Author Topic: HIPS keeps blocking Unlocker by Empty Loop  (Read 559 times)

Offline Bucic

  • Comodo's Hero
  • *****
  • Posts: 236
HIPS keeps blocking Unlocker by Empty Loop
« on: February 16, 2019, 01:17:36 PM »
I selected 'Ublock' multiple times but Comodo insists on blocking Unlocker.exe. I've checked in the properties and Comodo has this file rated as trusted, with a green tick mark.

Offline Metheni

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 708
Re: HIPS keeps blocking Unlocker by Empty Loop
« Reply #1 on: February 18, 2019, 07:22:27 AM »
Hi Bucic,

Can you please provide us with some more details, like

Download link of the Unlocker and the screenshot of file detection.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4380
Re: HIPS keeps blocking Unlocker by Empty Loop
« Reply #2 on: February 18, 2019, 01:51:48 PM »
You need to check the HIPS event logs to see why it is being blocked.

Offline Bucic

  • Comodo's Hero
  • *****
  • Posts: 236
Re: HIPS keeps blocking Unlocker by Empty Loop
« Reply #3 on: February 20, 2019, 03:50:14 PM »
Here's the source you can get the official installer from
http://www.emptyloop.com/unlocker/

Here's my install (archived)
https://1drv.ms/f/s!AvyUQyNGJs9mkcZtklJx_GNWBN1ZYw


You need to check the HIPS event logs to see why it is being blocked.
The log doesn't contain anything useful on Unlocker apart from "Action - Access Memory".

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4380
Re: HIPS keeps blocking Unlocker by Empty Loop
« Reply #4 on: February 20, 2019, 04:05:49 PM »
Here's the source you can get the official installer from
http://www.emptyloop.com/unlocker/

Here's my install (archived)
https://1drv.ms/f/s!AvyUQyNGJs9mkcZtklJx_GNWBN1ZYw

The log doesn't contain anything useful on Unlocker apart from "Action - Access Memory".
Yeah it is trying to access CIS processes in memory which CIS doesn't allow. You're not noticing any issues apart from looking at unblock applications task.

Offline Bucic

  • Comodo's Hero
  • *****
  • Posts: 236
Re: HIPS keeps blocking Unlocker by Empty Loop
« Reply #5 on: February 20, 2019, 04:08:03 PM »
Yeah it is trying to access CIS processes in memory which CIS doesn't allow. You're not noticing any issues apart from looking at unblock applications task.
I don't believe so, but Unlocker is pretty cumbersome in usage and I would like to eliminate the extra variable (i.e. CIS) from the equation.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4380
Re: HIPS keeps blocking Unlocker by Empty Loop
« Reply #6 on: February 20, 2019, 04:54:54 PM »
You didn't look at the HIPS event log fully to see that the target application for access memory is one of Comodo processes. You can edit the CIS file group HIPS rule and allow unlocker in protection settings for inter-process memory access, but it is not recommended to allow applications to access CIS processes in memory.

Offline Bucic

  • Comodo's Hero
  • *****
  • Posts: 236
Re: HIPS keeps blocking Unlocker by Empty Loop
« Reply #7 on: February 20, 2019, 05:43:07 PM »
Oddly enough, I missed the "Target" colum content.
Nah, I'll pass. I prefer to wait for the Unlocker's potential flop and I'll go from there. Thanks.

I'm not an expert on the matters but isn't the explanation of the whole issue, well, obvious? Unlocker probably attempts to access CIS memory bits in the process of what it is intended to do - that is checking for processes who have active access to files. Am I right?

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25612
Re: HIPS keeps blocking Unlocker by Empty Loop
« Reply #8 on: February 21, 2019, 10:40:09 AM »
Unlocker asking memory access is not an uncommon technique used by both legitimate and malicious executables. CIS protects its own processes against memory access to prevent malware shutting down processes from CIS. In case an executable is being used by CIS it will prevent unlocker from unlocking or deleting that file.

Offline Bucic

  • Comodo's Hero
  • *****
  • Posts: 236
Re: HIPS keeps blocking Unlocker by Empty Loop
« Reply #9 on: February 21, 2019, 01:10:44 PM »
Unlocker asking memory access is not an uncommon technique used by both legitimate and malicious executables. CIS protects its own processes against memory access to prevent malware shutting down processes from CIS. In case an executable is being used by CIS it will prevent unlocker from unlocking or deleting that file.
I see. Thank you for the explanation.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek