Go Back   Forums @ The Digital Fix > Gadgets and Gizmos > Computing Forum

Reply
 
Thread Tools Display Modes
Old 13-01-2021, 21:46   #1
Shingster
Trusted User
 
Shingster's Avatar
 
Join Date: Mar 2001
Location: United Kingdom
Posts: 9,080
Thanks: 603
Thanked 590 Times in 329 Posts
Is it safe for me to unblock applications/processes in my Sys32 folder?

EDIT: Change of topic for this thread, but recently I've discovered that my firewall has been blocking a number of applications and processes on my PC without actually informing me, so I have a long list of various stuff I need to re-assess and unblock if needed. TBH most of it looks like random apps that i've installed and nothing to worry too much about, but there's a good chunk of WINDOWS processes and executables that I definitely need to address, and I just wanted to ask whether it's OK for me to assume that anything in the WINDOWS Sys32 directory is OK to unblock? Here's a screenshot of the processes:

Image below is a little small, so here's a link to original res


Last edited by Shingster; 16-01-2021 at 14:58.
Shingster is offline   Reply With Quote
Old 13-01-2021, 21:55   #2
scoobyood
Tony Danza
 
scoobyood's Avatar
 
Join Date: Aug 2004
Location: Zagreb
Posts: 9,831
Thanks: 1,102
Thanked 1,640 Times in 862 Posts
Would recommend Sophos, as it's light on resources and doesn't bother you.

However you don't want to install another product on top of this issue.

Avast has an uninstall utility. Use that.. https://www.avast.com/uninstall-utility

Get rid of it and then look for other options when your Windows defender kicks back in.
scoobyood is offline   Reply With Quote
Thanked once by:
Shingster (14-01-2021)
Old 13-01-2021, 22:04   #3
Shingster
Trusted User
 
Shingster's Avatar
 
Join Date: Mar 2001
Location: United Kingdom
Posts: 9,080
Thanks: 603
Thanked 590 Times in 329 Posts
I've been using the uninstall utlity in safe mode, had to go into safe mode with networking to install. I don't know if all this is my comodo firewall suddenly deciding to block avast. It has a REALLy annoying tendency to do that.

I can't afford £35 just for an antivirus that knowing my luck won't install anyway. Are there any more affordable options? Bitdefender do a firewall + Antivirus package but tbh it's all technobabble to me and I don't know which package suits my needs. I just use free firewall and free antivirus at the moment, what package just gives that and not 100 other features I'm not going to understand or use.
Shingster is offline   Reply With Quote
Old 13-01-2021, 22:09   #4
scoobyood
Tony Danza
 
scoobyood's Avatar
 
Join Date: Aug 2004
Location: Zagreb
Posts: 9,831
Thanks: 1,102
Thanked 1,640 Times in 862 Posts
You've got commode and avast.. seems like a bit of a mess to be honest.

Your router will have a firewall, Windows has a firewall.. a better AV product will also have web protection. You don't need comodo.

Bitdefender free version is fine. That'll do. Remove all this other stuff... lighten the load.
scoobyood is offline   Reply With Quote
Thanked once by:
Shingster (14-01-2021)
Old 14-01-2021, 00:03   #5
Shingster
Trusted User
 
Shingster's Avatar
 
Join Date: Mar 2001
Location: United Kingdom
Posts: 9,080
Thanks: 603
Thanked 590 Times in 329 Posts
Yeah basically when it comes to their internet security you're talking to someone who is still living in 2005!

I've never learned to "trust" built in windows security, even after I got a proper router! I need to check that my router firewall is on, but when I access the ASUS router login page it warns me that "connection is not secure". Is there a way to securely access an ASUS router?
Shingster is offline   Reply With Quote
Old 14-01-2021, 00:36   #6
scoobyood
Tony Danza
 
scoobyood's Avatar
 
Join Date: Aug 2004
Location: Zagreb
Posts: 9,831
Thanks: 1,102
Thanked 1,640 Times in 862 Posts
You can turn on Https login on Asus routers.. but don't worry about it. Make sure you have a very good WiFi password, especially if you are living in a densely populated area. .. so nothing can get on your network in the first place. And don't buy cheapo smart home devices.

