Author Topic: List of current bugs discussion  (Read 17202 times)

Online C.O.M.O.D.O RT

  • Comodo Staff
  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 922
Re: List of current bugs discussion
« Reply #120 on: August 15, 2022, 04:21:32 AM »
Hi all,

As we always say CIS is not dead. Development plans are still going on.
We have already confirmed and provided these list of current bugs to the developers and few bugs are already fixed & yet to be released. Among them we couldn't reproduce 6 issues, but still they were brought to developers notice.
6. Embedded-code detection for misexec.exe does not work so msiexec.exe /I <URL to msi packaage> will not be detected.
13. Infinite loop of cloud scanner detection when executing an application that is detected by cloud scanner file lookup. Choosing clean or any of the ignore options will still bring up the alert and you can't do anything else unless you hard shutdown the system.
17. AV still scans executable files even when the executable is listed under scan exclusions.
19. Network zone or firewall rules using a host name is unusable as the firewall will use all IP addresses in range from lowest resolved IP to highest resolved IP, instead of just the IP's belonging to the domain. e.g. <IPV4 Name="yahoo.com" AddrType="16" AddrEnd="98.137.11.164" AddrStart="74.6.143.25"/>. So every IP address within that range will be blocked if you created a block rule based on host name type or used blocked network zones with host name type. However in the registry there is another value called Addrs that does contain a list of IP addresses that do pertain to the domain. But it seems it is not used yet?
21. HIPS rules using environment variables are not handled correctly as alerts will still be shown for applications that already have rules in place. One example is using paranoid mode and still getting alerts for svchost.exe and from explorer.exe to access keyboard despite rules already set to allow. Another example which is kind of related to bug 8. listed previously, using paranoid mode while executing applications on removable media or mounted volumes. When explorer HIPS file path rule is defined using the environmental variable %windir% (default HIPS rule), HIPS will always ask to execute the same application. Changing the HIPS rule path to C:\Windows does not alert again.
39. Firewall blocks outgoing connection requests for trusted applications at system startup if they attempt network access before CIS UI is loaded(cis tray and alerts UI processes) causing many blocked events in the firewall log for those trusted rated applications.
So, Could you please provide us the related forum link or step to reproduce of above mentioned 6 issues for further investigation.
Quote
11. Firefox and IE a blank page is shown instead of the Comodo block page when blocking/asking for HTTPS URLs.
And the issue no-11 won't be fixed as the developer has said that there is no way to show block page for https url ,because it is encrypted and we can only block it.

Thanks
C.O.M.O.D.O RT

Offline ZorKas

  • Comodo's Hero
  • *****
  • Posts: 2228
Re: List of current bugs discussion
« Reply #121 on: August 15, 2022, 04:54:35 AM »
Hi,

Many thanks to the whole team  (:CLP)

Windows 10 Pro x64 21H2 Build 19044.2075 - Windows 11 Pro x64 21H2 Build 22000.1042 - Linux Emmabuntus x64 ED4 - Comodo CIS Pro v.12.2.2.8012

Offline prodex

  • Comodo's Hero
  • *****
  • Posts: 629
Re: List of current bugs discussion
« Reply #122 on: August 15, 2022, 06:50:56 AM »
The list with bugs is closed.

Quote
https://github.com/advisories/GHSA-jx54-6487-2fhh

 Published on 22 Jun ? Updated on 29 Jun

Comodo Antivirus 12.2.2.8012 has a quarantine flaw

Description
Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder.

Offline victorlopes

  • Comodo Loves me
  • ****
  • Posts: 121
Re: List of current bugs discussion
« Reply #123 on: August 15, 2022, 05:04:01 PM »
Hi all,

As we always say CIS is not dead. Development plans are still going on.
We have already confirmed and provided these list of current bugs to the developers and few bugs are already fixed & yet to be released. Among them we couldn't reproduce 6 issues, but still they were brought to developers notice.
6. Embedded-code detection for misexec.exe does not work so msiexec.exe /I <URL to msi packaage> will not be detected.
13. Infinite loop of cloud scanner detection when executing an application that is detected by cloud scanner file lookup. Choosing clean or any of the ignore options will still bring up the alert and you can't do anything else unless you hard shutdown the system.
17. AV still scans executable files even when the executable is listed under scan exclusions.
19. Network zone or firewall rules using a host name is unusable as the firewall will use all IP addresses in range from lowest resolved IP to highest resolved IP, instead of just the IP's belonging to the domain. e.g. <IPV4 Name="yahoo.com" AddrType="16" AddrEnd="98.137.11.164" AddrStart="74.6.143.25"/>. So every IP address within that range will be blocked if you created a block rule based on host name type or used blocked network zones with host name type. However in the registry there is another value called Addrs that does contain a list of IP addresses that do pertain to the domain. But it seems it is not used yet?
21. HIPS rules using environment variables are not handled correctly as alerts will still be shown for applications that already have rules in place. One example is using paranoid mode and still getting alerts for svchost.exe and from explorer.exe to access keyboard despite rules already set to allow. Another example which is kind of related to bug 8. listed previously, using paranoid mode while executing applications on removable media or mounted volumes. When explorer HIPS file path rule is defined using the environmental variable %windir% (default HIPS rule), HIPS will always ask to execute the same application. Changing the HIPS rule path to C:\Windows does not alert again.
39. Firewall blocks outgoing connection requests for trusted applications at system startup if they attempt network access before CIS UI is loaded(cis tray and alerts UI processes) causing many blocked events in the firewall log for those trusted rated applications.
So, Could you please provide us the related forum link or step to reproduce of above mentioned 6 issues for further investigation.And the issue no-11 won't be fixed as the developer has said that there is no way to show block page for https url ,because it is encrypted and we can only block it.

Thanks
C.O.M.O.D.O RT

this is really good to know but please, dont take me wrong and dont be sad about it but this kind of answers we are getting for atleast 1 year. I understand many things and I will stay quit, waiting for things to show up, but then again, say that development is kicking is not enough to make us relaxed :)

anyway, thank you for be here, always, trying to bring some info, even if not news, but still, youre trying to do your best with what they bring to you. so thank you.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5358
Re: List of current bugs discussion
« Reply #124 on: August 20, 2022, 11:31:05 AM »
Hi all,

As we always say CIS is not dead. Development plans are still going on.
We have already confirmed and provided these list of current bugs to the developers and few bugs are already fixed & yet to be released. Among them we couldn't reproduce 6 issues, but still they were brought to developers notice.
6. Embedded-code detection for misexec.exe does not work so msiexec.exe /I <URL to msi packaage> will not be detected.
13. Infinite loop of cloud scanner detection when executing an application that is detected by cloud scanner file lookup. Choosing clean or any of the ignore options will still bring up the alert and you can't do anything else unless you hard shutdown the system.
17. AV still scans executable files even when the executable is listed under scan exclusions.
19. Network zone or firewall rules using a host name is unusable as the firewall will use all IP addresses in range from lowest resolved IP to highest resolved IP, instead of just the IP's belonging to the domain. e.g. <IPV4 Name="yahoo.com" AddrType="16" AddrEnd="98.137.11.164" AddrStart="74.6.143.25"/>. So every IP address within that range will be blocked if you created a block rule based on host name type or used blocked network zones with host name type. However in the registry there is another value called Addrs that does contain a list of IP addresses that do pertain to the domain. But it seems it is not used yet?
21. HIPS rules using environment variables are not handled correctly as alerts will still be shown for applications that already have rules in place. One example is using paranoid mode and still getting alerts for svchost.exe and from explorer.exe to access keyboard despite rules already set to allow. Another example which is kind of related to bug 8. listed previously, using paranoid mode while executing applications on removable media or mounted volumes. When explorer HIPS file path rule is defined using the environmental variable %windir% (default HIPS rule), HIPS will always ask to execute the same application. Changing the HIPS rule path to C:\Windows does not alert again.
39. Firewall blocks outgoing connection requests for trusted applications at system startup if they attempt network access before CIS UI is loaded(cis tray and alerts UI processes) causing many blocked events in the firewall log for those trusted rated applications.
So, Could you please provide us the related forum link or step to reproduce of above mentioned 6 issues for further investigation.And the issue no-11 won't be fixed as the developer has said that there is no way to show block page for https url ,because it is encrypted and we can only block it.

Thanks
C.O.M.O.D.O RT
6. enable embedded code detection for msiexec and open a command or powershell prompt, then enter msiexec.exe /i url to msi package e.g. https://d3.7-zip.org/a/7z2201-x64.msi

13. install firewall only, switch to proactive configuration, disable auto-continment, and run pchunter.

17. add all applications file group to av scan exclusions, open procmon and filter on cavwp.exe file system activity, execute any application and watch cavwp perform file i/o on exe file.

19. added bug report topic.

Online C.O.M.O.D.O RT

  • Comodo Staff
  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 922
Re: List of current bugs discussion
« Reply #125 on: August 21, 2022, 06:29:58 AM »
6. enable embedded code detection for msiexec and open a command or powershell prompt, then enter msiexec.exe /i url to msi package e.g. https://d3.7-zip.org/a/7z2201-x64.msi

13. install firewall only, switch to proactive configuration, disable auto-continment, and run pchunter.

17. add all applications file group to av scan exclusions, open procmon and filter on cavwp.exe file system activity, execute any application and watch cavwp perform file i/o on exe file.

19. added bug report topic.
Hi futuretech,

Thank you so much for sharing the information.
We will test and update you.

Thanks
C.O.M.O.D.O RT

Offline hicham0716

  • Comodo Loves me
  • ****
  • Posts: 169
Re: List of current bugs discussion
« Reply #126 on: August 21, 2022, 06:52:16 PM »
Hi futuretech,

Thank you so much for sharing the information.
We will test and update you.

Thanks
C.O.M.O.D.O RT
did you get my message bro?
Best Regards
hicham

Online C.O.M.O.D.O RT

  • Comodo Staff
  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 922
Re: List of current bugs discussion
« Reply #127 on: August 22, 2022, 01:32:08 AM »
did you get my message bro?
Hi hicham0716,

Yes we have got your message and take that to the team notice.
We will keep you posted.

Thanks
C.O.M.O.D.O RT

Offline Avos

  • Comodo Loves me
  • ****
  • Posts: 184
Re: Why did you uninstall CIS? Please help us improve by telling us why.
« Reply #128 on: August 30, 2022, 09:30:33 AM »
Hello COMODO RT,
do you have any news for us?
I honestly don't understand why block other discussions.

Offline Adrosmart

  • Comodo Member
  • **
  • Posts: 45
Re: Re: Why did you uninstall CIS? Please help us improve by telling us why.
« Reply #129 on: September 04, 2022, 03:28:23 AM »
Well, guys, it was nice while it lasted. I have Comodo since 2008 and I can honestly say it never failed me. I guess the pandemic or maybe having too many free users as opposed to the licensed ones put too much strain on the company. Right now we are probably one bad windows 10 update from incompatibility.

So what is our next option after Comodo is no longer supported?


Offline NoScript

  • Newbie
  • *
  • Posts: 3
Re: Re: Why did you uninstall CIS? Please help us improve by telling us why.
« Reply #130 on: September 04, 2022, 01:15:36 PM »
Well, guys, it was nice while it lasted. I have Comodo since 2008 and I can honestly say it never failed me. I guess the pandemic or maybe having too many free users as opposed to the licensed ones put too much strain on the company. Right now we are probably one bad windows 10 update from incompatibility.

So what is our next option after Comodo is no longer supported?

Portmaster looks very promising but its still in Alpha and kinda hard to fully understand but its free.

Offline Adrosmart

  • Comodo Member
  • **
  • Posts: 45
Re: Re: Why did you uninstall CIS? Please help us improve by telling us why.
« Reply #131 on: September 04, 2022, 02:47:52 PM »
Portmaster looks very promising but its still in Alpha and kinda hard to fully understand but its free.

Never heard of Portmaster but I will check it out. I was reading some other forums and it seems WiseVector StopX is doing quite a bit of waves and it has a HIPS component similar to Comodo plus they are also sporting some kind of AI detection method. One thing I don't like about it is that the developers are based in China.

I really hope Comodo will pull through.

Offline owyhee

  • Newbie
  • *
  • Posts: 1
Re: Re: Why did you uninstall CIS? Please help us improve by telling us why.
« Reply #132 on: September 04, 2022, 04:08:55 PM »
Avast. Seems ok. Just waiting for news on comodo

Offline victorlopes

  • Comodo Loves me
  • ****
  • Posts: 121
Re: List of current bugs discussion
« Reply #133 on: September 04, 2022, 04:40:57 PM »
no news about these bugs? nothing yet?


Offline victorlopes

  • Comodo Loves me
  • ****
  • Posts: 121
Re: Re: Why did you uninstall CIS? Please help us improve by telling us why.
« Reply #134 on: September 04, 2022, 04:48:16 PM »
Avast. Seems ok. Just waiting for news on comodo

avast or avg... run away from these things...

so, nothing new about cis? ceo abandoned us and the forum. real good way of making trust online.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek