Hi all,
As we always say CIS is not dead. Development plans are still going on.
We have already confirmed and provided these
list of current bugs to the developers and few bugs are already fixed & yet to be released. Among them we couldn't reproduce 6 issues, but still they were brought to developers notice.
6. Embedded-code detection for misexec.exe does not work so msiexec.exe /I <URL to msi packaage> will not be detected.
13. Infinite loop of cloud scanner detection when executing an application that is detected by cloud scanner file lookup. Choosing clean or any of the ignore options will still bring up the alert and you can't do anything else unless you hard shutdown the system.
17. AV still scans executable files even when the executable is listed under scan exclusions.
19. Network zone or firewall rules using a host name is unusable as the firewall will use all IP addresses in range from lowest resolved IP to highest resolved IP, instead of just the IP's belonging to the domain. e.g. <IPV4 Name="yahoo.com" AddrType="16" AddrEnd="98.137.11.164" AddrStart="74.6.143.25"/>. So every IP address within that range will be blocked if you created a block rule based on host name type or used blocked network zones with host name type. However in the registry there is another value called Addrs that does contain a list of IP addresses that do pertain to the domain. But it seems it is not used yet?
21. HIPS rules using environment variables are not handled correctly as alerts will still be shown for applications that already have rules in place. One example is using paranoid mode and still getting alerts for svchost.exe and from explorer.exe to access keyboard despite rules already set to allow. Another example which is kind of related to bug 8. listed previously, using paranoid mode while executing applications on removable media or mounted volumes. When explorer HIPS file path rule is defined using the environmental variable %windir% (default HIPS rule), HIPS will always ask to execute the same application. Changing the HIPS rule path to C:\Windows does not alert again.
39. Firewall blocks outgoing connection requests for trusted applications at system startup if they attempt network access before CIS UI is loaded(cis tray and alerts UI processes) causing many blocked events in the firewall log for those trusted rated applications.
So, Could you please provide us the related forum link or step to reproduce of above mentioned 6 issues for further investigation.
11. Firefox and IE a blank page is shown instead of the Comodo block page when blocking/asking for HTTPS URLs.
And the issue no-11 won't be fixed as the developer has said that there is no way to show block page for https url ,because it is encrypted and we can only block it.
Thanks
C.O.M.O.D.O RT