inetcpl.cpl

Every time I delete browsing history and cookies within Control Panel,
my Comodo firewall flags up
"inetcpl.cpl is trying to change the current settings of your browser";
and asks me whether to allow.

This is the only time when Comodo flags this. I'm wondering why? Is
inetcpl.cpl not trusted?

I could, of course, simply set up a rule to allow it once and for all,
but I hesitate because something tells me "Comodo knows best".

Any insight or comments to the point would be welcome.
Windows 7, 64bit, Home Premium.

Ed

"Ed Cryer" wrote

| This is the only time when Comodo flags this. I'm wondering why? Is
| inetcpl.cpl not trusted?
|

The action is not trusted. similarly, firewalls
and AV wil often complain if you edit the HOSTS file
because malware sometimes does that.

I don't allow my firewall to do anything but monitor
online activity. The rest is overproduced noise. But it's
up to you. you can tell it to shut up or you can consider
it a service.

Mayayana wrote:
"Ed Cryer" wrote

| This is the only time when Comodo flags this. I'm wondering why? Is
| inetcpl.cpl not trusted?
|

The action is not trusted. similarly, firewalls
and AV wil often complain if you edit the HOSTS file
because malware sometimes does that.

I don't allow my firewall to do anything but monitor
online activity. The rest is overproduced noise. But it's
up to you. you can tell it to shut up or you can consider
it a service.



If Comodo wants to keep me clean and safe then it aught to keep tabs on
Firefox. I use that 95% of the time. But it never utters a whimper about
that.
I can clear the cache, wipe out all cookies, even use Bing, and all
without a murmur.

Ed

"Ed Cryer" wrote

| If Comodo wants to keep me clean and safe then it aught to keep tabs on
| Firefox. I use that 95% of the time. But it never utters a whimper about
| that.
| I can clear the cache, wipe out all cookies, even use Bing, and all
| without a murmur.
|

Interesting. I wonder what the actual Comodo
settings are. I've never used Comodo but I have found
that most AV and firewalls now want to do all sorts of
things, like filtering email, comtrolling HOSTS, etc.

In any case, you should be able to set it to do
as you like. My guess with the IE vs Firefox difference
is that it may be due to a popular misconception: Many
people, even including programmers, think of IE
history and cookies as Windows history and cookies.
IE is very intertwined with the system. The fact that
IE settings are in the Control Panel called "Internet
Options" is a good example. They're not Internet
options. It's not Internet security. It's not Windows
cookies. They're just IE settings. But MS want you
to think those are the same thing.

It's even worse than that behind the scenes. Many
programmers think the proper way to download a file
in software is to use a function called UrlDownloadToFile.
But that function adds to IE cache and history because
it's actually just an IE wrapper. In other words, even
experienced, professional programmers are often just
automating IE (and putting you at risk) when their
software goes online to download a file.

So Comodo may have been designed with that
perspective, that IE *is* the Internet.

Ed Cryer wrote:

Every time I delete browsing history and cookies within Control Panel,
my Comodo firewall flags up
"inetcpl.cpl is trying to change the current settings of your browser";
and asks me whether to allow.

This is the only time when Comodo flags this. I'm wondering why? Is
inetcpl.cpl not trusted?

I could, of course, simply set up a rule to allow it once and for all,
but I hesitate because something tells me "Comodo knows best".

Any insight or comments to the point would be welcome.
Windows 7, 64bit, Home Premium.

inetcpl.cpl in the Internet Options wizard, the same one that runs when
you run it from the Control Panel. Apparently that is what you are
using to delete cookies and history. *.cpl files are Control Panel
Applets.

Most users don't bother going into the Internet Options wizard to flush
out cookies and history. Those settings ONLY APPLY to Internet
Explorer. The don't affect any other web browser. You are still using
IE as your primary web browser? The latest version of IE is 11, and
many sites have or are starting to drop support for IE11. You may get
error messages, prompts to use a newer web browser, a rejected connect,
or the site misbehaves.

IE has its own purge-on-exit settings (under Advanced - Security,
"Empty Temporary Internet Files folder when browser is closed"). that
has historical been proven unreliable. Other web browsers, like
Firefox, have their own purge-on-exit settings. Google Chrome doesn't
have a similar option, so you need to use an extension to perform the
cleanup (e.g., Click&Clean); however, because of changes made by Google,
extensions cannot do the cleanup on exit of Chrome, so they perform the
cleanup on the next load of Chrome. Those help to do the cleanup you
are discussing. There are other tools to do cleanup, like CCleaner,
that also purge cookies and flush history for several web browsers.
Those are ran outside of the web browser. You can run them manually.
Some allow a command-line switch, like "ccleaner.exe /auto" for
CCleaner, so you could create a shortcut (on your desktop or in a
toolbar in the Windows taskbar) or even add it as a scheduled event in
Task Scheduler. Firefox's purge-on-exit works very well. Just remember
to select everything (except passwords, if stored) to purge. Google
Chrome requires an extension. I still use CCleaner to make sure the
crap got deleted both manually and have a scheduled event for it.

I'm a bit surprised Comodo Firewall's HIPS doesn't have inetcpl.cpl
already whitelisted. Did you configure CFW to not use that whitelist?
It has been a long time since I last use Comodo Firewall (*) but recall
you could configure its HIPS (Host Intrusion Protection System) to not
use Comodo's whitelist and instead prompt you every time any program
wanted to make system changes.

(*) I'm leery to use Comodo Firewall again. The last time I tried to
install it (last week), first it failed with a signature error on
the download (what their web installer retrieved, not the web
installer that I downloaded). Then it completed and needed a
reboot. I had Avast Internet Security installed. On reboot, I got
bluescreened. I couldn't recover using an image backup made after
the AIS install but before the CFW install. CFW has somehow
corrupted AIS. I had to restore to an image before AIS got
installed, and do it again. Took me 8 hours to recover: 3 for
troubleshooting the bluescreens and eventually clubbing it all with
a backup image before the AIS install (and the following Comodo CFW
install) and then going through every program to restore tweaks made
after that image along with a few data file recoveries from online
backups.

Comodo AntiVirus (CAV) is way too weak to use as a primary anti-
virus. They kept in beta, so it would get excluded from testing by
independents. They promised to roll their HIPS into CAV but that
didn't happen. Instead they rolled CAV into CFW to make use of
CFW's HIPS. I'll use Avast instead as the local AV but would
probably still let CFW use Comodo's cloud AV in their
HIPS/sandbox to check unknown files. I remember long ago that I had
Avast and CFW working together but that was for the freeware version
of Avast, so not all the additional protection modules were
available back then. They're likely now stepping on each other too
much and causing interference.

I've gone back to Avast Free. It has spam popups (which can be
eliminated by using Silent Mode but then all popups are gone). I
paid and expected the spam popups to disappear. Nope. Changing the
"offer" options didn't help. They hadn't a clue, plus their tech
said the product "works that way"; that is, if you don't buy
EVERYTHING that Avast wants to sell then you get spam popups. I
wasn't paying to continue getting spammed. Now that I'm back to the
freeware version, I might give CFW another shot. CFW has a sandbox
that only comes in the payware version of Avast, and that's all you
need to thwart ransomware.

However, I would configure CFW to use their pre-compiled whitelist
of known/good programs to eliminate all those prompts about them.
Maybe you decided to use Paranoid Mode.

http://help.comodo.com/topic-72-1-284-3036-.html

You sure your question would not have been more appropriately submitted
to the Comodo forums?

Mayayana wrote:
"Ed Cryer" wrote

| If Comodo wants to keep me clean and safe then it aught to keep tabs on
| Firefox. I use that 95% of the time. But it never utters a whimper about
| that.
| I can clear the cache, wipe out all cookies, even use Bing, and all
| without a murmur.
|

Interesting. I wonder what the actual Comodo
settings are. I've never used Comodo but I have found
that most AV and firewalls now want to do all sorts of
things, like filtering email, comtrolling HOSTS, etc.

In any case, you should be able to set it to do
as you like. My guess with the IE vs Firefox difference
is that it may be due to a popular misconception: Many
people, even including programmers, think of IE
history and cookies as Windows history and cookies.
IE is very intertwined with the system. The fact that
IE settings are in the Control Panel called "Internet
Options" is a good example. They're not Internet
options. It's not Internet security. It's not Windows
cookies. They're just IE settings. But MS want you
to think those are the same thing.

It's even worse than that behind the scenes. Many
programmers think the proper way to download a file
in software is to use a function called UrlDownloadToFile.
But that function adds to IE cache and history because
it's actually just an IE wrapper. In other words, even
experienced, professional programmers are often just
automating IE (and putting you at risk) when their
software goes online to download a file.

So Comodo may have been designed with that
perspective, that IE *is* the Internet.



I think the key here is the program in my Subject.
I doubt Firefox uses that. It has its own routines for cleaning up. Same
with other browsers.

The Comodo people probably know more about that program than we do, it
having access to IE's insides.

I think I'll leave it as it is. Better safe than sorry. Or, to use
Net-speak, BSTS.

Ed

"Ed Cryer" wrote

| I think the key here is the program in my Subject.

That's what I was explaining. inetcpl is the Control
Panel applet for "Internet Options", which is the same
as IE's settings window. That's why you saw it listed
in Comodo.

| I doubt Firefox uses that. It has its own routines for cleaning up. Same
| with other browsers.
|
It also has its own cookies.

| The Comodo people probably know more about that program than we do, it
| having access to IE's insides.
|
They don't know any more than I just told you.
It's very simple. You're deleting IE cookies and
Comodo is apparently set in nanny mode to sound
an alarm about that because it's mistakenly designed
to equate IE settings with "Windows" settings. Mistaken
because it doesn't apply to any other browser, so it's
not Windows settings.
inetcpl just happens to be the process Comodo sees
doing the deleting.
The only thing you need to know is whether you
want Comodo to keep sounding an alarm.

If this doesn't make sense to you, go to Run and
enter inetcpl.cpl. Then compare that to IE menu
Tools - Internet Options. Mystery solved.

"VanguardLH" wrote

| You sure your question would not have been more appropriately submitted
| to the Comodo forums?

It would have made more sense *after* he'd looked
at and understood his Comodo settings, but it looks
like that's not going to happen.

Mayayana wrote:
"Ed Cryer" wrote

| I think the key here is the program in my Subject.

That's what I was explaining. inetcpl is the Control
Panel applet for "Internet Options", which is the same
as IE's settings window. That's why you saw it listed
in Comodo.

| I doubt Firefox uses that. It has its own routines for cleaning up. Same
| with other browsers.
|
It also has its own cookies.

| The Comodo people probably know more about that program than we do, it
| having access to IE's insides.
|
They don't know any more than I just told you.
It's very simple. You're deleting IE cookies and
Comodo is apparently set in nanny mode to sound
an alarm about that because it's mistakenly designed
to equate IE settings with "Windows" settings. Mistaken
because it doesn't apply to any other browser, so it's
not Windows settings.
inetcpl just happens to be the process Comodo sees
doing the deleting.
The only thing you need to know is whether you
want Comodo to keep sounding an alarm.

If this doesn't make sense to you, go to Run and
enter inetcpl.cpl. Then compare that to IE menu
Tools - Internet Options. Mystery solved.



Yes, that seems to be it.

Ed

Mayayana wrote:
"VanguardLH" wrote

| You sure your question would not have been more appropriately submitted
| to the Comodo forums?

It would have made more sense *after* he'd looked
at and understood his Comodo settings, but it looks
like that's not going to happen.



I can't find it in Comodo settings.

Ed

"Ed Cryer" wrote

|
| I can't find it in Comodo settings.
|

Not surprising. I looked at their settings online. One
could spend until next Thursday figuring it all out.

Like most other such programs these days, it grossly
overproduced and tries to act as a nanny for all
functions, being more intrusive, even, than the
default lackey user settings. Here's one example
of where such settings *could* be:

https://help.comodo.com/topic-72-1-4...ed-files-.html

It explains that there's a list of protected files and
settings as part of their so-called "Comodo Internet
Security". (Known as CIS to us insiders.

If you're going to install something like Comodo and
not thoroughly adjust all of the settings then you're
asking it to not allow you to use your system. If
you wear a hazmat suit to have sex then you
shouldn't be surprised to find that it's slightly
inconvenient and maybe not quite so much fun as it
used to be. But on the bright side, you won't catch
a cold from your lover.

