Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Comodo Troubles


  • Please log in to reply
10 replies to this topic

#1 athelos

athelos

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 27 January 2008 - 07:47 PM

I tried doing a panda scan on my computer recently but it sent my firewall crazy. I have recently downloaded a new firewall called comodo and am still learning the ins and outs of it. When I started the scan i got alerts saying that iexplore.exe was trying to create/modify folders. I had a look and the target was in comodo. At about the same time I got a pop up from panda saying that it had detected a file called security.dll that should be sent to their lab for closer examining or along those lines at least. I started to panic and closed the internet down. I restarted and tried the scan again. I got the alerts from comodo again but no warnings from panada about this security.dll. I had a bit of a read and set the rule on the firewall to allow but not to remember my answer. Within moments i got another alert about the same thing but the number at the end of the file name had changed. I allowed and got another. So ive given up until i can get a more knowledgable opinion on the matter.

So in a nutshell, is this usual behavior of a firewall when doing online scans (if so why didnt it happen with my old firewall?)? Also, what the hell is this security.dll and why would it make pandascan worried?

Thanks in advance for any help.

Mod Edit: Topic moved to a more appropriate forum.

Edited by quietman7, 27 January 2008 - 10:53 PM.

Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

BC AdBot (Login to Remove)

 


#2 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:50 AM

Posted 27 January 2008 - 09:20 PM

Hello,

The simple answer to your question is yes this is usual behaviour for the firewall, the reason this didn't happen with your old one would probably be because it focused on one connection for example pandascan and allowed it and every subsequent packet from panda through and did not monitor the system unlike comodo. Security.dll is part of windows, if it has been infected it may triger an alert.

If you have downloaded the latest comodo, it contains a new feature called defence, the defence feature is really quite good as it will monitor areas in windows that can be used maliciously. The first time you use the firewall and a browser such as IE, you will be swamped by alerts saying its trying to modify something and is trying to connect to the internet, most of these are harmless although some can be legitimate threats.

The system is quite robust as it has two layers of protection, the first is a firewall monitoring inbound and outboud traffic, if anything gets past the firewall and starts to install or modify something, you will be alerted to it. Again, if you are installing something then you will be alerted and can be quite annoying, however its better safe than sorry.

The security.dll file I believe comes with windows, however it may have been infected and you may want to submit it to them for analysis
Regards,

Alan.

#3 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 28 January 2008 - 07:07 AM

Ok ill do a complete scan and if the security.dll comes up again ill submit. Thanks for clearing this up for me
Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#4 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:50 AM

Posted 28 January 2008 - 08:22 AM

No problem, let us know how it goes.
Regards,

Alan.

#5 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 28 January 2008 - 08:33 AM

So i tried the panda scan and allowed it to create/modify the file or whatever it wanted to do and set it to remember my answer. I still get another warning though because the files it is trying to create/modify are different names, which pauses the scan. I dont know how long this would take if it means i have to sit here and allow a file every 100 files panda scans.

I never got this problem with the windows firewall and i got to ask. In your opinion, what is the better of the two? Windows firewall or comodo?

Also, I had a search on my computer for the security.dll file and i have a few apparantly. I think the one spotted by panda was this one:

C:\ProgramFiles\Linksys Wireless-G USB Wireless Network Moniter

I also have one in system32, service pack and C:\WINDOWS\Microsoft.NET\Framework\ (then it states 2 different versions). Sound normal?
Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#6 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:50 AM

Posted 28 January 2008 - 08:44 AM

Regarding the firewall alerts, there should be an option on the alert to treat the application as then choose trusted, this will stop it from alerting you about most of it.

With regards to which is better comodo or windows firewall, If I had the choice 10/10 times I would choose comodo I believe that it is far superior to windows firewall.

The security.dll is an interesting issue I have searched my computer and only have one. However, I have not installed any linskeys products so can't say if it is a part of them or not, either way you should submit it to be safe.
Regards,

Alan.

#7 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 28 January 2008 - 08:48 AM

thanks again for the help :thumbsup:
Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#8 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:50 AM

Posted 28 January 2008 - 08:52 AM

No problem, let us know if it is giving you any more troubles.
Regards,

Alan.

#9 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 28 January 2008 - 09:02 AM

:thumbsup: Sorry me again. I just switched back to comodo as you recommended and its asking a load of questions. Its saying that it couldnt recognise iexplore.exe but i allowed that. the one i couldnt understand though was svchost.exe. It tried to connect to the internet and it didnt think it should. Also, straight after i clicked block (but not to remember just incase i have to change) i got an alert saying svchost.exe was trying to recieve from the interent.

Sorry for all the questions but im used to the windows firewall and it was never like this. I dont want to be blocking something im not supposed to and allowing something thats dangerous... I think im over my head abit.

Edit for terrible typos

Edited by athelos, 28 January 2008 - 09:03 AM.

Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#10 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:50 AM

Posted 28 January 2008 - 10:05 AM

Thats no problem, I had the same problems when I first started out, you can use trial and error, or you can use search engines to identify each program trying to connect to the internet.

iexplore is your IE browser and svchost is a collection of pocesses. In comodo there is a section in the defence+ where you can tell it to add files to be ignored in the future or you can set the firewall to not display as many pop ups.

The best way to learn is to go through the program and make a list of questions and make note of areas that are confusing.
The reason why windows firewall didn't display these warnings is because it wasn't designed to do all the features that comodo does.
Regards,

Alan.

#11 bluesjunior

bluesjunior

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 29 January 2008 - 05:03 AM

When you do stuff like this in Comodo V3 when the alert box comes up there is an option to treat as an installer/updater. Check this box and you won't get the constant pop up boxes. Comodo also has a popup asking if you want to set the Firewall back to the normal mode wait until you have finished scanning before clicking yes.

Comodo is without doubt the best Firewall in the business in my opinion. Just set both Network Defence and ProActive Defence to Train with Safe Mode and forget about it. They also have an excellent support forum at the link below for anything you are unsure of.

http://forums.comodo.com/
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users