If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
inetcpl.cpl
Every time I delete browsing history and cookies within Control Panel,
my Comodo firewall flags up "inetcpl.cpl is trying to change the current settings of your browser"; and asks me whether to allow. This is the only time when Comodo flags this. I'm wondering why? Is inetcpl.cpl not trusted? I could, of course, simply set up a rule to allow it once and for all, but I hesitate because something tells me "Comodo knows best". Any insight or comments to the point would be welcome. Windows 7, 64bit, Home Premium. Ed |
Ads |
#2
|
|||
|
|||
inetcpl.cpl
"Ed Cryer" wrote
| This is the only time when Comodo flags this. I'm wondering why? Is | inetcpl.cpl not trusted? | The action is not trusted. similarly, firewalls and AV wil often complain if you edit the HOSTS file because malware sometimes does that. I don't allow my firewall to do anything but monitor online activity. The rest is overproduced noise. But it's up to you. you can tell it to shut up or you can consider it a service. |
#3
|
|||
|
|||
inetcpl.cpl
Mayayana wrote:
"Ed Cryer" wrote | This is the only time when Comodo flags this. I'm wondering why? Is | inetcpl.cpl not trusted? | The action is not trusted. similarly, firewalls and AV wil often complain if you edit the HOSTS file because malware sometimes does that. I don't allow my firewall to do anything but monitor online activity. The rest is overproduced noise. But it's up to you. you can tell it to shut up or you can consider it a service. If Comodo wants to keep me clean and safe then it aught to keep tabs on Firefox. I use that 95% of the time. But it never utters a whimper about that. I can clear the cache, wipe out all cookies, even use Bing, and all without a murmur. Ed |
#4
|
|||
|
|||
inetcpl.cpl
"Ed Cryer" wrote
| If Comodo wants to keep me clean and safe then it aught to keep tabs on | Firefox. I use that 95% of the time. But it never utters a whimper about | that. | I can clear the cache, wipe out all cookies, even use Bing, and all | without a murmur. | Interesting. I wonder what the actual Comodo settings are. I've never used Comodo but I have found that most AV and firewalls now want to do all sorts of things, like filtering email, comtrolling HOSTS, etc. In any case, you should be able to set it to do as you like. My guess with the IE vs Firefox difference is that it may be due to a popular misconception: Many people, even including programmers, think of IE history and cookies as Windows history and cookies. IE is very intertwined with the system. The fact that IE settings are in the Control Panel called "Internet Options" is a good example. They're not Internet options. It's not Internet security. It's not Windows cookies. They're just IE settings. But MS want you to think those are the same thing. It's even worse than that behind the scenes. Many programmers think the proper way to download a file in software is to use a function called UrlDownloadToFile. But that function adds to IE cache and history because it's actually just an IE wrapper. In other words, even experienced, professional programmers are often just automating IE (and putting you at risk) when their software goes online to download a file. So Comodo may have been designed with that perspective, that IE *is* the Internet. |
#5
|
|||
|
|||
inetcpl.cpl
Ed Cryer wrote:
Every time I delete browsing history and cookies within Control Panel, my Comodo firewall flags up "inetcpl.cpl is trying to change the current settings of your browser"; and asks me whether to allow. This is the only time when Comodo flags this. I'm wondering why? Is inetcpl.cpl not trusted? I could, of course, simply set up a rule to allow it once and for all, but I hesitate because something tells me "Comodo knows best". Any insight or comments to the point would be welcome. Windows 7, 64bit, Home Premium. inetcpl.cpl in the Internet Options wizard, the same one that runs when you run it from the Control Panel. Apparently that is what you are using to delete cookies and history. *.cpl files are Control Panel Applets. Most users don't bother going into the Internet Options wizard to flush out cookies and history. Those settings ONLY APPLY to Internet Explorer. The don't affect any other web browser. You are still using IE as your primary web browser? The latest version of IE is 11, and many sites have or are starting to drop support for IE11. You may get error messages, prompts to use a newer web browser, a rejected connect, or the site misbehaves. IE has its own purge-on-exit settings (under Advanced - Security, "Empty Temporary Internet Files folder when browser is closed"). that has historical been proven unreliable. Other web browsers, like Firefox, have their own purge-on-exit settings. Google Chrome doesn't have a similar option, so you need to use an extension to perform the cleanup (e.g., Click&Clean); however, because of changes made by Google, extensions cannot do the cleanup on exit of Chrome, so they perform the cleanup on the next load of Chrome. Those help to do the cleanup you are discussing. There are other tools to do cleanup, like CCleaner, that also purge cookies and flush history for several web browsers. Those are ran outside of the web browser. You can run them manually. Some allow a command-line switch, like "ccleaner.exe /auto" for CCleaner, so you could create a shortcut (on your desktop or in a toolbar in the Windows taskbar) or even add it as a scheduled event in Task Scheduler. Firefox's purge-on-exit works very well. Just remember to select everything (except passwords, if stored) to purge. Google Chrome requires an extension. I still use CCleaner to make sure the crap got deleted both manually and have a scheduled event for it. I'm a bit surprised Comodo Firewall's HIPS doesn't have inetcpl.cpl already whitelisted. Did you configure CFW to not use that whitelist? It has been a long time since I last use Comodo Firewall (*) but recall you could configure its HIPS (Host Intrusion Protection System) to not use Comodo's whitelist and instead prompt you every time any program wanted to make system changes. (*) I'm leery to use Comodo Firewall again. The last time I tried to install it (last week), first it failed with a signature error on the download (what their web installer retrieved, not the web installer that I downloaded). Then it completed and needed a reboot. I had Avast Internet Security installed. On reboot, I got bluescreened. I couldn't recover using an image backup made after the AIS install but before the CFW install. CFW has somehow corrupted AIS. I had to restore to an image before AIS got installed, and do it again. Took me 8 hours to recover: 3 for troubleshooting the bluescreens and eventually clubbing it all with a backup image before the AIS install (and the following Comodo CFW install) and then going through every program to restore tweaks made after that image along with a few data file recoveries from online backups. Comodo AntiVirus (CAV) is way too weak to use as a primary anti- virus. They kept in beta, so it would get excluded from testing by independents. They promised to roll their HIPS into CAV but that didn't happen. Instead they rolled CAV into CFW to make use of CFW's HIPS. I'll use Avast instead as the local AV but would probably still let CFW use Comodo's cloud AV in their HIPS/sandbox to check unknown files. I remember long ago that I had Avast and CFW working together but that was for the freeware version of Avast, so not all the additional protection modules were available back then. They're likely now stepping on each other too much and causing interference. I've gone back to Avast Free. It has spam popups (which can be eliminated by using Silent Mode but then all popups are gone). I paid and expected the spam popups to disappear. Nope. Changing the "offer" options didn't help. They hadn't a clue, plus their tech said the product "works that way"; that is, if you don't buy EVERYTHING that Avast wants to sell then you get spam popups. I wasn't paying to continue getting spammed. Now that I'm back to the freeware version, I might give CFW another shot. CFW has a sandbox that only comes in the payware version of Avast, and that's all you need to thwart ransomware. However, I would configure CFW to use their pre-compiled whitelist of known/good programs to eliminate all those prompts about them. Maybe you decided to use Paranoid Mode. http://help.comodo.com/topic-72-1-284-3036-.html You sure your question would not have been more appropriately submitted to the Comodo forums? |
#6
|
|||
|
|||
inetcpl.cpl
Mayayana wrote:
"Ed Cryer" wrote | If Comodo wants to keep me clean and safe then it aught to keep tabs on | Firefox. I use that 95% of the time. But it never utters a whimper about | that. | I can clear the cache, wipe out all cookies, even use Bing, and all | without a murmur. | Interesting. I wonder what the actual Comodo settings are. I've never used Comodo but I have found that most AV and firewalls now want to do all sorts of things, like filtering email, comtrolling HOSTS, etc. In any case, you should be able to set it to do as you like. My guess with the IE vs Firefox difference is that it may be due to a popular misconception: Many people, even including programmers, think of IE history and cookies as Windows history and cookies. IE is very intertwined with the system. The fact that IE settings are in the Control Panel called "Internet Options" is a good example. They're not Internet options. It's not Internet security. It's not Windows cookies. They're just IE settings. But MS want you to think those are the same thing. It's even worse than that behind the scenes. Many programmers think the proper way to download a file in software is to use a function called UrlDownloadToFile. But that function adds to IE cache and history because it's actually just an IE wrapper. In other words, even experienced, professional programmers are often just automating IE (and putting you at risk) when their software goes online to download a file. So Comodo may have been designed with that perspective, that IE *is* the Internet. I think the key here is the program in my Subject. I doubt Firefox uses that. It has its own routines for cleaning up. Same with other browsers. The Comodo people probably know more about that program than we do, it having access to IE's insides. I think I'll leave it as it is. Better safe than sorry. Or, to use Net-speak, BSTS. Ed |
#7
|
|||
|
|||
inetcpl.cpl
"Ed Cryer" wrote
| I think the key here is the program in my Subject. That's what I was explaining. inetcpl is the Control Panel applet for "Internet Options", which is the same as IE's settings window. That's why you saw it listed in Comodo. | I doubt Firefox uses that. It has its own routines for cleaning up. Same | with other browsers. | It also has its own cookies. | The Comodo people probably know more about that program than we do, it | having access to IE's insides. | They don't know any more than I just told you. It's very simple. You're deleting IE cookies and Comodo is apparently set in nanny mode to sound an alarm about that because it's mistakenly designed to equate IE settings with "Windows" settings. Mistaken because it doesn't apply to any other browser, so it's not Windows settings. inetcpl just happens to be the process Comodo sees doing the deleting. The only thing you need to know is whether you want Comodo to keep sounding an alarm. If this doesn't make sense to you, go to Run and enter inetcpl.cpl. Then compare that to IE menu Tools - Internet Options. Mystery solved. |
#8
|
|||
|
|||
inetcpl.cpl
"VanguardLH" wrote
| You sure your question would not have been more appropriately submitted | to the Comodo forums? It would have made more sense *after* he'd looked at and understood his Comodo settings, but it looks like that's not going to happen. |
#9
|
|||
|
|||
inetcpl.cpl
Mayayana wrote:
"Ed Cryer" wrote | I think the key here is the program in my Subject. That's what I was explaining. inetcpl is the Control Panel applet for "Internet Options", which is the same as IE's settings window. That's why you saw it listed in Comodo. | I doubt Firefox uses that. It has its own routines for cleaning up. Same | with other browsers. | It also has its own cookies. | The Comodo people probably know more about that program than we do, it | having access to IE's insides. | They don't know any more than I just told you. It's very simple. You're deleting IE cookies and Comodo is apparently set in nanny mode to sound an alarm about that because it's mistakenly designed to equate IE settings with "Windows" settings. Mistaken because it doesn't apply to any other browser, so it's not Windows settings. inetcpl just happens to be the process Comodo sees doing the deleting. The only thing you need to know is whether you want Comodo to keep sounding an alarm. If this doesn't make sense to you, go to Run and enter inetcpl.cpl. Then compare that to IE menu Tools - Internet Options. Mystery solved. Yes, that seems to be it. Ed |
#10
|
|||
|
|||
inetcpl.cpl
Mayayana wrote:
"VanguardLH" wrote | You sure your question would not have been more appropriately submitted | to the Comodo forums? It would have made more sense *after* he'd looked at and understood his Comodo settings, but it looks like that's not going to happen. I can't find it in Comodo settings. Ed |
#11
|
|||
|
|||
inetcpl.cpl
"Ed Cryer" wrote
| | I can't find it in Comodo settings. | Not surprising. I looked at their settings online. One could spend until next Thursday figuring it all out. Like most other such programs these days, it grossly overproduced and tries to act as a nanny for all functions, being more intrusive, even, than the default lackey user settings. Here's one example of where such settings *could* be: https://help.comodo.com/topic-72-1-4...ed-files-.html It explains that there's a list of protected files and settings as part of their so-called "Comodo Internet Security". (Known as CIS to us insiders. If you're going to install something like Comodo and not thoroughly adjust all of the settings then you're asking it to not allow you to use your system. If you wear a hazmat suit to have sex then you shouldn't be surprised to find that it's slightly inconvenient and maybe not quite so much fun as it used to be. But on the bright side, you won't catch a cold from your lover. This is what I said in my first post: It's up to you whether you want these controls. Comodo is not blocking you. You've chosen to block yourself. If you want Comodo to make the decisions then you'll have to accept regular hassles and warnings. |
#12
|
|||
|
|||
inetcpl.cpl
Mayayana wrote:
"Ed Cryer" wrote | | I can't find it in Comodo settings. | Not surprising. I looked at their settings online. One could spend until next Thursday figuring it all out. Like most other such programs these days, it grossly overproduced and tries to act as a nanny for all functions, being more intrusive, even, than the default lackey user settings. Here's one example of where such settings *could* be: https://help.comodo.com/topic-72-1-4...ed-files-.html It explains that there's a list of protected files and settings as part of their so-called "Comodo Internet Security". (Known as CIS to us insiders. If you're going to install something like Comodo and not thoroughly adjust all of the settings then you're asking it to not allow you to use your system. If you wear a hazmat suit to have sex then you shouldn't be surprised to find that it's slightly inconvenient and maybe not quite so much fun as it used to be. But on the bright side, you won't catch a cold from your lover. This is what I said in my first post: It's up to you whether you want these controls. Comodo is not blocking you. You've chosen to block yourself. If you want Comodo to make the decisions then you'll have to accept regular hassles and warnings. Well, blow me. I've finally found it under File Rating/ File List. (Don't bludgeon me too severely. I know it sounds obvious now. (:- ) https://www.dropbox.com/s/m6lzmgglkr...-shot.jpg?dl=0 And (you'll notice) it is .... (wait for it) ... Trusted. So why, so why does it pause and ask me for permission to do its stuff? Ed BTW, I fully appreciate your advice about tailoring. I used to do it myself, but I have very little time these days, and tend to use default settings. |
#13
|
|||
|
|||
inetcpl.cpl
"Ed Cryer" wrote
| BTW, I fully appreciate your advice about tailoring. I used to do it | myself, but I have very little time these days, and tend to use default | settings. I find it's very important with these kinds of programs. Example: The default settings will usually have them doing things like scanning every file you touch for malware. It's far less wasteful to only scan new/downloaded files. |
#14
|
|||
|
|||
inetcpl.cpl
Ed Cryer wrote:
Mayayana wrote: "Ed Cryer" wrote | | I can't find it in Comodo settings. | Not surprising. I looked at their settings online. One could spend until next Thursday figuring it all out. Like most other such programs these days, it grossly overproduced and tries to act as a nanny for all functions, being more intrusive, even, than the default lackey user settings. Here's one example of where such settings *could* be: https://help.comodo.com/topic-72-1-4...ed-files-.html It explains that there's a list of protected files and settings as part of their so-called "Comodo Internet Security". (Known as CIS to us insiders. If you're going to install something like Comodo and not thoroughly adjust all of the settings then you're asking it to not allow you to use your system. If you wear a hazmat suit to have sex then you shouldn't be surprised to find that it's slightly inconvenient and maybe not quite so much fun as it used to be. But on the bright side, you won't catch a cold from your lover. This is what I said in my first post: It's up to you whether you want these controls. Comodo is not blocking you. You've chosen to block yourself. If you want Comodo to make the decisions then you'll have to accept regular hassles and warnings. Well, blow me. I've finally found it under File Rating/ File List. (Don't bludgeon me too severely. I know it sounds obvious now. (:- ) https://www.dropbox.com/s/m6lzmgglkr...-shot.jpg?dl=0 And (you'll notice) it is .... (wait for it) ... Trusted. I don't know if CFW/CIS creates and saves hash on the file to know it is the true file that it is whitelisting. If not, malware could subtitute itself in the same path using the same filename. Whitelisting by only the path to a file is not sufficient to protect against malware naming itself as the whitelisted file. You had mentioned using Firefox. It doesn't use inetcpl.cpl directly. It has its menu - Options - General: Network Settings dialog which is internal to Firefox. That is not a different representation of the Internet Options applet. Firefox duplicates the settings available in inetcpl.cpl under the Connections tab. Firefox may instigate a call to inetcpl.cpl when you configure it to "Use system proxy settings" but I don't see why that would happen when you were telling Firefox to purge its own cookies and erase its own history. Were you using Firefox itself to purge its cookies & history, or were you mistakeningly using inetcpl.cpl (Internet Options)? While Firefox will use many of the settings from Internet Options (well, the settings it puts in the registry), inetcpl.cpl does not flush cookies and history from any web browser other than Internet Explorer. For IE, that data is held in folder. For Firefox, that data is held in SQLite databases. So why, so why does it pause and ask me for permission to do its stuff? How were you flushing cookies and history in Firefox? inetcpl.cpl (Internet Options) won't touch cookies and history in Firefox, Google Chrome, Seamonkey, PaleMoon, Vivaldi, or any web browser other than Internet Explorer. When using Malwarebytes' AntiMalware (only as a 2nd opinion scanner, not its real-time scanner), it used to report several user-configurable settings as possible malware fingerprints. These were settings that I made myself in tweaking Windows but MBAM would report as suspicious. It can be hard when looking at what is going on in the system and check settings to know if a user did those or a tweaker or malware. Eventually MBAM removing firing on those tweaks as suspicious because LOTS of users were making the same tweaks. Could be CFW/CIS doesn't know if it is you running inetcpl.cpl or some kiddie-scripted malware running through that wizard, like to change to using a proxy employed by the malware to sniff your traffic or just kill your Internet connection. Some things the user can do is the same things malware may do. If you whitelisted inetcpl.cpl (yourself or it was in a trusted list), malware that scripts using that wizard could seriously affect your network configuration. This is why whitelisting is not really a sufficient means of preventing malware from running but allowing good programs to run. Good programs can be subourned. For example, winword.exe (MS Word) might be whitelisted because it a known and usually trustworthy program. However, malware can be macros within a document that Word will executed, especially if the user is foolish in changinge Word away from its security settings, like allowing macros to run without prompt. (BTW: I configure Word to *never* run macros because I never want anyone to send me a document that is scripted.) So Word is whitelisted/trusted because it is known but it could act maliciously if its security were diminished in its configuration or the user purposefully chose to allow an unknown macro to execute in a document sourced from an unknown source. By the way, there are multiple copies of the inetcpl.cpl file in your file system. If you run a file finder tool (e.g., Search Everything or FileLocator Lite), you'll find inetcpl.cpl in multiple folders. Did Comodo tell you the path to the inetcpl.cpl on which it alerted? Malware can be called anything. It might be in a different path than the legitimate file, so seeing "inetcpl.cpl" doesn't tell you from where that file got loaded. Also, malware can replaced a legitimate file. Just because it is listed in a trusted list or whitelist doesn't mean what is listed is what got ran. Hopefully CFW/CIS saves a hash on known good files, so maybe the inetcpl.cpl that it triggers on is not in the correct path or a different file with the same name. |
#15
|
|||
|
|||
inetcpl.cpl
VanguardLH wrote:
Ed Cryer wrote: Mayayana wrote: "Ed Cryer" wrote | | I can't find it in Comodo settings. | Not surprising. I looked at their settings online. One could spend until next Thursday figuring it all out. Like most other such programs these days, it grossly overproduced and tries to act as a nanny for all functions, being more intrusive, even, than the default lackey user settings. Here's one example of where such settings *could* be: https://help.comodo.com/topic-72-1-4...ed-files-.html It explains that there's a list of protected files and settings as part of their so-called "Comodo Internet Security". (Known as CIS to us insiders. If you're going to install something like Comodo and not thoroughly adjust all of the settings then you're asking it to not allow you to use your system. If you wear a hazmat suit to have sex then you shouldn't be surprised to find that it's slightly inconvenient and maybe not quite so much fun as it used to be. But on the bright side, you won't catch a cold from your lover. This is what I said in my first post: It's up to you whether you want these controls. Comodo is not blocking you. You've chosen to block yourself. If you want Comodo to make the decisions then you'll have to accept regular hassles and warnings. Well, blow me. I've finally found it under File Rating/ File List. (Don't bludgeon me too severely. I know it sounds obvious now. (:- ) https://www.dropbox.com/s/m6lzmgglkr...-shot.jpg?dl=0 And (you'll notice) it is .... (wait for it) ... Trusted. I don't know if CFW/CIS creates and saves hash on the file to know it is the true file that it is whitelisting. If not, malware could subtitute itself in the same path using the same filename. Whitelisting by only the path to a file is not sufficient to protect against malware naming itself as the whitelisted file. You had mentioned using Firefox. It doesn't use inetcpl.cpl directly. It has its menu - Options - General: Network Settings dialog which is internal to Firefox. That is not a different representation of the Internet Options applet. Firefox duplicates the settings available in inetcpl.cpl under the Connections tab. Firefox may instigate a call to inetcpl.cpl when you configure it to "Use system proxy settings" but I don't see why that would happen when you were telling Firefox to purge its own cookies and erase its own history. Were you using Firefox itself to purge its cookies & history, or were you mistakeningly using inetcpl.cpl (Internet Options)? While Firefox will use many of the settings from Internet Options (well, the settings it puts in the registry), inetcpl.cpl does not flush cookies and history from any web browser other than Internet Explorer. For IE, that data is held in folder. For Firefox, that data is held in SQLite databases. So why, so why does it pause and ask me for permission to do its stuff? How were you flushing cookies and history in Firefox? inetcpl.cpl (Internet Options) won't touch cookies and history in Firefox, Google Chrome, Seamonkey, PaleMoon, Vivaldi, or any web browser other than Internet Explorer. When using Malwarebytes' AntiMalware (only as a 2nd opinion scanner, not its real-time scanner), it used to report several user-configurable settings as possible malware fingerprints. These were settings that I made myself in tweaking Windows but MBAM would report as suspicious. It can be hard when looking at what is going on in the system and check settings to know if a user did those or a tweaker or malware. Eventually MBAM removing firing on those tweaks as suspicious because LOTS of users were making the same tweaks. Could be CFW/CIS doesn't know if it is you running inetcpl.cpl or some kiddie-scripted malware running through that wizard, like to change to using a proxy employed by the malware to sniff your traffic or just kill your Internet connection. Some things the user can do is the same things malware may do. If you whitelisted inetcpl.cpl (yourself or it was in a trusted list), malware that scripts using that wizard could seriously affect your network configuration. This is why whitelisting is not really a sufficient means of preventing malware from running but allowing good programs to run. Good programs can be subourned. For example, winword.exe (MS Word) might be whitelisted because it a known and usually trustworthy program. However, malware can be macros within a document that Word will executed, especially if the user is foolish in changinge Word away from its security settings, like allowing macros to run without prompt. (BTW: I configure Word to *never* run macros because I never want anyone to send me a document that is scripted.) So Word is whitelisted/trusted because it is known but it could act maliciously if its security were diminished in its configuration or the user purposefully chose to allow an unknown macro to execute in a document sourced from an unknown source. By the way, there are multiple copies of the inetcpl.cpl file in your file system. If you run a file finder tool (e.g., Search Everything or FileLocator Lite), you'll find inetcpl.cpl in multiple folders. Did Comodo tell you the path to the inetcpl.cpl on which it alerted? Malware can be called anything. It might be in a different path than the legitimate file, so seeing "inetcpl.cpl" doesn't tell you from where that file got loaded. Also, malware can replaced a legitimate file. Just because it is listed in a trusted list or whitelist doesn't mean what is listed is what got ran. Hopefully CFW/CIS saves a hash on known good files, so maybe the inetcpl.cpl that it triggers on is not in the correct path or a different file with the same name. I appreciate the time and concern you've given to this. And I'll give you what info I can. I clear Firefox weekly; Options/ Privacy & Security/ clear data cache, clear history. I use IE once in a blue moon, but clear it weekly for tidiness. I've been clearing through Control Panel, and always get the Comodo prompt. This is the *only* Comodo prompt I ever get. From now on I shall clear through IE itself. Mayayana discovered this difference, and I thank him. But I'm still not sure just why this happens. It appears that Comodo is listening to the Control Panel requests, but not IE ones. OK. I can live with that, but my inquiring mind leaves me with a nagging question of just why. Not that I suspect anything amiss, just simple curiosity. Ed |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|