Sent from my Pixel 5 using Tapatalk
scoobyood is offline   Reply With Quote
Thanked once by:
Shingster (14-01-2021)
Old 14-01-2021, 02:29   #7
Shingster
Trusted User
 
Shingster's Avatar
 
Join Date: Mar 2001
Location: United Kingdom
Posts: 9,080
Thanks: 603
Thanked 590 Times in 329 Posts
OK so I don't know what's going on with my PC but things have gotten really weird. I uninstalled Avast in safe mode with the unisntall utility and then attempted to turn on windows defender, but it was greyed out saying "other antivirus already installed". I then restarted into safe mode to see if I could turn it on in there, which you can't, and restarted back and now windows defender was already turned on. At least, it's green and says on. Now I'm worried there's an underlying issue with avast not being uninstalled.

Last edited by Shingster; 14-01-2021 at 03:01.
Shingster is offline   Reply With Quote
Old 14-01-2021, 10:39   #8
scoobyood
Tony Danza
 
scoobyood's Avatar
 
Join Date: Aug 2004
Location: Zagreb
Posts: 9,831
Thanks: 1,102
Thanked 1,640 Times in 862 Posts
Safe mode won't have drivers loaded, what you see running or not running in safe mode doesn't indicate anything.

If you've removed Avast and Windows Defender is working, you are fine. Windows Defender will kick in automatically if it doesn't detect another AV product. It's difficult to stop it actually.

I'd recommend reinstalling Windows to be honest. In an hour or so you'd have it 95% back to how you like it... and it sounds like you've spent more than that messing around with Avast.

Might be worth running CMD in administrator (no need to go into safe mode) and then running 'sfc /scannow' to check OS files are in order.

But either way... you are probably fine, just install Bitdefender free and move on with life.
scoobyood is offline   Reply With Quote
Thanked once by:
Shingster (14-01-2021)
Old 14-01-2021, 15:33   #9
Shingster
Trusted User
 
Shingster's Avatar
 
Join Date: Mar 2001
Location: United Kingdom
Posts: 9,080
Thanks: 603
Thanked 590 Times in 329 Posts
Typical, Bitdefender won't install because I have COMODO firewall installed on my PC. I don't see why an antivirus software would be incompatible with a Firewall software (I do not have COMODO antivirus installed), so Bitdefender is a no go for me right now.

Reading up on windows firewall and it really doesn't sound anywhere near as good as COMODO, so I don't want to uninstall that unless there's an alternative. I'm absolutely terrified of removing and install ANY software now after AVAST.

I need a firewall alternative that will inform me and allow me to block individual applications on the fly, from what I've read windows firewall doesn't do that - unless installing glasswire enables it? I have absolutely zero experience with windows firewall so I can't trust it sight unseen.

I think the big issue for me is that COMODO has HIPS and sandbox so it stays on top of programs, doesn't look like any free alternative offers those functions

Last edited by Shingster; 16-01-2021 at 14:50.
Shingster is offline   Reply With Quote
Old 14-01-2021, 16:28   #10
scoobyood
Tony Danza
 
scoobyood's Avatar
 
Join Date: Aug 2004
Location: Zagreb
Posts: 9,831
Thanks: 1,102
Thanked 1,640 Times in 862 Posts
I should probably check if you are on a laptop or desktop... If you are leaving your house with your computer and logging on with public wifi... that might make it slightly more of risk but as you are also using a VPN, it shouldn't be an issue. You might want to test for IPV4/6 DNS leaks from your VPN by running a test while you are on your phone hotspot.

