comodo firewall installer is trying to take a screenshot...

Discussion in 'other anti-malware software' started by wutsup, Apr 28, 2010.

Thread Status:
Not open for further replies.
  1. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    hey wilders,

    i was just experimenting with my secondary computer which has online armor free installed and i was just trying to see what would happen if i tried to install a second firewall.

    so i downloaded comodo firewall from their official site and ran it. right away this weird white box flashed for a quick second on the screen and online armor detected the comodo firewall installer was trying to take a screenshot of my pc.

    note: i did not install comodo firewall, i just ran the installer up until the EULA agreement and then Xed out.

    why would the comodo firewall installer try to take a screenshot of peoples pcs'?
     
  2. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    What exactly did the pop-up say? I suspect it was just the GUI of Comodo accessing the screen.
     
  3. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    By screenshot do you mean like a print screen or a basis system analysis for rollback purposes?
     
  4. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    online armor just popped up saying comodo firewall installer was a screen logger. i didnt actually install comodo firewall, i just ran the exe to see what would happen.
     
  5. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    its a false postive right?
     
  6. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Perhaps you could post a screenshot of the pop-up from OA?
    Comodo Firewall does require screen access in order to generate it's pop-ups so I suspect this is what's being flagged.
     
  7. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Yes, the Comodo Firewall does appear to directly access the screen when displaying the GUI. I saw this behaviour confirmed on my own system.

    I was running Comodo Firewall alongside Prevx SafeOnline with the SafeOnline security configuration for HTTPS websites set to Maximum. As soon as the browser displayed an HTTPS website, the Comodo Firewall GUI would no longer display correctly while the browser session was running. After ending the browser session, the Comodo Firewall GUI started to display correctly again. Turning the SafeOnline security configuration down to High solved the problem and the Comodo Firewall GUI was displayed correctly at all times.

    As decreasing the SafeOnline security configuration from Maximum to High only disables protection against screen grabbing, it suggests that the interference with the Comodo Firewall occurred for this reason, and that Comodo was trying to access the screen directly when displaying the GUI.
     
  8. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    I didnt actually install comodo firewall free. i just ran the installer executable up until the EULA agreement. i already have online armor free installed. i just wanted to see what would happen if i ran it.

    online armor just says comodo firewall installer was trying to screenlog.
     
  9. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    it is not a false positive nor is Comodo key logger it is just how OA is interpret certain actions as being that of a key logger app. Zone Alarm used to do that a lot. It is up to the user to decide what to do.
     
  10. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    You wouldn't need to fully install Comodo for the file to be analysed by OA;that takes place as soon as you execute the installer,it pre-emptively looks for perceived threats.Realy this just illustrates that OA is doing it's job well even if it wasn't a malicious process.
     
  11. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    yea online armor popped up as soon i ran the installer. so the comodo firewall installer isnt malicious right?
     
Loading...
Thread Status:
Not open for further replies.