- Aug 23, 2011
- 2,291
DefenseWall HIPS vs. COMODO Defense+
- Thread starter WinAndLinuxTutorials
- Start date
- Status
Exactly bogdan. I even brought it up to HeffeD and he told me its Logitech's problem. Well when you consider that Logitech is a bigger and more well known company then Comodo its fairly odd. Also Logitech has been around for many years. Three times as long as Comodo. Thats just one problem amongst many but that is way off topic. CIS with its D+ as its back bone is a great product. But it could be so much better if it wasn't for the long list of bugs which have yet to be addressed back from the 3.0 days and even 2.4 days.
Note: The poll should be edited cause a HIPS does not let you down. Only a user incorrectly answering the pop up will let you down.
Note: The poll should be edited cause a HIPS does not let you down. Only a user incorrectly answering the pop up will let you down.
bogdan said:OK, so it was logitech.exe (or setpoint.exe) trying to access cfp.exe in memory and CIS blocks it trying to protect itself. I assume that COMODO considers that Logitech should fix this issue... so it will never go away
Yep.
I've asked before, but didn't get an answer... What is Comodo supposed to do in this instance? What can they possibly "fix"? There is nothing to fix on their end...
Setpoint.exe is trying to access the cmdagent.exe process in memory. CIS is blocking this and letting you know that it did so. Since the Comodo developers have no control over how the Logitech developers write programs, how can they "fix" this?
I already know your answer is that CIS shouldn't care if Setpoint is trying to access its processes in memory.
Why?
I would expect any security program to let me know if any application is trying to access its processes in memory. Even if that application is trusted! Anything less I would consider a breach in security...
Malware can exploit interprocess memory access to inject malicious code, log your keystrokes, or even masquerade as the application that it is accessing! Granted, I don't think Logitech is trying to do this, but what exactly are they trying to do?
There is no valid reason for an application to do this, other than another security application that is scanning memory for anything malicious. Even then, there is no reason to allow the interprocess memory access to happen. That is merely an example of a valid reason for interprocess memory access.
So the big question here is:
Why is setpoint trying to access CIS's processes in memory, and why should CIS let it access these processes?
This has nothing to do with whitelists, trusted files, etc... This is a self-protection mechanism. It will not go away until Logitech's developers re-write their software not to do this...
That said, this should only be a cosmetic issue. Something that you will only be aware of if you view your event logs. Not being able to access cmdagent.exe in memory shouldn't hamper the ability of Setpoint doing what it needs to do.
Jack said:
When I used Internet Download Manager for the first time, D+ displayed quite some alerts just to run it for the first time. After that any setting changed or module accessed on the IDM UI, D+ would alert . That was however, not the reason why I went back to Orbit Downloader.
Spoken like a true Comodo supporter HeffeD. Default/Deny everything including faults in CIS. Thanks for that helpful yet lackluster reply. As far as the logs go. What if someone who did not understand what was going on? They would flip out. No matter how you look at it Logitech software is NOT malicious. SetPoint is doing nothing wrong therefore there is no reason to set off a flag in the logs. But not listening to users input and addressing issues such as this has always been the Comodo way and will never change. Once again thanks HeffeD for reassuring me why I will never use a Comodo product or recommend it to my customers. Good companies listen the public and adapt accordingly. But Comodo thinks opposite. Comodo wants the customer to adapt to there product. When in doubt blame the other guy. That kind of attitude towards customers is why CIS will never surpass NIS or KIS.
On another note I will stress that CIS, more so D+ is a very good product in the hands of a knowledgeable user.
On another note I will stress that CIS, more so D+ is a very good product in the hands of a knowledgeable user.
Sometime back, Kaspersky flagged Google as a threat, even though it was a FP,it was stopping people from accessing anything Google, we should stop using it too.. What about Avira flagging itself as malware, ect,ect..
I had a logitech webcam on my desktop for awhile, had some issues with it also.. I was not running CIS at the time.. Even though CIS is geared towards more advanced users, novice users are able to use it also.. I have installed it on many "friends" systems, and set it up for them, no troubles what so ever.. Bottom line here is this, it is a war room,there are and will be opinions, does not give anyone the right to be rude and disrespectful..
I had a logitech webcam on my desktop for awhile, had some issues with it also.. I was not running CIS at the time.. Even though CIS is geared towards more advanced users, novice users are able to use it also.. I have installed it on many "friends" systems, and set it up for them, no troubles what so ever.. Bottom line here is this, it is a war room,there are and will be opinions, does not give anyone the right to be rude and disrespectful..
Maximus said:
Nobody is saying that Logitech is malicious. Merely that Setpoint is trying to access CIS processes in memory, and CIS blocks and logs this access. That's as far as it goes.
And no, this isn't a false positive. CIS is merely reporting what is happening. It's a bit like the people reporting a false positive in regards to a buffer overflow alert. (an actual alert, not just a log entry) Sure, the application may not be malicious, but it is causing a buffer overflow, which could be exploited. The only "fix" in this instance is again, having the developer of the application take a closer look at that code to pinpoint what is causing the buffer overflow.
I have to say that I'm somewhat surprised at your cavalier attitude towards an application trying to access your security applications processes in memory. Or better yet, why you feel that application should be able to...
I do like CIS, but I'm definitely not a fanboy. And if there's a problem, I would expect it to be fixed.. This however, isn't a problem. It's merely CIS saying, "someone tried to touch my naughty square, I didn't let them"...
I feel this is a completely appropriate response from a security application! Nothing needs to access my security applications processes in memory.
Comodo does listen to the public and acts accordingly. In fact, just in the last couple of weeks, Egemen has personally done remote testing on two users computers to see what is going on with something they've reported. (One of these users is even running 5.9 as a result of the testing (and fixes), which the mods don't even have yet...)
If you report a problem to Symantec, will the lead developer of NIS remotely access your machine to personally check it out? I somehow doubt that.
I'm sorry if you feel I'm not being helpful. I just don't happen to see a problem with CIS adding a log entry that it blocked an interprocess memory access.
I see more of a problem with the fact that Setpoint is trying to access the process of a security application in memory. Why is it trying to do this?
Jack specifically said "Logitech.exe could very well be malicious". So yes someone did say that. Who cares what SetPoint is doing. Its LEGIT software to run my mouse. You seem to overlooking also the fact that this problem has been ongoing for 3 years. Again I will say that it is not me. There are other reports of this. I have also used just about every product out there and NONE of them every have incompatibilities with Logitech. That is speaking from my own experiences. Also how can you justify 200MB + of log entries due to a false positive? False positives should be addressed and fixed within 48 hours. Not 3 years later. Like some people I like to read my logs to see whats going on. But its hard to see anything else when there are hundreds of entries of logitech.exe right after installation. Logitech is a much larger company then Comodo ever will be so I highly doubt they will bow down to the all mighty Comodo. I sense the feeling that it goes like this "If Comodo says its malware. Then it is malware. No ifs and or butts". Reminds me a bit of Judge Dreed when Sylvester Stallone goes 'The law cannot apologize".
HeffeD...................A simple reply saying "I will bring this up the Devs attention. Maybe they will have a fix for it in the next release. Thank you." Thats all you needed to say. Professional and to the point for someone who represents Comodo.
HeffeD...................A simple reply saying "I will bring this up the Devs attention. Maybe they will have a fix for it in the next release. Thank you." Thats all you needed to say. Professional and to the point for someone who represents Comodo.
Again, it's not a false positive. It is a positive. Setpoint.exe is in fact trying to access cmdagent.exe in memory. There are no signatures in regards to the self-protection in CIS. There is no false detection aspect at play here.
And no, CIS is not saying it's malware. It's merely logging the fact that Setpoint attempted interprocess memory access.
I'm not a representative of Comodo. I merely moderate their forums. The Comodo Forum Policy states as much.
I'm sorry if you feel I'm being unprofessional. I'm merely saying I don't see anything wrong here. Setpoint is trying to access a CIS process, and CIS isn't letting it. This is what I would expect from my security software. There is no reason any other application (even a trusted one) should be sticking its fingers in any process of my security software.
You obviously feel different, but we could go back and forth forever on this. I've made my point, you've made yours. I'm sorry they don't agree.
And no, CIS is not saying it's malware. It's merely logging the fact that Setpoint attempted interprocess memory access.
I'm not a representative of Comodo. I merely moderate their forums. The Comodo Forum Policy states as much.
I'm sorry if you feel I'm being unprofessional. I'm merely saying I don't see anything wrong here. Setpoint is trying to access a CIS process, and CIS isn't letting it. This is what I would expect from my security software. There is no reason any other application (even a trusted one) should be sticking its fingers in any process of my security software.
You obviously feel different, but we could go back and forth forever on this. I've made my point, you've made yours. I'm sorry they don't agree.
iPanik
New Member
- Feb 28, 2011
- 530
On the subject of C+ vs. DW. Both are good. None of them will let you down, but personally I would go with Comodo since it seems to have more support/resources behind it. Also the 64bit support, but that's of little importance if you are on a 32bit system.
also, who cares sbout SetPoint, it's bad software, bloated, buggy and resource hugging. I have never had a mouse that actually got better by running setpoint.
also, who cares sbout SetPoint, it's bad software, bloated, buggy and resource hugging. I have never had a mouse that actually got better by running setpoint.
Obviously iPanik you never installed SetPoint. If you did you would not have made such a statement as such. Right now both Logitech's processes are using 12MB and the installer is a mere 25MB. Whoo. Thats very bloated. Not. SetPoint allows the users of Logitech devices to take full advantage of all its features. I need and use them daily therefore I installed SetPoint. If you are an avid gamer you will need to use SetPoint for certain mouse and keyboard functions.
HeffeD. Once again as a Comodo mod/representative all you need to say is "Thank you for bringing this to my attention. I will address it to one of the devs. Hopfully in the next release it can be fixed".
On the other hand if DW made a 64 bit edition that would be the definitive winner.
HeffeD. Once again as a Comodo mod/representative all you need to say is "Thank you for bringing this to my attention. I will address it to one of the devs. Hopfully in the next release it can be fixed".
On the other hand if DW made a 64 bit edition that would be the definitive winner.
iPanik
New Member
- Feb 28, 2011
- 530
...actually I have had every mayor iteration since the MX700 and I stand by my statement.
Unsurprisingly i take Comodo's side on this matter, it's SetPoint that throws a hissy fit because it doesn't get access to Comodo and Logitech should have a function that would prevent that.
Comodo could redo their logging system so a given entry wouldn't appear more then once in the log.
Unsurprisingly i take Comodo's side on this matter, it's SetPoint that throws a hissy fit because it doesn't get access to Comodo and Logitech should have a function that would prevent that.
Comodo could redo their logging system so a given entry wouldn't appear more then once in the log.
So in your opinion Comodo is a more legit company then Comodo. In your opinion its Logitech's fault and not Comodo's. The fact that Comodo is the only product which produces and error such as this says it all. In your opinion then iPanik NIS,KIS and CIS are all bloated cause they use around the same if not more ram usage. For a mod to argue back about this issue and not look into it its very unprofessional also. A good company learns from there mistakes and incorporates user opinions into there product updates. When you make a mistake does it take you more then 3 times to stop doing it? Or do you learn from it and not do it again? Learning from your mistakes is part of life. We all learn everyday but yet 3 years later Comodo still has not learned to correct this issue. Oh well.
Sorry but this is all of topic but yet still related to D+ cause its about Comodo. I will also add that Jack asked for an example so I gave to him.
Sorry but this is all of topic but yet still related to D+ cause its about Comodo. I will also add that Jack asked for an example so I gave to him.
- Jan 24, 2011
- 9,379
I did say that Logitech.exe could very well be malicious because you just gave me a process name prior to my post and not the program name :dodgy: ....It was something ironical , you know....Maximus said:
To be fair I didn't even hear of SetPoint until you've started giving it like an ultimate app. example ....So I had to Google It and found what on earth it is , and this is what I found :
Turns out that SetPoint is a driver :angel: , so my questions stands ... What app or program (or how ever you want to call it ),would your parents start today , which will generate a D+ alert??
SetPoint is more then just a driver Jack. Here is an explanation:
http://www.filehippo.com/download_logitech_setpoint/
I do not have Parents Jack. I have only my Mother and I would never install CIS on her machine cause she barely knows how to check her email. As far as what could set off a D+ alert. Well the world is filled with a million types of software. So unless you have the next few years to have me list everyone then the answer is infinite. Just head on over to the Comodo forums or would rather have me copy and paste every single thread I can find?
http://forums.comodo.com/defense-sandbox-help-cis/defense-software-program-blocked-t76266.0.html
So I guess then according to the above post MBAM and Avira are also guilty of the same crime as Logitech. :s
http://forums.comodo.com/defense-sandbox-help-cis/sysinternals-process-explorer-v14x-trusted-but-still-blocked-t73465.0.html
http://forums.comodo.com/defense-sandbox-help-cis/trustedaccess-memory-blockwith-defense-t75542.0.html
http://forums.comodo.com/defense-sandbox-help-cis/cant-remove-application-that-records-memory-accesses-in-d-event-log-t48769.0.html
http://forums.comodo.com/defense-sandbox-help-cis/access-memory-system-isnt-asked-t66598.0.html
http://www.filehippo.com/download_logitech_setpoint/
I do not have Parents Jack. I have only my Mother and I would never install CIS on her machine cause she barely knows how to check her email. As far as what could set off a D+ alert. Well the world is filled with a million types of software. So unless you have the next few years to have me list everyone then the answer is infinite. Just head on over to the Comodo forums or would rather have me copy and paste every single thread I can find?
http://forums.comodo.com/defense-sandbox-help-cis/defense-software-program-blocked-t76266.0.html
So I guess then according to the above post MBAM and Avira are also guilty of the same crime as Logitech. :s
http://forums.comodo.com/defense-sandbox-help-cis/sysinternals-process-explorer-v14x-trusted-but-still-blocked-t73465.0.html
http://forums.comodo.com/defense-sandbox-help-cis/trustedaccess-memory-blockwith-defense-t75542.0.html
http://forums.comodo.com/defense-sandbox-help-cis/cant-remove-application-that-records-memory-accesses-in-d-event-log-t48769.0.html
http://forums.comodo.com/defense-sandbox-help-cis/access-memory-system-isnt-asked-t66598.0.html
- Jan 24, 2011
- 9,379
So I ask you for 1 world-wide used program, that someone could actually install/run and you gave me something general like 'the world is filled with a million types of software.'
Now , please stop flooding the thread with either useless links from threads back from 2010 or specific problems that Comodo users might have encountered due to some unique or personal system conditions , I can go to any vendor support forum and found a lot of threads in which some users are complaining about a feature/product.
Now , please stop flooding the thread with either useless links from threads back from 2010 or specific problems that Comodo users might have encountered due to some unique or personal system conditions , I can go to any vendor support forum and found a lot of threads in which some users are complaining about a feature/product.
Your missing the point Jack. This is a 3 year old bug that Comodo refuses to fix. How can I possibly know what kind of software my Mother or someone else may need down the road. Do you? I don't think so. HeffeD, iPrank and you were blaming Logitech. So I provided examples which clearly show that Logitech is not alone. There are also recent issues which produce this same alert. If you want I can re-install CIS and prove it. Yes you are right that you can go into a forum and find bug reports. But I have never seen a bug report last 3 years without a fix.
@iPanik. They didn't give up. The person needed to go into D+ settings and add that certain program to the exclusion list of memory access. I can also do that and the problem is gone. But why should I have to.
BTW...................Where does it show that they gave up?
@iPanik. They didn't give up. The person needed to go into D+ settings and add that certain program to the exclusion list of memory access. I can also do that and the problem is gone. But why should I have to.
BTW...................Where does it show that they gave up?
- Status
Similar threads
-
- Locked
