Author Topic: Blocked by HIPS (Where are the details?)  (Read 532 times)

Offline datadog

  • Newbie
  • *
  • Posts: 2
Blocked by HIPS (Where are the details?)
« on: August 16, 2018, 03:38:20 AM »
Hello and thank you for taking the time to read this post. I'm looking for a way to learn more about why a particular program and/or its access was blocked by HIPS. There is a particular application that is giving a log in the Blocked Applications list and says it is blocked by HIPS, but I can't figure out specifics as to what triggered the block. Is there a way to find this information?

EDIT: I've found the Event Logs that provide what type of action was blocked. If anyone knows of a method of extracting more detailed information than this, It would be much appreciated.

Thank you for your time and consideration.
« Last Edit: August 16, 2018, 04:01:16 AM by datadog »

Offline UKSecurity

  • Comodo Member
  • **
  • Posts: 33
Re: Blocked by HIPS (Where are the details?)
« Reply #1 on: August 31, 2018, 05:11:59 PM »
I'm also confused about all those things that COMODO team think we should not know. CIS gives too little info. For example I have a lot of apps automatically marked as unrecognized or blocked, even COMODO's own files get into those lists, a lot of licensed software is also among unrecognized. And I don't even know what that means for the app to be unrecognized, what are the limitations. And I can't find info on that.
« Last Edit: August 31, 2018, 05:23:56 PM by UKSecurity »

Offline aweir14150

  • Comodo's Hero
  • *****
  • Posts: 425
Re: Blocked by HIPS (Where are the details?)
« Reply #2 on: September 01, 2018, 06:32:49 PM »
I'm also confused about all those things that COMODO team think we should not know. CIS gives too little info. For example I have a lot of apps automatically marked as unrecognized or blocked, even COMODO's own files get into those lists, a lot of licensed software is also among unrecognized. And I don't even know what that means for the app to be unrecognized, what are the limitations. And I can't find info on that.

It means the author of the program is not in the trusted vendors list.


Offline aweir14150

  • Comodo's Hero
  • *****
  • Posts: 425
Re: Blocked by HIPS (Where are the details?)
« Reply #3 on: September 01, 2018, 06:37:49 PM »
Hello and thank you for taking the time to read this post. I'm looking for a way to learn more about why a particular program and/or its access was blocked by HIPS. There is a particular application that is giving a log in the Blocked Applications list and says it is blocked by HIPS, but I can't figure out specifics as to what triggered the block. Is there a way to find this information?

EDIT: I've found the Event Logs that provide what type of action was blocked. If anyone knows of a method of extracting more detailed information than this, It would be much appreciated.

Thank you for your time and consideration.
In HIPS setting do you have "do not show popup alert: block all requests" turned on?
 In the General Setting>Logging, did you also enable Write to Windows event log? If you do that do you get better alerts?

Offline UKSecurity

  • Comodo Member
  • **
  • Posts: 33
Re: Blocked by HIPS (Where are the details?)
« Reply #4 on: September 02, 2018, 05:35:19 AM »
It means the author of the program is not in the trusted vendors list.

It is in Trusted. Comodo is a trusted vendor, Microsoft too, but their files are unrecognized sometimes though there are vendor signatures.

Offline PremJK

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 501
  • Live and Let Live
Re: Blocked by HIPS (Where are the details?)
« Reply #5 on: September 03, 2018, 07:04:49 AM »
Hi,

We are working on the Unrecognize issue and you can expect fix in upcoming release.
Meanwhile, you can try this CIS 11.0.0.6644 - BETA and provide feedback.

Kind Regards,
PremJK

Offline UKSecurity

  • Comodo Member
  • **
  • Posts: 33
Re: Blocked by HIPS (Where are the details?)
« Reply #6 on: September 03, 2018, 11:21:58 AM »
Hi,

We are working on the Unrecognize issue and you can expect fix in upcoming release.
Meanwhile, you can try this CIS 11.0.0.6644 - BETA and provide feedback.

Kind Regards,
PremJK

Can you look at my question about blocking apps from reading files? I'm confused about containing apps

Offline PremJK

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 501
  • Live and Let Live
Re: Blocked by HIPS (Where are the details?)
« Reply #7 on: September 04, 2018, 03:54:50 AM »
Hi UKSecurity,

How do I prevent reading these files? I don't want these files to be sent to the internet by any service or app.

Files and folders that are added to 'Protected Data folders' are totally hidden to contained programs. If you want to totally conceal a data file from all the contained programs but allow read/write access by other known/trusted programs, then add it to 'Protected Data Folders'.

For more understanding, please refer the help guide from here.

Kind Regards,
PremJK

Offline UKSecurity

  • Comodo Member
  • **
  • Posts: 33
Re: Blocked by HIPS (Where are the details?)
« Reply #8 on: September 04, 2018, 03:49:11 PM »
Hi UKSecurity,

Files and folders that are added to 'Protected Data folders' are totally hidden to contained programs. If you want to totally conceal a data file from all the contained programs but allow read/write access by other known/trusted programs, then add it to 'Protected Data Folders'.

I know how to add files to protected data. But when you add an app to containment list, there are two containment options - "Run virtually" and "Run restricted". Which one should I use to block access to protected data but allow update activity online? Can you point me directly to the info that answers this question? Because when I read comodo help, it gives some very simple basic info but does not dig to details and for me it just creates more questions than answers.
Another question, unrecognized apps. Does it mean these apps are blocked from reading protected data? Are they blocked even from reading protected folders/files? Why unrecognized apps sometimes have orange question mark, sometimes grey?
« Last Edit: September 04, 2018, 03:54:51 PM by UKSecurity »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek