Comodo Defense+ has block 1333 intrusion

Comodo Defense+ has block 1333 intrusion(s). I didn't connect the dot until today for I thought it was the CIS upgrade that was logging more data and protection. After I saw 1333 intrusions ( I was tired of seeing that message and being forced to check to make sure all is well ). I shutdown WSA and browse the internet again to see if it generate the message again. IT DIDN'T !! Now if only WSA can look into this to not trigger CIS message - that would be much better !

Thanks

 

I'm running WSA and Comodo Firewall with Defense+ and I noticed the same thing with both Firefox and Internet Explorer. This makes me think that WSA is doing some kind of code injection into the browsers that is checking the memory of other running processes. As this is browser related, this suggests to me that it may be the Identity Shield component that is responsible.

To get round this, I customised the CIS Protection Settings to allow the browsers to have Interprocess Memory Access. For me, the slight loss of security involved is counterbalanced by having WSA on board. As an alternative, I guess logging in CIS could be turned off but I prefer to keep logging switched on as I like to know what's happening.

 

I agree with you and that is why I wrote it up for I wanted WSA and COMODO to talk to each other to give each other the authority without us tweaking the CIS panels to make the messages go away. And not knowing what security loss we are giving up if we did it ourselves. Thanks for letting me know that I am not alone with this problems.

 

Interesting, thanks for this report. I'll see what Comodo is actually flagging on to hopefully get this corrected in an upcoming build without lowering our security.

Thanks!

 

I reported this 3 or 4 weeks ago and finally a webroot developer told me that they will get in touch with Comodo, I hope you can fix this before the final version is released.

 

is there any news about this issue?

 

No news yet on this - we had one report where the issue went away after disabling the Identity Shield. Could you see if that fixes it for you?

 

Nope, it is still generating the messages. . .

 

I had only the issue while I'm using firefox, in fact I think that only happens in https websites.
I don't have CIS installed right now, can anybody try this 2 things?

 

Based on guest's comment - (if you haven't already) could you try disabling the Identity Shield and then closing/reopening all of your browsers to see if that fixes it?

Thanks!

 

I did try it that way and it is still generating the messages even when I disable the IDENTITY SHIELD. I was hoping and you were hoping that it would give you a better clue but no go.

 

Not a problem - another potential idea: could you try changing self protection from Maximum to Minimum and then reboot your PC to see if that fixes it?

Thanks!

 

I tried it on the fly, logoff/logon, hot boot (restart), and cold boot and still the same problem under Minimum self protection mode. Still generating messages under Defense+ Events.

 

The same happens with SpyShelter but not that much

21/09/2011 22:33:11,C:\Program Files (x86)\Mozilla Firefox\firefox.exe,33,Blocked ;Setting hook to monitor network requests (C:\Program Files (x86)\Mozilla Firefox\firefox.exe(PID=7924))

"Setting hook to monitor network requests" This is why I think that It could be related with IdShield, or maybe is a different conflict.

If I close WSA this conflict does not happen.

 

Interesting, they're probably identifying our search result annotation as malicious in that case (as it could possibly be considered to be monitoring network requests, being that it is scanning/cleaning them). I'm not sure if we'll be able to work around that as these components are crucial to the protection of WSA.

 

I thought WSA is in contact with CIS folks to look into this issue and perhaps put you on the white list to prevent this thousands of messages generating daily ( averaging 2,000 a day ).

 

That comment was directed to the SpyShelter testing that guest posted, not CIS. We're still looking into CIS further.

 

Oh ! Whew !

 

What is the status of this ? I am still waiting on the fix. In the meantime there has been several software update. Look at my signature for the latest update.

Thanks.

 

So far no solution - CIS in some instances is flagging core components of WSA and there doesn't appear to be anything we can do to disable them without significantly lowering security.

 

WSA set as trusted files on D+ setting can't help?
I use CIS but not on the pc where I have WSA so I can't try, but if WSA is trusted I think CIS not trace her behaviour, even if the traced is the browser but because WSA SOL control it

 

I agree with you. I even tried to add it by folder and sub folder and it said that it was already trusted. But good idea. Thanks for suggesting it. Sometime one forget little details like that. LOL

 

@PrevxHelp: Does it mean that CIS is partly interfering with the functioning of WSA? In other words: are they, to some extent, incompatible?

Thanks

 

It doesn't appear to be actually blocking anything, just warning about it, so I don't think you'll run into any lessened security.

 

Still waiting on a fix for this. What is the status of this? Thank you.