Comodo Defense+ has block 1333 intrusion

Discussion in 'Prevx Betas' started by Knighthood, Aug 29, 2011.

Thread Status:
Not open for further replies.
  1. Knighthood

    Knighthood Registered Member

    Joined:
    Mar 22, 2011
    Posts:
    98
    Comodo Defense+ has block 1333 intrusion(s). I didn't connect the dot until today for I thought it was the CIS upgrade that was logging more data and protection. After I saw 1333 intrusions ( I was tired of seeing that message and being forced to check to make sure all is well ). I shutdown WSA and browse the internet again to see if it generate the message again. IT DIDN'T !! Now if only WSA can look into this to not trigger CIS message - that would be much better !

    Thanks
     

    Attached Files:

  2. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I'm running WSA and Comodo Firewall with Defense+ and I noticed the same thing with both Firefox and Internet Explorer. This makes me think that WSA is doing some kind of code injection into the browsers that is checking the memory of other running processes. As this is browser related, this suggests to me that it may be the Identity Shield component that is responsible.

    To get round this, I customised the CIS Protection Settings to allow the browsers to have Interprocess Memory Access. For me, the slight loss of security involved is counterbalanced by having WSA on board. As an alternative, I guess logging in CIS could be turned off but I prefer to keep logging switched on as I like to know what's happening.
     
  3. Knighthood

    Knighthood Registered Member

    Joined:
    Mar 22, 2011
    Posts:
    98
    I agree with you and that is why I wrote it up for I wanted WSA and COMODO to talk to each other to give each other the authority without us tweaking the CIS panels to make the messages go away. And not knowing what security loss we are giving up if we did it ourselves. Thanks for letting me know that I am not alone with this problems.
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Interesting, thanks for this report. I'll see what Comodo is actually flagging on to hopefully get this corrected in an upcoming build without lowering our security.

    Thanks! :thumb:
     
  5. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,075
    I reported this 3 or 4 weeks ago :D and finally a webroot developer told me that they will get in touch with Comodo, I hope you can fix this before the final version is released.
     
  6. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,075
    is there any news about this issue?
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    No news yet on this - we had one report where the issue went away after disabling the Identity Shield. Could you see if that fixes it for you?
     
  8. Knighthood

    Knighthood Registered Member

    Joined:
    Mar 22, 2011
    Posts:
    98
    Nope, it is still generating the messages. . .
     
  9. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,075
    I had only the issue while I'm using firefox, in fact I think that only happens in https websites.
    I don't have CIS installed right now, can anybody try this 2 things?
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Based on lordraiden's comment - (if you haven't already) could you try disabling the Identity Shield and then closing/reopening all of your browsers to see if that fixes it?

    Thanks!
     
  11. Knighthood

    Knighthood Registered Member

    Joined:
    Mar 22, 2011
    Posts:
    98
    I did try it that way and it is still generating the messages even when I disable the IDENTITY SHIELD. I was hoping and you were hoping that it would give you a better clue but no go.
     
  12. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Not a problem - another potential idea: could you try changing self protection from Maximum to Minimum and then reboot your PC to see if that fixes it?

    Thanks!
     
  13. Knighthood

    Knighthood Registered Member

    Joined:
    Mar 22, 2011
    Posts:
    98
    I tried it on the fly, logoff/logon, hot boot (restart), and cold boot and still the same problem under Minimum self protection mode. Still generating messages under Defense+ Events.
     
  14. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,075
    The same happens with SpyShelter but not that much

    21/09/2011 22:33:11,C:\Program Files (x86)\Mozilla Firefox\firefox.exe,33,Blocked ;Setting hook to monitor network requests (C:\Program Files (x86)\Mozilla Firefox\firefox.exe(PID=7924))

    "Setting hook to monitor network requests" This is why I think that It could be related with IdShield, or maybe is a different conflict.

    If I close WSA this conflict does not happen.
     
    Last edited: Sep 21, 2011
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Interesting, they're probably identifying our search result annotation as malicious in that case (as it could possibly be considered to be monitoring network requests, being that it is scanning/cleaning them). I'm not sure if we'll be able to work around that as these components are crucial to the protection of WSA.
     
  16. Knighthood

    Knighthood Registered Member

    Joined:
    Mar 22, 2011
    Posts:
    98
    I thought WSA is in contact with CIS folks to look into this issue and perhaps put you on the white list to prevent this thousands of messages generating daily ( averaging 2,000 a day ).
     
  17. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    That comment was directed to the SpyShelter testing that lordraiden posted, not CIS. We're still looking into CIS further.
     
  18. Knighthood

    Knighthood Registered Member

    Joined:
    Mar 22, 2011
    Posts:
    98
    Oh ! Whew !
     
  19. Knighthood

    Knighthood Registered Member

    Joined:
    Mar 22, 2011
    Posts:
    98
    What is the status of this ? I am still waiting on the fix. In the meantime there has been several software update. Look at my signature for the latest update.

    Thanks.
     
  20. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    So far no solution - CIS in some instances is flagging core components of WSA and there doesn't appear to be anything we can do to disable them without significantly lowering security.
     
  21. Romagnolo1973

    Romagnolo1973 Registered Member

    Joined:
    Feb 17, 2009
    Posts:
    518
    Location:
    Italy - Ravenna
    WSA set as trusted files on D+ setting can't help?
    I use CIS but not on the pc where I have WSA so I can't try, but if WSA is trusted I think CIS not trace her behaviour, even if the traced is the browser but because WSA SOL control it
     
  22. Knighthood

    Knighthood Registered Member

    Joined:
    Mar 22, 2011
    Posts:
    98
    I agree with you. I even tried to add it by folder and sub folder and it said that it was already trusted. But good idea. Thanks for suggesting it. Sometime one forget little details like that. LOL
     
  23. Pierrequiroule

    Pierrequiroule Registered Member

    Joined:
    Mar 21, 2009
    Posts:
    44
    Location:
    Quebec, Canada
    @PrevxHelp: Does it mean that CIS is partly interfering with the functioning of WSA? In other words: are they, to some extent, incompatible?

    Thanks
     
  24. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It doesn't appear to be actually blocking anything, just warning about it, so I don't think you'll run into any lessened security.
     
  25. Knighthood

    Knighthood Registered Member

    Joined:
    Mar 22, 2011
    Posts:
    98
    Still waiting on a fix for this. What is the status of this? Thank you.
     
Thread Status:
Not open for further replies.