Comodo Firewall

[joe53]

With every new version update of mbam I install, I have to re-instruct my Comodo Firewall Pro to allow various apps to access the internet. (I get High Severity alerts flagging "suspicious behaviour").

Examples:

Severity :High

Reporter :Application

Behavior AnalysisDescription: Suspicious Behaviour (nod32krn.exe)

Application: C:\Program Files\ESET\nod32krn.exe

Parent: C:\WINDOWS\SYSTEM32\SERVICES.EXE

Protocol: TCP Out

Destination: 89.202.149.45::http(80)

Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of C:\Program Files\ESET\nod32krn.exe in memory.

Severity :High

Reporter :Application

Behavior Analysis Description: Suspicious Behaviour (iexplore.exe)

Application: C:\Program Files\Internet Explorer\iexplore.exe

Parent: C:\WINDOWS\EXPLORER.EXE

Protocol: TCP Out

Destination: 216.109.126.23::http(80)

Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of the Parent application C:\WINDOWS\EXPLORER.EXE in memory.

I'm not concerned, but it is a nuisance.

[RubbeR DuckY]

Anyway you can whitelist mbam.exe. I can't fix anything about this.. it is all Comodo. I check the memory during a scan.. that needs to be done to run a scan.

[JeanInMontana]

My firewall does the same thing with any program there is a version change. It's supposed to, because it has a program monitor function when a program changes versions even allowed programs are seen as new. It can be annoying but at the same time I know it's working. I'd rather know it is going to stop anything trying to change my AV or any program than let it be overtaken by malware.

[joe53]

Thanks- I figured as much, and will whitelist in advance from now on.

Otherwise, no probs here with 0.66.