Author Topic: Comodo Firewall with HIPS v10.2.0.6526 freezes trusted apps at their startup  (Read 261 times)

Offline Akon

  • Newbie
  • *
  • Posts: 24
I'm using Comodo Firewall v10.2.0.6526 with HIPS enabled, and just after installation and rules customizing all worked fine. But few days later I met the following issue: when a trusted app starts (app that is known to Comodo's database and marked as trusted in Comodo's File List; there are no explicit HIPS rules for such apps in my configuration) Comodo freezes it about 30 secs, i.e. the app don't appear on screen all that time. Second run of such app causes no delays. After a few days during the app was not using the issue appears again. When I turn off Comodo (close it with tray icon's menu), there is no delay at first run, so the problem relates Comodo.

Also, time-to-time Comodo's HIPS alerts appear about asking to allow/disable write operations to file system, but such alerts must not appear since the app is trusted and its operations must be allowed by default without asking.

I'm observing the issue on Windows 7 64-bits in several physical and virtual machines.

Any suggestions? Does Comodo Firewall v11 fix it?

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4333
Probably your connection to comodo cloud lookup service was unstable, and it waits for a response to get the file rating which is checked after a certain time period since the last time file was checked.

Quote
Also, time-to-time Comodo's HIPS alerts appear about asking to allow/disable write operations to file system, but such alerts must not appear since the app is trusted and its operations must be allowed by default without asking.
Did the alert say it was trusted? If not then the app in question may have lost its trusted status or you are running in paranoid mode. Also make sure you do not use create rules for safe applications as that will cause issues with rules being deleted after reboot.


Offline Akon

  • Newbie
  • *
  • Posts: 24
Unstable connection - it's very suitable explanation, and right now I investigated a bit to explore it - Comodo runs on on virtual machine (VirtualBox) and there is network connection enabled, but network connection is disabled on the host system, so Comodo sends network requests as usual, but never gets responces. In my settings "Enable Cloud Lookup (Recommended)" is disabled. Comodo app update and Comodo database update are also disabled.

Results:
1) When the system is not using for a few days (I restore a few days old shapshot to get such effect) Comodo starts with delay about 30 secs. or even more (i.e. I see Comodo tray icon after that time). Probably, Comodo tries to communicate with Comodo's servers for some reason, probably, wants to send telemetry, since checking for updates is disabled.
2) When I launch an app appeared as "Trusted" in Comodo's "File List", there is delay about 30 secs.
3) Both delays mentioned above do not appear in subsequent usages (e.g. after OS reboot, app second run), but will appear after a few days of inactivity, I think - at this time Comodo will try to communicate with the servers.

When I disable network connection in Comodo's system, so Comodo knows about network unreachability, there are no any delays.

Quirk of fate in my case that I initially used rule for "COMODO Internet Security" as "Blocked Application", and there were no delays (Comodo knew about impossibility to connect, no waiting), but then changed to "Outgoing Only" and delays appeared :)

About alerts: No, alert says it's unrecognized, but in the File List from Comodo's settings this file has trusted status, not unrecognized. I don't use creating rules for safe apps.

Probably, apps loose their trusted status somehow, but still shown as trusted in File List. Apps were not changed (their checksum still the same) as well as not renamed or moved to another paths, of course.
« Last Edit: October 07, 2018, 07:27:24 AM by Akon »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek