pdf24 Creator triggering firewall

[curiousd]

Hi.  I was using pdf24 for merging PDF's and got three notices from my Comodo (free) firewall.  pdf24 was trying to execute cmd_614354859_42388116088.json which in turn, tried to execute conhost.exe as well as tried to access the DNS/RPC Client Service.  I unplugged my Ethernet cable from my computer and disconnected any wireless connection and let the process go through.  The program completed the file merge suggesting that internet activity was not needed to complete the task.  I was wondering why the program might trigger the firewall warnings.  Thank you.

[Stefan Ziegler]

PDF24 Creator itself does not require the Internet, as the software processes files offline on the computer where the software is installed. So files do not leave your computer.

To execute the commands often run other apps that are included in PDF24.

Can you give more information about DNS service, more information about what Comodo displays information?

If you use PDF24 OCR, then it is so that the language files are loaded from the PDF24 download servers, because to deliver all the language files with would be too big. Here then the Internet is needed, but the actual OCR recognition then but runs locally on the PC.

When starting some apps it is also tried to access the internet, because some of the apps have such small banner areas that are loaded from the internet, but if there is no internet, then that is not bad, then this area simply can not be updated.

Update requests also need internet, but without internet the request doesn't go through and then updates aren't pointed out.

But the fact is that PDF24 Creator is our offline PDF solution, because not everyone can or may process files online.

[curiousd]

Thank you very much for the response.  I didn't know there was further details that came with these messages.  It seems that the firewall trigger is due to the generated json files.  Here are the messages from the firewall:

Message:  pdf24-Toolbox.exe is trying to execute cmd_7997296_2116800774.json
Details:  pdf24-Toolbox.exe is a safe application.  However, the executable cmd_7997296_2116800774.json could not be recognized.

Message: cmd_7997296_2116800774.json is trying to execute conhost.exe
Details: conhost is a safe executable.  However the parent application cmd_7997296_2116800774.json could not be recognized.  One the application is executed, its parent will have full control over its execution.  If cmd_7997296_2116800774.json is one of your everyday application, you can safely allow this request.

Message: cmd_7997296_2116800774.json is trying to access the DNS/RPC Client Service
Details: cmd_7997296_2116800774.json could not be recognized and it is about to access the DNS/RPC Client Service.  Windows DNS/RPC Client service allos applications to perform recursive network connections by using the Windows process svchost.exe.  If cmd_7997296_2116800774.json is one of your everyday applicaitons, you can safely allow this request.

After running the processes again, I noticed that each task is uniquely generated.  I have other JAVA based files that don't seem to trigger my firewall.  I am curious as to why these files are triggering the firewall.

I have the option to 1) allow, 2) treat as an installer or updater, 3) treat as a Windows System Application or 4) treat as a Contained Application.  I am not certain which to choose.  It seems like it is a Contained Application.  However, given the persistently changing file names for the json files created, I don't know if the firewall will be triggered every time I use pdf24 for features that generate a json file.

[Stefan Ziegler]

Please send the file cmd_7997296_2116800774.json to forum@pdf24.org so I can take a look at it. .json files are basically not executable files.

[curiousd]

That particular file is no longer in my computer.  It appears that each time I use a function that triggers the firewall, it generates a unique .json file that is triggering my firewall.  I traced the file to the folder C:/Users/[my computer user folder]/AppData/Local/Temp/PDF24.  Once the program stops, the file is automatically deleted.

I used Notepad to open another .json file that was created when I choose to edit a PDF.  This was the content:

{
"action": "listTrueTypeFonts",
"fontFilesDirs": [
"C:\\WINDOWS\\Fonts",
"C:\\Users\\[my computer user folder]\\AppData\\Local\\Microsoft\\Windows\\Fonts"
],
"outputFile": "C:\\Users\\[my computer user folder]\\AppData\\Local\\Temp\\PDF24\\fonts_0_25307609_897590633.json"
}

And for merging PDF files, the .json file produced has the following when I open the file with Notepad:

{
"action": "joinPdfs",
"inputFiles": [
"C:\\Users\\[my computer user folder]\\AppData\\Local\\Temp\\PDF24\\ebb_3_26047937_2846514222.pdf",
"C:\\Users\\[my computer user folder]\\AppData\\Local\\Temp\\PDF24\\ebb_4_26048031_340020885.pdf"
],
"outputFile": "C:\\Users\\[my computer user folder]\\AppData\\Local\\Temp\\PDF24\\mergePdf_5_26048078_3942879876.pdf"
}

Please note that I replaced my actual user folder name with "[my computer user folder]".

I'm not sure why these temporary .json files are triggering my firewall and I'm not sure how to classify these files to stop triggering the firewall (please refer to the options at the end of my last post).

Thank you for your continued assistance.

[curiousd]

Are the .json files opened by Notepad and included above sufficient or would you like the other file(s) sent to the email provided?

Thank you for your continued assistance.

[curiousd]

I have been in contact with the programmers from my firewall.  They had stated that their firewall did not recognize the .json files so it triggered the firewall.  They said that the files are safe and that they fixed it to prevent the firewall from triggering.  However, it continues to trigger the firewall.  I suspect that it is because the files are uniquely named.  At this point, it is a firewall issue.  My appreciation to you for trying to help, but it is not an issue with PDF24.  Thank you for this program.

On a side note, is there a way to directly access edit functions when in the reader?  Thanks again.

[Author]

Posts