comodo firewall installer is trying to take a screenshot...

hey wilders,

i was just experimenting with my secondary computer which has online armor free installed and i was just trying to see what would happen if i tried to install a second firewall.

so i downloaded comodo firewall from their official site and ran it. right away this weird white box flashed for a quick second on the screen and online armor detected the comodo firewall installer was trying to take a screenshot of my pc.

note: i did not install comodo firewall, i just ran the installer up until the EULA agreement and then Xed out.

why would the comodo firewall installer try to take a screenshot of peoples pcs'?

 

What exactly did the pop-up say? I suspect it was just the GUI of Comodo accessing the screen.

 

By screenshot do you mean like a print screen or a basis system analysis for rollback purposes?

 

online armor just popped up saying comodo firewall installer was a screen logger. i didnt actually install comodo firewall, i just ran the exe to see what would happen.

 

its a false postive right?

 

Perhaps you could post a screenshot of the pop-up from OA?
Comodo Firewall does require screen access in order to generate it's pop-ups so I suspect this is what's being flagged.

 

Yes, the Comodo Firewall does appear to directly access the screen when displaying the GUI. I saw this behaviour confirmed on my own system.

I was running Comodo Firewall alongside Prevx SafeOnline with the SafeOnline security configuration for HTTPS websites set to Maximum. As soon as the browser displayed an HTTPS website, the Comodo Firewall GUI would no longer display correctly while the browser session was running. After ending the browser session, the Comodo Firewall GUI started to display correctly again. Turning the SafeOnline security configuration down to High solved the problem and the Comodo Firewall GUI was displayed correctly at all times.

As decreasing the SafeOnline security configuration from Maximum to High only disables protection against screen grabbing, it suggests that the interference with the Comodo Firewall occurred for this reason, and that Comodo was trying to access the screen directly when displaying the GUI.

 

I didnt actually install comodo firewall free. i just ran the installer executable up until the EULA agreement. i already have online armor free installed. i just wanted to see what would happen if i ran it.

online armor just says comodo firewall installer was trying to screenlog.

 

it is not a false positive nor is Comodo key logger it is just how OA is interpret certain actions as being that of a key logger app. Zone Alarm used to do that a lot. It is up to the user to decide what to do.

 

You wouldn't need to fully install Comodo for the file to be analysed by OA;that takes place as soon as you execute the installer,it pre-emptively looks for perceived threats.Realy this just illustrates that OA is doing it's job well even if it wasn't a malicious process.

 

yea online armor popped up as soon i ran the installer. so the comodo firewall installer isnt malicious right?