The only thing comodo it gives you over your router hardware firewall.. and Windows firewall is control over applications YOU'VE installed on your computer or hardware YOU'VE added to your network. If you've got any concerns on what you are installing or devices in your home.. do not install that software and through out those crappy Chinese smart plugs you got from ebay. Simple as that.

Windows also controls individual applications access to the networks btw, it's usually automatic and very light touch. But that doesn't mean you can't go in and change the firewall rules yourself via the old control panel interface. Turn off the automatic approval. I've never bothered, you'd need to google that.

A note that the trendmicro hardware firewall implementation on Asus routers is actually ok, and will do more than stop port scans, as I believe they keep an active list of malware domains and will block them.

Bitdefender told you it had issues with Comodo being installed as it's a fairly restrictive application which will stop any and all traffic unless you tune it well. Bitdefender and other AV's, particularly the free ones, will do all their work via their cloud infrastructure, checking in with the mothership for literally everything. If you throw a third-party firewall in the middle, it's going to struggle to communicate in a timely manner, if at all.... therefore, they said don't install it when running comodo.

If you are happy with the vendors of your software on your machine. You've got to consider the more likely attack surfaces. Most virus are via email or browser exploits. Move to web based email, never download any attachments for anything, ever. Install adblock and script block in firefox, whitelist javascript only on the sites you care to use. Run a network DNS blocker, like Pihole. If you want to install suspect software or want to check an attachment, run it in Windows 10 sandbox (built in feature on W10Pro).. or install Ubuntu in a virtual box VM. Then use that if you like/need to visit crappy and suspect websites.

This guy tests various AV products.. https://www.youtube.com/user/ThePCSecurity

You might want to check some of this reviews and tests and look for a product that includes a firewall with the AV in one solution. Kaspersky does do that..

End of the day... you get what you pay for. Spend £30 a year on something decent, don't over complicate your setup with programs where they specifically state 'do not mix our product with this other one' ...and you won't have these problems.

Last edited by scoobyood; 14-01-2021 at 16:33.
scoobyood is offline   Reply With Quote
Thanked once by:
Shingster (14-01-2021)
Old 14-01-2021, 17:00   #11
Shingster
Trusted User
 
Shingster's Avatar
 
Join Date: Mar 2001
Location: United Kingdom
Posts: 9,080
Thanks: 603
Thanked 590 Times in 329 Posts
Yeah, as you might have figured out by now, I'm EXTREMELY paranoid about what goes onto my PC and what programs are trying to access the internet or receive from the internet, so no I don't install anything unless I've fully checked it out and never from any dodgy sites. This stems from a horrible period in the noughties when I kept being attacked by malware and just had a nightmare formatting and reinstalling windows over and over (well over 15 times) and just getting reinfected the moment i connected to the internet. Since then I try to make sure I have total control over access to the internet of all my applications. If a program tries to access something that I don't have an idea of whether it should be, I will block it. I have not had any popups about Avast ever though, so never blocked it and never would because it's my antivirus.

I decided to go through my COMODO blocked connections list to see which software I've blocked what I felt was suspicious behaviour over the years and there's actually a lot of applications that I have not installed personally on there, including windows components. Only a small fraction of these I've personally told it to block.

Interestingly, AVAST is on there and it's been blocking it over the course of the last week as I suspected (for some reason COMODO just takes it upon itself to randomly block things, I can never understand it and it has caused monumental headaches when installing software in the past, most recently when installing surfshark VPN just before Xmas). I'm not sure how to stop COMODO from doing this though, I tried closing the firewall before installing AVAST but COMODO was still running. Would turning off the behavioural shield perhaps enable me to install avast if COMODO is the issue here? This is why I was installing AVAST in safe mode, COMODO can't block anything in there (that and I have an issue with my windows 10 and certain drivers bugged unless i'm in safe mode, that pertains to the taskbar though).

I need to look into paid alternatives that give you the option to block programs on the fly if they behave suspiciously, but it doesn't sound like there are any other options out there outside of COMODO that are not part of the fancy pants total suites that cost silly money.

Last edited by Shingster; 14-01-2021 at 17:06.
Shingster is offline   Reply With Quote
Old 14-01-2021, 18:11   #12
scoobyood
Tony Danza
 
scoobyood's Avatar
 
Join Date: Aug 2004
Location: Zagreb
Posts: 9,831
Thanks: 1,102
Thanked 1,640 Times in 862 Posts
Sounds like 100% all your problems lead back to Comodo. I'd bin it off if it was me.. but your choice.

Sent from my Pixel 5 using Tapatalk

Last edited by scoobyood; 14-01-2021 at 18:14.
scoobyood is offline   Reply With Quote
Thanked once by:
Shingster (14-01-2021)
Old 14-01-2021, 22:29   #13
Shingster
Trusted User
 
Shingster's Avatar
 
Join Date: Mar 2001
Location: United Kingdom
Posts: 9,080
Thanks: 603
Thanked 590 Times in 329 Posts
Yeah I've never really examined my blocked applications list before because it's not really that often I do get a pop up and then subsequently decide to block it, but there are 68 apps in the list and going through it there really are some baffling entries. Quite a lot of programs in my windows sys32 directory for instance are blocked, which is totally baffling to me as I have a policy of not messing around with programs in that location. I can only assume these are programs that instigated a pop up whilst I was away from the PC and wasn't around to tell HIPS what to do, so they were just automatically blocked.

I think the best thing to do is uninstall COMODO and then install avast then reinstall COMODO and train HIPS better and just stick with that for now as I research the various all in one packages to see which one is best for my requirements!

Thanks for all your help scoob, much appreciated!
Shingster is offline   Reply With Quote
Thanked once by:
scoobyood (14-01-2021)
Old 15-01-2021, 20:16   #14
Shingster
Trusted User
 
Shingster's Avatar
 
Join Date: Mar 2001
Location: United Kingdom
Posts: 9,080
Thanks: 603
Thanked 590 Times in 329 Posts
Here's a final update, went through my COMODO bloced applications list in full and unblocked Avast completely. It seems to average about 10 applications a year that it just blocks without informing me. Avast now installs and works with no issue whatsoever so now I at least know to stay on top of COMODO to make sure this doesn't happen again until I can find a suitable replacement!

Last edited by Shingster; 16-01-2021 at 14:17.
Shingster is offline   Reply With Quote
Old 16-01-2021, 14:57   #15
Shingster
Trusted User
 
Shingster's Avatar
 
Join Date: Mar 2001
Location: United Kingdom
Posts: 9,080
Thanks: 603
Thanked 590 Times in 329 Posts
Change of topic for this thread, but recently I've discovered that my firewall has been blocking a number of applications and processes on my PC without actually informing me, so I have a long list of various stuff I need to re-assess and unblock if needed. TBH most of it looks like random apps that i've installed and nothing to worry too much about, but there's a good chunk of WINDOWS processes and executables that I definitely need to address, and I just wanted to ask whether it's OK for me to assume that anything in the WINDOWS Sys32 directory is OK to unblock? Here's a screenshot of the processes:

Image below is a little small, so here's a link to original res

Shingster is offline   Reply With Quote
Old 16-01-2021, 17:28   #16
shteve
[o]EvilTwinkle
 
shteve's Avatar
 
Join Date: Sep 2002
Location: Cov
Posts: 6,639
Thanks: 611
Thanked 924 Times in 647 Posts
I'd say if your firewall is blocking those apps, it's time for a new firewall. Personally I've not used anything apart from the built in windows one and the one in my ISP's router for years. Used to use 3rd software ones, but not felt the need for ages.
__________________
I've got a signature and an avatar :p
shteve is offline   Reply With Quote
Old 16-01-2021, 18:10   #17
Shingster
Trusted User
 
Shingster's Avatar
 
Join Date: Mar 2001
Location: United Kingdom
Posts: 9,080
Thanks: 603
Thanked 590 Times in 329 Posts
Yeah i’m looking into a paid alternative, but i want a firewall with HIPS and sandbox so i have more control over apps, which is why i want to stick with comodo for the short term. It’s only blocking around ten processes s year and i’m now aware of ghe issue so can work on it (might just need putting into training mode for a bit), so that’s why i need to find out if i can unblock these processes because i have an issue with my taskbar i think at leadt unblocking sihost.exe might solve,
Shingster is offline   Reply With Quote
Old 16-01-2021, 18:49   #18
scoobyood
Tony Danza
 
scoobyood's Avatar
 
Join Date: Aug 2004
Location: Zagreb
Posts: 9,831
Thanks: 1,102
Thanked 1,640 Times in 862 Posts
As before.... Why rely on a software firewall to block traffic from applications. If you don't trust the application, don't install it at all. If an application is stealing your information, it will probably be doing it over port 80 or https and Comodo won't care less.

Blocking your system 32 processes is utterly pointless. In fact, it might even block certain windows OS features which need to updates. Malicious software removal tool signatures for example.

Get yourself ESET internet security or Kaspersky or something.

Sent from my Pixel 5 using Tapatalk
scoobyood is offline   Reply With Quote
Old 16-01-2021, 19:40   #19
Shingster
Trusted User
 
Shingster's Avatar
 
Join Date: Mar 2001
Location: United Kingdom
Posts: 9,080
Thanks: 603
Thanked 590 Times in 329 Posts
I know it doesn't make any rational sense, but without revealing more information than I'm compfortable with, peace of mind is more important to me than actual logic, and I'm used to having a high level of firewall protection and want to maintain that as I switch to something I will have to pay for (so that means HIPS and sandox features, which is what I'm used to). It's gonna take time for me to research and decide which is best for my personal needs so I want to stick with my current set up until then.

Thanks for the feedback on sys32, I've never told my firewall to block any sys32 process except for svchost.exe. Just gonna try unblocking it all and see how I get on!

What I don't understand is, why would any AV or Firewall in existence have any component that actively blocks these processes if they are vital? Why isn't it built into all security software to allow sys32 processes by default?

Last edited by Shingster; 16-01-2021 at 19:47.
Shingster is offline   Reply With Quote
Old 16-01-2021, 21:04   #20
scoobyood
Tony Danza
 
scoobyood's Avatar
 
Join Date: Aug 2004
Location: Zagreb
Posts: 9,831
Thanks: 1,102
Thanked 1,640 Times in 862 Posts
SVCchost.exe is service process host.. can't remember which build of windows 10, but they split windows services into their own separate processes. Comodo are probably clinging to their windows xp business model and firewall is blocking each service at a network level. You can actually just go through the services list in control panel and disable any you don't like from running.. problem solved... And a lot less resources.

If you are running applications you don't trust, this is a very sloppy way to go about it. Comodo or AV products won't stop anything rummaging through your files, web history, cookies and saved passwords and uploading them to wherever. Download virtual box and run any suspicious in a windows or Linux virtual machine.

Sent from my Pixel 5 using Tapatalk
scoobyood is offline   Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Trying to install Vista - unable to find system volume to install on. Jacko371 Computing Forum 17 24-08-2007 05:35
avast antivirus, how much CPU usage Guest 849 Computing Forum 3 19-11-2005 09:42
AVAST Antivirus - updates? vs NOD32 Tempest Computing Forum 9 31-12-2004 13:43
Removing viruses with Avast Antivirus Big A Computing Forum 10 02-06-2004 21:13
Avast antivirus Guest 34480 Computing Forum 36 22-05-2004 11:43

All times are GMT. The time now is 07:52.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2021, vBulletin Solutions, Inc.qq
Copyright ©2000 - 2021 Network N Ltd.