad, and or using word pad,

MY question is what does word pad have to do with connecting to the internet ?

I'm not sure I have digested the full meaning of Hijacking, but the, COMODO, threat

indication was full red with the red X ? I went to PC world and checked the slide show, it

quickly skips through the ones they have there, I did not spot the one I am referring to.

I've been there before but I don't recall such a hassle, viewing the various COMODO,

message examples.

I always click allow, since in the past, I seem to run into some problems, when I didn't.

I know I should take a tutorial, but can anyone answer or attempt to enlighten me

somewhat in the mean time?

This post has been edited by Jove: 15 December 2008 - 01:15 PM

The latest Comodo Internet Security program gives few popups in default configuration, so which program are you using?

If you look in your Network Security Policy you may recognise the rule you made. If so you can remove it and you will be asked again next time.

Thanks James,

COMODO Firewall
Version: 2.4.18.184
COMODO Certified Applications Database Version : 3.0

I check out your suggestion concerning rules, and other info. In the meantime the pop-up I am

referring to is here, I wish these could be more definitive, do you happen to know what this particular one means, I may be able to pick up on how these things work.

Hi Jove,

That looks OK, wordpad.exe should be part of Windows and is trying to connect to SNiP Telecom. If you know and trust them there would be no problem.

You are using a very old Comodo firewall which is no longer supported, so unless you have a pre XP version of Windows you need to upgrade to the latest version 3.5.57173.439 available here:
http://www.personalfirewall.comodo.com/

It will ask you which parts of the suite you want when you run the installer.

This post has been edited by JamesFrance: 17 December 2008 - 03:08 AM

Thank you James,

I will do that although I am not sure what suite I should choose at this time ?

Can you tell me why the wordpad exe. (is that my wordpad, or one of the wordpads I have saved or am using?), is wanting to connect to snip?

It depends on what other programs you use and prefer. You probably already have an antivirus for instance. Unless you have another HIPS I would definitely suggest you have Defence+.

I don't know about wordpad, it probably is to do with what you were doing at the time, hopefully someone else will know the answer.

Wordpad is the one at issue. A document per se can't do anything.

There was at one point a serious vulnerability with Windows OLE automation
http://secunia.com/advisories/28902/

In my humble opinion there isn't ANY reason to permit Wordpad to start a browser which then starts a DNS lookup for some IP.
Unless, perhaps you click on a hyperlink inside a document you opened and you do indeed want to go out.
Is 209.204.64.2 your genuine and trusted DNS server? If it is not, you may need to investigate further.

I believe in Comodo you can be asked, as you were, or you can permanently block Wordpad or any other application from ever going out to the internet.
Also I think there's HIPS (host intrusion prevention) which can block something like Wordpad starting a browser.
I don't use Comodo, so can't help much.

As Jove's Comodo firewall is entirely different from the latest version, any permissions he has given will be cancelled anyway when he installs the new one.

CFP 3.5 has a HIPS as you say and uses extensive whitelisting. With the firewall you can set Firefox to be treated as your browser also, so probably there will not be a pop-up unless there really is a problem with the activity described. There is no mention of Wordpad in my network security policy, but Firefox has many permissions, the only block being for unmatching requests.

I have just been reading something which seemed similar. Could this possibly be what is happening in this case?

If so it would certainly require blocking.

http://www.networkworld.com/news/2008/1218...th.html?hpg1=bn

This post has been edited by JamesFrance: 20 December 2008 - 09:27 AM