Author Topic: Exclude WSL from AutoContainment  (Read 352 times)

Offline rabievdm

  • Newbie
  • *
  • Posts: 4
Exclude WSL from AutoContainment
« on: January 03, 2019, 02:48:26 PM »
I have previously posted a question on excluding Ubuntu 14.04 under HIPS which I got help for.
In a nutshell, create a WSL File Group, add the relevant path and that all worked.

Now I have installed Ubuntu 18.04 and items like apt update either fails to work or is very very slow.
Debugging the issue I found that now auto containment sandboxes the various executable, so I created an ignore rule for the WSL file group (which I still log)
Now it works a little better, but is still extremely slow, checking the logs I see containment logs being generate and the files are now set to ignore however most of the files comes up as unknown.
If I then disable auto containment then it runs very fast, if I enable it again then it slow down dramatically.
So now my question is how do I get the files excluded from auto containment to stop (what I suspect is my issue) from being checked for their reputation?
*Updated* If I disable "Enable Cloud Lookup" whilst Containment is still enabled then apt update flies, so I need to find a way or getting WSL not checked against the cloud. (I have set dpkg to trusted, but it keeps on thinking that it's untrusted)

CIS 11.0.0.6728
Windows 1803 (build 17134.472)
Ubuntu Linux 18.04 (from the MS Store)
« Last Edit: January 03, 2019, 02:52:05 PM by rabievdm »

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4309
Re: Exclude WSL from AutoContainment
« Reply #1 on: January 04, 2019, 09:26:25 AM »
Try setting all WSL binaries in the file list to trusted manually, you may have to change show files to all types.

Offline rabievdm

  • Newbie
  • *
  • Posts: 4
Re: Exclude WSL from AutoContainment
« Reply #2 on: January 05, 2019, 09:55:28 AM »
I have tried that as well, but as mentioned in the first post the one binary dpkg keeps coming up as unstrusted even thought it listed.
If I browse for and try and add it by hand CIS says that the entry already exists.
I have also confirmed that it's not a link on the filesystem.

Offline mydexterid

  • Newbie
  • *
  • Posts: 9
Re: Exclude WSL from AutoContainment
« Reply #3 on: March 03, 2019, 12:24:01 PM »
Exactly same issue here. I almost created a new topic on this.

Also the soultion of creating a file group manually with all the WSL files is tedious. Isn't there a better way? I mean, can I add whole canonical folder and have all things in it added recursively?

Turning off "Enable Cloud Lookup" or turning off Auto-Contaiment itself does solve the slowdown issue for me too.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4309
Re: Exclude WSL from AutoContainment
« Reply #4 on: March 03, 2019, 12:42:24 PM »
If you read the help on using the file group you will notice you can add either files or folders to the group.

Offline mydexterid

  • Newbie
  • *
  • Posts: 9
Re: Exclude WSL from AutoContainment
« Reply #5 on: March 03, 2019, 12:51:14 PM »
The word "recur" is completely missing on the linked site. Let me repeat my question:

"can I add whole canonical folder and have all things in it added recursively?"

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4309
Re: Exclude WSL from AutoContainment
« Reply #6 on: March 03, 2019, 01:03:34 PM »
Yes when you add a folder, all files including those in sub-folders are part of that file group, that is what the wildcard character * means when it is appended to a file path.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek