Defnec Plus not intercepting execution of exe by chrome browser?

aigle · December 26, 2014, 2:10pm

Can any one confirm this behavior.

Windows 8.1. Comodo v8 latest

Defence Plus in safe mode

Go to this page via google chrome browser( not any other browser)

Press on download page and when Hijackthis.exe is downloaded click on it to launch it. HijackThis will be executed and no pop up alert from Comodo Defence Plus. If you execute HijackThis.exe via explorer, Defence Plus does give a pop up alert.

Is it some thing expected? Please reply. Note that I don’t get this behavior on XP with CIS v 5.

Thanks

SanyaIV · December 26, 2014, 2:20pm

The file launches without any pop-ups in both cases (chrome and explorer) for me - File is rated as “safe” in the cloud.

aigle · December 26, 2014, 2:31pm

Thanks for testing.

What is your OS and comodo version. Can you try in paranoid mode please?

Thanks

SanyaIV · December 26, 2014, 2:49pm

Windows 10 TP with CIS 8.0.4344

I’ll test paranoid.

Edit: With Paranoid I get alerts that chrome.exe is trying to launch HijackThis.exe and same alert for explorer.exe when trying to launch the file from there.

aigle · December 26, 2014, 2:52pm

I get this alert with safe mode but cloud is disabled. If I try via chrome, no pop up alert even with paranoid mode and application is launched.

[attachment deleted by admin]

SanyaIV · December 26, 2014, 2:55pm

Is it possible that chrome.exe is running with installer privileges?

aigle · December 26, 2014, 2:56pm

Seems something is not just right on my system. I am using EMET and Sandboxie as well. Confusing!!

aigle · December 26, 2014, 2:57pm

good idea. I need to check it.

aigle · December 26, 2014, 3:23pm

Chrome is not even trusted. Can you try my config. I uploaded my config file. Just rename it from a.txt to .cfgx.

Thanks

[attachment deleted by admin]

SanyaIV · December 26, 2014, 4:01pm

I imported and activated your config but I can still not replicate the issue, HijackThis.exe launched from chrome.exe gives alert, the same way if I launch it from explorer.exe

If it possible that you ran Chrome and then answered “Treat as > Installer/updater” but didn’t check “remember my answer”? To rule out that possibility, have you tried restarting the system?

aigle · December 26, 2014, 7:52pm

No, I tried it since few days many times. Seems something specific to my system. Any way, I am satisfied that it’s probably not some bug in CIS. BTW just want to sure did you tried it with chrome browser( just making sure that the browser used by you was chrome)?

Thannks

SanyaIV · December 26, 2014, 8:55pm

Yes, Google Chrome as in the one made and distributed by Google (i.e not Comodo Dragon)

aigle · December 26, 2014, 9:22pm

OK, thanks for your help. I will just leave it like this at the moment. Might investigate it further later on.
Thanks for taking time to test it for me.