This is what I said in my first post: It's up to you
whether you want these controls. Comodo is not
blocking you. You've chosen to block yourself. If you
want Comodo to make the decisions then you'll have
to accept regular hassles and warnings.

Mayayana wrote:
"Ed Cryer" wrote

|
| I can't find it in Comodo settings.
|

Not surprising. I looked at their settings online. One
could spend until next Thursday figuring it all out.

Like most other such programs these days, it grossly
overproduced and tries to act as a nanny for all
functions, being more intrusive, even, than the
default lackey user settings. Here's one example
of where such settings *could* be:

https://help.comodo.com/topic-72-1-4...ed-files-.html

It explains that there's a list of protected files and
settings as part of their so-called "Comodo Internet
Security". (Known as CIS to us insiders.

If you're going to install something like Comodo and
not thoroughly adjust all of the settings then you're
asking it to not allow you to use your system. If
you wear a hazmat suit to have sex then you
shouldn't be surprised to find that it's slightly
inconvenient and maybe not quite so much fun as it
used to be. But on the bright side, you won't catch
a cold from your lover.

This is what I said in my first post: It's up to you
whether you want these controls. Comodo is not
blocking you. You've chosen to block yourself. If you
want Comodo to make the decisions then you'll have
to accept regular hassles and warnings.



Well, blow me. I've finally found it under File Rating/ File List.
(Don't bludgeon me too severely. I know it sounds obvious now. (:- )
https://www.dropbox.com/s/m6lzmgglkr...-shot.jpg?dl=0
And (you'll notice) it is .... (wait for it) ... Trusted.

So why, so why does it pause and ask me for permission to do its stuff?

Ed

BTW, I fully appreciate your advice about tailoring. I used to do it
myself, but I have very little time these days, and tend to use default
settings.

"Ed Cryer" wrote

| BTW, I fully appreciate your advice about tailoring. I used to do it
| myself, but I have very little time these days, and tend to use default
| settings.

I find it's very important with these kinds of programs.
Example: The default settings will usually have them
doing things like scanning every file you touch for
malware. It's far less wasteful to only scan new/downloaded
files.

Ed Cryer wrote:

Mayayana wrote:
"Ed Cryer" wrote

|
| I can't find it in Comodo settings.
|

Not surprising. I looked at their settings online. One
could spend until next Thursday figuring it all out.

Like most other such programs these days, it grossly
overproduced and tries to act as a nanny for all
functions, being more intrusive, even, than the
default lackey user settings. Here's one example
of where such settings *could* be:

https://help.comodo.com/topic-72-1-4...ed-files-.html

It explains that there's a list of protected files and
settings as part of their so-called "Comodo Internet
Security". (Known as CIS to us insiders.

If you're going to install something like Comodo and
not thoroughly adjust all of the settings then you're
asking it to not allow you to use your system. If
you wear a hazmat suit to have sex then you
shouldn't be surprised to find that it's slightly
inconvenient and maybe not quite so much fun as it
used to be. But on the bright side, you won't catch
a cold from your lover.

This is what I said in my first post: It's up to you
whether you want these controls. Comodo is not
blocking you. You've chosen to block yourself. If you
want Comodo to make the decisions then you'll have
to accept regular hassles and warnings.


Well, blow me. I've finally found it under File Rating/ File List.
(Don't bludgeon me too severely. I know it sounds obvious now. (:- )
https://www.dropbox.com/s/m6lzmgglkr...-shot.jpg?dl=0
And (you'll notice) it is .... (wait for it) ... Trusted.

I don't know if CFW/CIS creates and saves hash on the file to know it is
the true file that it is whitelisting. If not, malware could subtitute
itself in the same path using the same filename. Whitelisting by only
the path to a file is not sufficient to protect against malware naming
itself as the whitelisted file.

You had mentioned using Firefox. It doesn't use inetcpl.cpl directly.
It has its menu - Options - General: Network Settings dialog which is
internal to Firefox. That is not a different representation of the
Internet Options applet. Firefox duplicates the settings available in
inetcpl.cpl under the Connections tab. Firefox may instigate a call to
inetcpl.cpl when you configure it to "Use system proxy settings" but I
don't see why that would happen when you were telling Firefox to purge
its own cookies and erase its own history.

Were you using Firefox itself to purge its cookies & history, or were
you mistakeningly using inetcpl.cpl (Internet Options)? While Firefox
will use many of the settings from Internet Options (well, the settings
it puts in the registry), inetcpl.cpl does not flush cookies and history
from any web browser other than Internet Explorer. For IE, that data is
held in folder. For Firefox, that data is held in SQLite databases.

So why, so why does it pause and ask me for permission to do its stuff?

How were you flushing cookies and history in Firefox? inetcpl.cpl
(Internet Options) won't touch cookies and history in Firefox, Google
Chrome, Seamonkey, PaleMoon, Vivaldi, or any web browser other than
Internet Explorer.

When using Malwarebytes' AntiMalware (only as a 2nd opinion scanner, not
its real-time scanner), it used to report several user-configurable
settings as possible malware fingerprints. These were settings that I
made myself in tweaking Windows but MBAM would report as suspicious. It
can be hard when looking at what is going on in the system and check
settings to know if a user did those or a tweaker or malware.
Eventually MBAM removing firing on those tweaks as suspicious because
LOTS of users were making the same tweaks. Could be CFW/CIS doesn't
know if it is you running inetcpl.cpl or some kiddie-scripted malware
running through that wizard, like to change to using a proxy employed by
the malware to sniff your traffic or just kill your Internet connection.

Some things the user can do is the same things malware may do. If you
whitelisted inetcpl.cpl (yourself or it was in a trusted list), malware
that scripts using that wizard could seriously affect your network
configuration. This is why whitelisting is not really a sufficient
means of preventing malware from running but allowing good programs to
run. Good programs can be subourned. For example, winword.exe (MS
Word) might be whitelisted because it a known and usually trustworthy
program. However, malware can be macros within a document that Word
will executed, especially if the user is foolish in changinge Word away
from its security settings, like allowing macros to run without prompt.
(BTW: I configure Word to *never* run macros because I never want anyone
to send me a document that is scripted.) So Word is whitelisted/trusted
because it is known but it could act maliciously if its security were
diminished in its configuration or the user purposefully chose to allow
an unknown macro to execute in a document sourced from an unknown
source.

By the way, there are multiple copies of the inetcpl.cpl file in your
file system. If you run a file finder tool (e.g., Search Everything or
FileLocator Lite), you'll find inetcpl.cpl in multiple folders. Did
Comodo tell you the path to the inetcpl.cpl on which it alerted?
Malware can be called anything. It might be in a different path than
the legitimate file, so seeing "inetcpl.cpl" doesn't tell you from where
that file got loaded. Also, malware can replaced a legitimate file.
Just because it is listed in a trusted list or whitelist doesn't mean
what is listed is what got ran. Hopefully CFW/CIS saves a hash on known
good files, so maybe the inetcpl.cpl that it triggers on is not in the
correct path or a different file with the same name.

VanguardLH wrote:
Ed Cryer wrote:

Mayayana wrote:
"Ed Cryer" wrote

|
| I can't find it in Comodo settings.
|

Not surprising. I looked at their settings online. One
could spend until next Thursday figuring it all out.

Like most other such programs these days, it grossly
overproduced and tries to act as a nanny for all
functions, being more intrusive, even, than the
default lackey user settings. Here's one example
of where such settings *could* be:

https://help.comodo.com/topic-72-1-4...ed-files-.html

It explains that there's a list of protected files and
settings as part of their so-called "Comodo Internet
Security". (Known as CIS to us insiders.

If you're going to install something like Comodo and
not thoroughly adjust all of the settings then you're
asking it to not allow you to use your system. If
you wear a hazmat suit to have sex then you
shouldn't be surprised to find that it's slightly
inconvenient and maybe not quite so much fun as it
used to be. But on the bright side, you won't catch
a cold from your lover.

This is what I said in my first post: It's up to you
whether you want these controls. Comodo is not
blocking you. You've chosen to block yourself. If you
want Comodo to make the decisions then you'll have
to accept regular hassles and warnings.


Well, blow me. I've finally found it under File Rating/ File List.
(Don't bludgeon me too severely. I know it sounds obvious now. (:- )
https://www.dropbox.com/s/m6lzmgglkr...-shot.jpg?dl=0
And (you'll notice) it is .... (wait for it) ... Trusted.

I don't know if CFW/CIS creates and saves hash on the file to know it is
the true file that it is whitelisting. If not, malware could subtitute
itself in the same path using the same filename. Whitelisting by only
the path to a file is not sufficient to protect against malware naming
itself as the whitelisted file.

You had mentioned using Firefox. It doesn't use inetcpl.cpl directly.
It has its menu - Options - General: Network Settings dialog which is
internal to Firefox. That is not a different representation of the
Internet Options applet. Firefox duplicates the settings available in
inetcpl.cpl under the Connections tab. Firefox may instigate a call to
inetcpl.cpl when you configure it to "Use system proxy settings" but I
don't see why that would happen when you were telling Firefox to purge
its own cookies and erase its own history.

Were you using Firefox itself to purge its cookies & history, or were
you mistakeningly using inetcpl.cpl (Internet Options)? While Firefox
will use many of the settings from Internet Options (well, the settings
it puts in the registry), inetcpl.cpl does not flush cookies and history
from any web browser other than Internet Explorer. For IE, that data is
held in folder. For Firefox, that data is held in SQLite databases.

So why, so why does it pause and ask me for permission to do its stuff?

How were you flushing cookies and history in Firefox? inetcpl.cpl
(Internet Options) won't touch cookies and history in Firefox, Google
Chrome, Seamonkey, PaleMoon, Vivaldi, or any web browser other than
Internet Explorer.

When using Malwarebytes' AntiMalware (only as a 2nd opinion scanner, not
its real-time scanner), it used to report several user-configurable
settings as possible malware fingerprints. These were settings that I
made myself in tweaking Windows but MBAM would report as suspicious. It
can be hard when looking at what is going on in the system and check
settings to know if a user did those or a tweaker or malware.
Eventually MBAM removing firing on those tweaks as suspicious because
LOTS of users were making the same tweaks. Could be CFW/CIS doesn't
know if it is you running inetcpl.cpl or some kiddie-scripted malware
running through that wizard, like to change to using a proxy employed by
the malware to sniff your traffic or just kill your Internet connection.

Some things the user can do is the same things malware may do. If you
whitelisted inetcpl.cpl (yourself or it was in a trusted list), malware
that scripts using that wizard could seriously affect your network
configuration. This is why whitelisting is not really a sufficient
means of preventing malware from running but allowing good programs to
run. Good programs can be subourned. For example, winword.exe (MS
Word) might be whitelisted because it a known and usually trustworthy
program. However, malware can be macros within a document that Word
will executed, especially if the user is foolish in changinge Word away
from its security settings, like allowing macros to run without prompt.
(BTW: I configure Word to *never* run macros because I never want anyone
to send me a document that is scripted.) So Word is whitelisted/trusted
because it is known but it could act maliciously if its security were
diminished in its configuration or the user purposefully chose to allow
an unknown macro to execute in a document sourced from an unknown
source.

By the way, there are multiple copies of the inetcpl.cpl file in your
file system. If you run a file finder tool (e.g., Search Everything or
FileLocator Lite), you'll find inetcpl.cpl in multiple folders. Did
Comodo tell you the path to the inetcpl.cpl on which it alerted?
Malware can be called anything. It might be in a different path than
the legitimate file, so seeing "inetcpl.cpl" doesn't tell you from where
that file got loaded. Also, malware can replaced a legitimate file.
Just because it is listed in a trusted list or whitelist doesn't mean
what is listed is what got ran. Hopefully CFW/CIS saves a hash on known
good files, so maybe the inetcpl.cpl that it triggers on is not in the
correct path or a different file with the same name.


I appreciate the time and concern you've given to this. And I'll give
you what info I can.

I clear Firefox weekly; Options/ Privacy & Security/ clear data cache,
clear history.
I use IE once in a blue moon, but clear it weekly for tidiness.

I've been clearing through Control Panel, and always get the Comodo
prompt. This is the *only* Comodo prompt I ever get.
From now on I shall clear through IE itself.

Mayayana discovered this difference, and I thank him. But I'm still not
sure just why this happens. It appears that Comodo is listening to the
Control Panel requests, but not IE ones.
OK. I can live with that, but my inquiring mind leaves me with a nagging
question of just why. Not that I suspect anything amiss, just simple
curiosity.

Ed