Author Topic: Blocks its own Secure Shopping csssrv64.exe  (Read 656 times)

Offline Bucic

  • Comodo's Hero
  • *****
  • Posts: 232
Blocks its own Secure Shopping csssrv64.exe
« on: May 27, 2019, 05:17:10 PM »
I've noticed it occasionally.

Latest Comodo. Windows 7 x64.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4333
Re: Blocks its own Secure Shopping csssrv64.exe
« Reply #1 on: May 27, 2019, 05:19:34 PM »
You need to be more specific by what you mean by blocking and you have to check the logs.

Offline Bucic

  • Comodo's Hero
  • *****
  • Posts: 232
Re: Blocks its own Secure Shopping csssrv64.exe
« Reply #2 on: May 28, 2019, 05:22:29 AM »
You need to be more specific by what you mean by blocking and you have to check the logs.
It was blocked by the Firewall module. Sorry, forgot to include that imperative bit of information. It happens every week or so. Since the upgrade to v12. If you need any more information, please state what additional information is required, specifically.

Offline Mathi R

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 149
Re: Blocks its own Secure Shopping csssrv64.exe
« Reply #3 on: May 28, 2019, 11:17:14 AM »
Hi Bucic,

Could you please check your Inbox for private message and provide the requested logs.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25575
Re: Blocks its own Secure Shopping csssrv64.exe
« Reply #4 on: May 28, 2019, 12:28:31 PM »
It was blocked by the Firewall module. Sorry, forgot to include that imperative bit of information. It happens every week or so. Since the upgrade to v12. If you need any more information, please state what additional information is required, specifically.
Did you look at and click at  Blocked Applications in the main screen of CIS? That is not the most informative function. Could you look at the HIPS and/or Containment logs? They precisely report the event. That is the information we need. Could you post a screenshot of the logs here?

I find the Blocked Applications function useless. It is not precise enough sending users on a wild goose chase.

Offline Bucic

  • Comodo's Hero
  • *****
  • Posts: 232
Re: Blocks its own Secure Shopping csssrv64.exe
« Reply #5 on: May 30, 2019, 07:08:49 PM »
I've PM-ed an auto-generated log pack (from cisreporttool.exe) to Mathi R.

I would also like to add that CIS started to block all kinds of valid stuff on my system. Steam, nVidia updater, multiple own CIS modules (blocked by firewall), ArmA3.exe. It got bad since the spring and it's getting worse.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4333
Re: Blocks its own Secure Shopping csssrv64.exe
« Reply #6 on: May 30, 2019, 07:34:12 PM »
I've PM-ed an auto-generated log pack (from cisreporttool.exe) to Mathi R.

I would also like to add that CIS started to block all kinds of valid stuff on my system. Steam, nVidia updater, multiple own CIS modules (blocked by firewall), ArmA3.exe. It got bad since the spring and it's getting worse.
Probably legitimate blocking of interprocess memory access of CIS processes, you can ignore it as it is part of self protection of HIPS blocking applications trying to access memory of CIS. The firewall blocking can be caused by rules set to block, so you need to make sure your rules are set correctly. Again without seeing the actual blocked events in the log it can't be determined the cause of the blocking.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25575
Re: Blocks its own Secure Shopping csssrv64.exe
« Reply #7 on: May 30, 2019, 07:53:00 PM »
Bucic, could you post a screenshot of the HIPS logs showing what was blocked? It is most likely what futuretech thinks it is. Only the HIPS logs show the exact nature of what was blocked. Without knowing what is in the HIPS logs there is no way of knowing if we are looking at a legitimate action or not.

Blocked Applications will also log when CIS is blocking interprocess memory access to its processes. This is a regular act and part of the self protection of CIS. Blocked Applications will log this. This will create confusion because users may think something is wrong where CIS is simply doing what it is supposed to do.

Please post a screenshot of the HIPS logs.

Offline Bucic

  • Comodo's Hero
  • *****
  • Posts: 232
Re: Blocks its own Secure Shopping csssrv64.exe
« Reply #8 on: May 31, 2019, 03:31:08 AM »
I'm a bit confused here. I've uploaded a 15 MB worth of diagnostics data generated by the official tool and you still need screenshots? :D OK, OK. I'm going to upload some shots in 8 to 24 hours.

Offline Mathi R

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 149
Re: Blocks its own Secure Shopping csssrv64.exe
« Reply #9 on: May 31, 2019, 05:32:38 AM »
I've PM-ed an auto-generated log pack (from cisreporttool.exe) to Mathi R.

I would also like to add that CIS started to block all kinds of valid stuff on my system. Steam, nVidia updater, multiple own CIS modules (blocked by firewall), ArmA3.exe. It got bad since the spring and it's getting worse.

Hi Bucic,

Thanks for  providing the log, our developers are working on it.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25575
Re: Blocks its own Secure Shopping csssrv64.exe
« Reply #10 on: May 31, 2019, 09:12:06 AM »
I'm a bit confused here. I've uploaded a 15 MB worth of diagnostics data generated by the official tool and you still need screenshots? :D OK, OK. I'm going to upload some shots in 8 to 24 hours.
We are usually not in contact with Comodo Staff only on an incidental basis hence why we ask for HIPS logs to learn more about what is happening. That way you and other users may learn what is going on. Blocked Applications as a concept is not thought through enough and tends to create confusion or make users think CIS is at fault.

Staff people do a wonderful job acquiring information for Comodo but their interventions disrupt the course of topics.

It is important that topics related to Blocked Applications reflect the discrepancies between the HIPS logs which log extensively and the logs created by Blocked Applications which informative value is limited. People will then understand the limited value of using Blocked Applications and how it can confuse them.

I am looking forward to see the logs.

Offline Bucic

  • Comodo's Hero
  • *****
  • Posts: 232
Re: Blocks its own Secure Shopping csssrv64.exe
« Reply #11 on: May 31, 2019, 03:56:03 PM »
We are usually not in contact with Comodo Staff only on an incidental basis hence why we ask for HIPS logs to learn more about what is happening. That way you and other users may learn what is going on. Blocked Applications as a concept is not thought through enough and tends to create confusion or make users think CIS is at fault.

Staff people do a wonderful job acquiring information for Comodo but their interventions disrupt the course of topics.

It is important that topics related to Blocked Applications reflect the discrepancies between the HIPS logs which log extensively and the logs created by Blocked Applications which informative value is limited. People will then understand the limited value of using Blocked Applications and how it can confuse them.

I am looking forward to see the logs.
I see. I wasn't being grumpy or anything, it was a genuine question.

Here are the screenshots.
https://1drv.ms/f/s!AvyUQyNGJs9mkdt-WNIQcs-tg92NIg
Yes, in the last 24 hours or so I used Silent Mode extensively plus lots of disabled modules but believe me - I've witnessed what I'm reporting in a clean comodo configuration, no Silent Mode, no modules disabled.

EDIT:
More shots added. There should be 15 in total as of now. I've included some shots from settings. Rules, other areas of interest. I barely customized anything and I believe close to 100% of my rules were created via answering the default popups that CIS generates.
« Last Edit: May 31, 2019, 04:13:43 PM by Bucic »

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25575
Re: Blocks its own Secure Shopping csssrv64.exe
« Reply #12 on: May 31, 2019, 07:35:45 PM »
Thank you for the logs. The HIPS logs show interprocess memory access to CIS files getting blocked. That is normal, it is CIS protecting its self. Not getting interprocess memory does not influence functionality of programs; only in very rare cases it breaks the functionality of a program.

In this case there is not a problem with the blocking. Blocked Applications however shows the blocks and offer the possibility to unblock. First of all users may get worried because a legit program apparently gets blocked. Then Blocked Applications offers to unblock but in the case of interprocess memory access it is not capable of providing that. That can only be done manually and  deeper in the UI.


Offline Bucic

  • Comodo's Hero
  • *****
  • Posts: 232
Re: Blocks its own Secure Shopping csssrv64.exe
« Reply #13 on: June 01, 2019, 06:30:25 AM »
Thank you for the logs. The HIPS logs show interprocess memory access to CIS files getting blocked. That is normal, it is CIS protecting its self. Not getting interprocess memory does not influence functionality of programs; only in very rare cases it breaks the functionality of a program.

In this case there is not a problem with the blocking. Blocked Applications however shows the blocks and offer the possibility to unblock. First of all users may get worried because a legit program apparently gets blocked. Then Blocked Applications offers to unblock but in the case of interprocess memory access it is not capable of providing that. That can only be done manually and  deeper in the UI.


So basically it's a usability issue... OK. Speaking of which. Is there an active thread somewhere on moving away from the main philosophy of COMOD user experience, i.e. "let's expose every single module to the user, separately, and force him to play a tag game"?

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25575
Re: Blocks its own Secure Shopping csssrv64.exe
« Reply #14 on: June 01, 2019, 01:50:43 PM »
Could you elaborate on what you mean with "let's expose every single module to the user, separately, and force him to play a tag game"?

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek