- Dec 29, 2014
- 1,711
Been going through a weird series of small probably meaningless events on this Windows 7 64 PC. Not sure what started it all, and I'm not sure if the events are in any way corrected, but I would like to see if I can resolve what's going on.
First I was looking over Private Firewall, and I noticed that I had blanket allowed some programs. It's not a big deal, because they are programs I trust. Well, I had started looking things over, because I ran the malwarebytes exploit test, and Private Firewall did not stop the exploit in the test from starting calc.exe. I saw that calc.exe wasn't listed in Private Firewall, which means there haven't been any alerts, so I assume Private Firewall has whitelisted it and automatically allows the program. That doesn't explain, though, why the exploit got by PF.
Since calc.exe was started by another process during the test, PF should have alerted when I ran the test. OK, I've been through this before, but before I didn't have Private Firewall. Well, I went into PF and that's when I started clamping down on things. I shut down all the blanket allows and set them to "Filter". Eventually, I reran the test, and, somehow PF blocked it. I have no idea how. The test was set to allow, and calc.exe doesn't even exist to PF.
So, anyway, after this I started getting notifications that the a-v (360 TS) wants to simulate keystrokes or mouse inputs ("Simulate Inputs" permission). It also wants to monitor keystrokes. 360 has anti-keylogging, so maybe that's what triggered the alerts from PF or at least the second one.
That doesn't make sense, though, on the first one ("Simulate Inputs"). If this was what was happening, then it would have been only the "Read Keyboard State" permission being requested. Anyway, then I get an alert about fraps. It wants to record keystrokes too. This one can be turned on/off with keystrokes so I guess that's it in that case.
Well, I am now trying to determine what to do about this issue. Whenever I open up the 360 TS menu, I get the alerts. So far I have just unchecked "Remember" and then blocked the behavior each time. What could 360 TS possibly be trying to do by simulating keystrokes or mouse inputs? I'm confused about this.
All this stuff coincides with the sudden appearance of Dism.exe and Dismhost.exe in Task Manager. I hadn't noticed these programs until now, and there hadn't been any alerts about them in PF until tonight. Well, I have been over 4 months on this installation, so I don't understand what this could be. I Googled and learned that these processes have something to do with managing system images. The thing is, I don't even use the Windows back up system and haven't once ever done so. What's going on here?
The final thing that got me to post here was when I noticed that Comodo Programs Manager is being blocked by Private Firewall. I can open CPM just fine, and it will run. But then, if I open the log in PF, I can see PF start to go crazy with spam attempts from CPM to connect. During this time if I close and try to reopen CPM, it will not open, and there is no response from PF. The log spam is to Comodo servers, and I think I know what the rest of it is too. It's CPM trying to add certain live links to Facebook and so on into the program. The part I don't get is that there isn't a single rule for any of this in PF, and I haven't been prompted to block CPM from the internet even once. It's OK, but all of this is just adding up with me.
I think I've just hit some areas of quirkyness in PF and 360 TS, and I don't think there is anything strange going on, but it IS strange that 360 TS wants to simulate keystrokes or mouse inputs. Also, something else testing my patience is that if I block a behavior with PF but do not choose "Remember", then I don't get an alert after a few times of blocking or allowing in this manner. I guess this is something normal in PF, so that a choice without "Remember" checked will last a user session (or a certain amount of time), I don't know. It just has me wanting to get to the bottom of the little things in these programs.
Anybody got any input on the quirks of 360 TS or Private Firewall? Throw dirt please if you have any...
BTW, just started tonight using Malwarebytes Anti-Exploit. In theory, I can't think of a single reason not to use this. Looking forward to seeing how it performs.
Thanks for any input...
First I was looking over Private Firewall, and I noticed that I had blanket allowed some programs. It's not a big deal, because they are programs I trust. Well, I had started looking things over, because I ran the malwarebytes exploit test, and Private Firewall did not stop the exploit in the test from starting calc.exe. I saw that calc.exe wasn't listed in Private Firewall, which means there haven't been any alerts, so I assume Private Firewall has whitelisted it and automatically allows the program. That doesn't explain, though, why the exploit got by PF.
Since calc.exe was started by another process during the test, PF should have alerted when I ran the test. OK, I've been through this before, but before I didn't have Private Firewall. Well, I went into PF and that's when I started clamping down on things. I shut down all the blanket allows and set them to "Filter". Eventually, I reran the test, and, somehow PF blocked it. I have no idea how. The test was set to allow, and calc.exe doesn't even exist to PF.
So, anyway, after this I started getting notifications that the a-v (360 TS) wants to simulate keystrokes or mouse inputs ("Simulate Inputs" permission). It also wants to monitor keystrokes. 360 has anti-keylogging, so maybe that's what triggered the alerts from PF or at least the second one.
That doesn't make sense, though, on the first one ("Simulate Inputs"). If this was what was happening, then it would have been only the "Read Keyboard State" permission being requested. Anyway, then I get an alert about fraps. It wants to record keystrokes too. This one can be turned on/off with keystrokes so I guess that's it in that case.
Well, I am now trying to determine what to do about this issue. Whenever I open up the 360 TS menu, I get the alerts. So far I have just unchecked "Remember" and then blocked the behavior each time. What could 360 TS possibly be trying to do by simulating keystrokes or mouse inputs? I'm confused about this.
All this stuff coincides with the sudden appearance of Dism.exe and Dismhost.exe in Task Manager. I hadn't noticed these programs until now, and there hadn't been any alerts about them in PF until tonight. Well, I have been over 4 months on this installation, so I don't understand what this could be. I Googled and learned that these processes have something to do with managing system images. The thing is, I don't even use the Windows back up system and haven't once ever done so. What's going on here?
The final thing that got me to post here was when I noticed that Comodo Programs Manager is being blocked by Private Firewall. I can open CPM just fine, and it will run. But then, if I open the log in PF, I can see PF start to go crazy with spam attempts from CPM to connect. During this time if I close and try to reopen CPM, it will not open, and there is no response from PF. The log spam is to Comodo servers, and I think I know what the rest of it is too. It's CPM trying to add certain live links to Facebook and so on into the program. The part I don't get is that there isn't a single rule for any of this in PF, and I haven't been prompted to block CPM from the internet even once. It's OK, but all of this is just adding up with me.
I think I've just hit some areas of quirkyness in PF and 360 TS, and I don't think there is anything strange going on, but it IS strange that 360 TS wants to simulate keystrokes or mouse inputs. Also, something else testing my patience is that if I block a behavior with PF but do not choose "Remember", then I don't get an alert after a few times of blocking or allowing in this manner. I guess this is something normal in PF, so that a choice without "Remember" checked will last a user session (or a certain amount of time), I don't know. It just has me wanting to get to the bottom of the little things in these programs.
Anybody got any input on the quirks of 360 TS or Private Firewall? Throw dirt please if you have any...
BTW, just started tonight using Malwarebytes Anti-Exploit. In theory, I can't think of a single reason not to use this. Looking forward to seeing how it performs.
Thanks for any input...