Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COMODO


  • Please log in to reply
8 replies to this topic

#1 Jove

Jove

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:11:55 PM

Posted 15 December 2008 - 01:10 PM

Although I have been trying to keep up with the COMODO pop-up messages of various

activities, the last one evaded me. If anyone who may be into COMODO messages, can

reflect on this, I will much appreciate some feed back.

The last message went something like this a program or file, may be used to connect to

the internet, with possible results that may be used to hijack.

Sorry I missed this one, I did attemp a screen shot but I must have missed keyed,

because it did not paste.

The thing is it mentioned word pad, and or using word pad,

MY question is what does word pad have to do with connecting to the internet ?


I'm not sure I have digested the full meaning of Hijacking, but the, COMODO, threat

indication was full red with the red X ? I went to PC world and checked the slide show, it

quickly skips through the ones they have there, I did not spot the one I am referring to.

I've been there before but I don't recall such a hassle, viewing the various COMODO,

message examples.

I always click allow, since in the past, I seem to run into some problems, when I didn't.

I know I should take a tutorial, but can anyone answer or attempt to enlighten me

somewhat in the mean time?

Edited by Jove, 15 December 2008 - 01:15 PM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


BC AdBot (Login to Remove)

 


#2 JamesFrance

JamesFrance

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:04:55 AM

Posted 16 December 2008 - 10:52 AM

The latest Comodo Internet Security program gives few popups in default configuration, so which program are you using?

If you look in your Network Security Policy you may recognise the rule you made. If so you can remove it and you will be asked again next time.
James

#3 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:11:55 PM

Posted 16 December 2008 - 07:44 PM

Thanks James,

COMODO Firewall
Version: 2.4.18.184
COMODO Certified Applications Database Version : 3.0

I check out your suggestion concerning rules, and other info. In the meantime the pop-up I am

referring to is here, I wish these could be more definitive, do you happen to know what this particular one means, I may be able to pick up on how these things work.

Posted Image

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#4 JamesFrance

JamesFrance

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:04:55 AM

Posted 17 December 2008 - 03:04 AM

Hi Jove,

That looks OK, wordpad.exe should be part of Windows and is trying to connect to SNiP Telecom. If you know and trust them there would be no problem.

You are using a very old Comodo firewall which is no longer supported, so unless you have a pre XP version of Windows you need to upgrade to the latest version 3.5.57173.439 available here:
http://www.personalfirewall.comodo.com/

It will ask you which parts of the suite you want when you run the installer.

Edited by JamesFrance, 17 December 2008 - 03:08 AM.

James

#5 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:11:55 PM

Posted 17 December 2008 - 07:27 AM

Thank you James,

I will do that although I am not sure what suite I should choose at this time ?

Can you tell me why the wordpad exe. (is that my wordpad, or one of the wordpads I have saved or am using?), is wanting to connect to snip?

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#6 JamesFrance

JamesFrance

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:04:55 AM

Posted 17 December 2008 - 08:03 AM

It depends on what other programs you use and prefer. You probably already have an antivirus for instance. Unless you have another HIPS I would definitely suggest you have Defence+.

I don't know about wordpad, it probably is to do with what you were doing at the time, hopefully someone else will know the answer.
James

#7 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,569 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:11:55 PM

Posted 18 December 2008 - 04:51 PM

Wordpad is the one at issue. A document per se can't do anything.

There was at one point a serious vulnerability with Windows OLE automation
http://secunia.com/advisories/28902/

In my humble opinion there isn't ANY reason to permit Wordpad to start a browser which then starts a DNS lookup for some IP.
Unless, perhaps you click on a hyperlink inside a document you opened and you do indeed want to go out.
Is 209.204.64.2 your genuine and trusted DNS server? If it is not, you may need to investigate further.

I believe in Comodo you can be asked, as you were, or you can permanently block Wordpad or any other application from ever going out to the internet.
Also I think there's HIPS (host intrusion prevention) which can block something like Wordpad starting a browser.
I don't use Comodo, so can't help much.

#8 JamesFrance

JamesFrance

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:04:55 AM

Posted 19 December 2008 - 03:12 AM

As Jove's Comodo firewall is entirely different from the latest version, any permissions he has given will be cancelled anyway when he installs the new one.

CFP 3.5 has a HIPS as you say and uses extensive whitelisting. With the firewall you can set Firefox to be treated as your browser also, so probably there will not be a pop-up unless there really is a problem with the activity described. There is no mention of Wordpad in my network security policy, but Firefox has many permissions, the only block being for unmatching requests.
James

#9 JamesFrance

JamesFrance

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:04:55 AM

Posted 20 December 2008 - 09:26 AM

I have just been reading something which seemed similar. Could this possibly be what is happening in this case?

If so it would certainly require blocking.

http://www.networkworld.com/news/2008/1218...th.html?hpg1=bn

Edited by JamesFrance, 20 December 2008 - 09:27 AM.

James




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users