Author Topic: Blocked Applications showing CIS blocking programs by HIPS and cannot unblock?  (Read 293 times)

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25476
Blocked Applications showing CIS blocking programs by HIPS in certain scenarios but cannot unblock?

Q: Blocked Applications shows HIPS reporting CIS blocking certain programs and unblocking fails. What does that mean?
A: CIS will protect its self by denying programs to access CIS processes in memory. It is part of its architecture since its conception as Comodo Firewall 3 back in 2006 and is and has always been logged in the HIPS logs. It is only in very rare cases that programs do not work properly when access to CIS processes in memory is denied; 99,999999% of the programs function without a glitch.


Q: When I try to unblock using Blocked Applications unblocking does not seem to work because I see programs getting blocked again. What does that mean?
A: Blocked Applications is simply not capable of unblocking memory access to CIS processes even though it offers this. I consider this a design flaw in Blocked Applications. Allowing programs memory access to CIS processes is possible but needs to be done deep in the UI in Advanced Settings.


Q: My programs are still working even though Blocked Applications says they are being blocked and unblocking is not working Why is that?
A: Only a very very tiny amount of programs requires access to CIS processes in memory; 99,999999% of the programs function properly without being allowed access to CIS processes in memory. I see it as a case of bad programming practices when programs needs this type of access. From a security point of view allowing memory access to CIS processes is a security risk. Hence why we rarely advice to allow this.


Q: This seems to happen or happen more since updating to Windows 10 May Update (1903). Why is that?
A: Currently there is a bug where CIS will log memory access by 32 bits applications when there actually is no memory access happening.


In a nutshell:
  • 99,999999% of the programs will work when access to CIS processes in memory is denied
  • Memory access has always been logged in the background in the HIPS logs
  • Blocked Applications brings memory access to the front which worries people
  • Blocked application offers to unblock the blocking of memory access but can not deliver; that's a design flaw and causes people to worry even more
  • 99,999999% of the programs work without getting access to CIS processes in memory
  • Even though Blocked Application fails to allow memory access to CIS processes programs will work normally

In the end this is just a storm in a tea cup because of a usability issue. Programs will continue to function normally and there is no security risk. People get worried and think something is wrong even though programs are functioning normally and get freaked out when unblocking is not working.

The confusion shows that the decision to let Blocked Applications log memory access was a big mistake. Memory access should only be logged in the background in the HIPS logs only as it always has been. Information about memory access to CIS processes is only needed for 0,000001% of the programs.
« Last Edit: June 10, 2019, 08:33:17 AM by futuretech »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek