Strange DNS requests thru firewall since DL FX3

Discussion in 'other firewalls' started by jrx10, Jun 21, 2008.

Thread Status:
Not open for further replies.
  1. jrx10

    jrx10 Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    85
    I just don't have a clue about this and would appreciate any logical explanation on why this is happening since installing FX3. I uninstalled FX 2....14, uninstaller, removed FX folders from program files, and all FX folders in App Data & local settings and cleaned the registry for Mozilla entries. I installed FX3 as a clean install. When I open FX3 to surf there is no problems. However, when I try to open a 2nd window I get a PU saying "there are unknown components in Firefox.exe that require approval before proceeding with this request" The libraries listed are 1) "Microsoft Midi Mapper", 2) "Microsoft ACM audio Filter" and 3) "WDM Audio Driver Mapper". If I deny this request the 2nd window will not connect and the DNS request outbound to my router is blocked. I never saw anything close to this request while using any of the previous FX versions since FX2 was released.
    I posted this on the Comodo Forum and the only reply was for me to Google these libraries and it was probably part of the software, which I guess means FX3. Are these 3 part of FX3 perhaps something in those M$ DRM Add-on/plug ins that are in FX3 that FX would need to connect to a non-audio (general surfing) website? Any help would definitely be appreciated as I'm just about ready to go back to FX 2...14 or Opera. KAV/BoClean and all the usual AM scans show nothing. About the only thing I can think of doing is to install FX3 to a clean image of CPF/KAV that I have and see if I get the same request. Any other suggestions, again would be appreciated. thx​
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello,

    I presume you are referring to Firefox3?

    The 3 libraries you mention look like windows libraries, probably used (loaded) as windows media player (by default) is used by Firefox3 (tools/ options/ applications). Could you post the library name (dll name) for verification.

    If a library is loaded, you could get attempted online activity for verification of library, but would need to check (if I remember correctly, comodo does have file verification as an option).
     
  3. jrx10

    jrx10 Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    85
    Thx for the reply Stem.
    WMP is supposedly shut-down "set-programs access/defaults--custom. This may be the problem as with XP/SP2, I had reverted from WMP 11 to WMP 9 because WMP 11 was a pain attempting to make connections everywhere on it's own. I don't know if you can revert to WMP 9 in SP3 and if removing access from from wmp 11 "set programs access & defaults/custom actually works, but I may to revert to wmp 9 in sp3 & see if these attempts stop. Libraries are midimap.dll, msacm32.dll, & wdmaud.drv.
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi jrx10,

    I should of been more specific.
    Firefox is using the libraries from the media player. I am seeing this loading, blocking this will simply impair some media playing in the browser.
     
  5. jrx10

    jrx10 Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    85
    Thx for the explanation. I'll do some reading on configuring tools/options/application data in FX3.
    What I don't understand is why when visiting WSF (or any other site opened in a single FX3 browser window), I don't get a firewall PU request for loading these 3 libraries, but if I open a 2nd FX3 window to Google (or any site), like clockwork, I get a PU request to load these libraries. If I open Google (or any other site) alone, I don't get this PU request to load the 3 libraries, only if they're opened in a 2nd FX3 window. It doesn't make much sense to me, as I never saw it before in the previous FX2 series, and I'm trying to understand the 2nd window/libraries request thing.​
    Same thing with trying to understand downloading in FX3. I now get a window "scanning for viruses" when DLing programs or even a complete web page in FX3. I don't understand what exactly is "scanning for viruses" ---Is it KAV?--- which is my AV, an FX 3 internal built-in virus scanner (like CPF 3.0 with the CAV scan) , or am I getting some "external AV scan" like Yahoo/Hotmail does with their mail attachments? I didn't get this "scanning for viruses" in the FX DL PU in the FX2 series because while DL anything, I could see the "wheel" on the KAV tray icon scanning, so I figured KAV File/AV was monitoring the DL. Just to be sure I always immediately manually scanned a DLed file/program after the DL.
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi jrx10,

    I do see similar behavior with late loading of the libraries, but not when I open a second tab, the libraries actully load when I minimize the browser. It is just strange behavior rather than a security issue. I have blocked the loading without causing FF problems, apart from the fact there is no audio.
    Since removing the dll/drv your mention from my global allow use of those windows libraries, I do see other apps such as my e-mail client loading those, which are being used for sound notification of downloaded e-mails.

    I would say yes and KAV is intercepting via its web scanner, as there is no virus scanner included with firefox (internal or external) that I have seen.
     
  7. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Er... nope. I use Avira Premium without Web AV and have also this annoying "scanning for viruses" with Firefox 3.
    Sometimes it won't even stop to scan for - well who knows what.

    Found out that it is an old beta bug, but unfortunately still present with the final.

    The solution is to open the configuration window (about:config) and set "browser.download.manager.scanWhenDone" to false.

    More informations:
    http://kb.mozillazine.org/Browser.download.manager.scanWhenDone

    Cheers
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    So it is the resident AV performing the scan (in the case of jrx10 it is KAV), it is just that firefox is invoking it.
    Thanks for the info.
     
Loading...
Thread Status:
Not open for further replies.