Author Topic: Seriously, Comodo, its time you catch up!  (Read 3435 times)

Offline blackkatt

  • Comodo Loves me
  • ****
  • Posts: 150
Seriously, Comodo, its time you catch up!
« on: August 22, 2019, 03:59:22 PM »
I know Comodo is free and all and I do appreciate that! When it works CIS is better then MANY paid security solutions out there, I would certainly start paying if you guys start maintaining ...

The following are only major bugs reported and "fixed". They where real show stoppers. I menton these to make a point. That CIS is falling behind. Default rules are not being updated by you guys resulting in native Windows components being blocked. At the end of this post is the reason I wrote this. Yet another important Windows future is disrupted by CIS.

In total that's 4 big nasty bugs.

#1 (Fixed)
First real issue I encounter long ago was when CIS was blocking the NVIDIA drivers "express install" mode. This was 2016.

Quote
Hi,
so I'm unsure if this is know or not. But there is a bug with CIS 8.4.0.xxxx, unsure how long it's been there. At least five NVIDIA drivers back.

I say NVIDIA drivers because the bug is that CIS hinders the use of the "express install" mode. Casing the installation of the Graphics driver to fail (express install: An option available within the driver that lets you keep your old settings and what not)

I've been blaming NVIDIA for this, for a long time. (Sry NVIDIA)
A lot of debugging has been done to conclude that CIS is to fault.

#2 (Fixed)
Later same year we had the "Full Scan Stuck" https://forums.comodo.com/resolvedoutdated-issues-cis/full-scan-running-for-8-hours-and-counting-t116104.0.html;new#new

Then it was good for a long time.

#3 (Unclear)
2019 yet another show stopper. CIS causes System Restore to fail
https://forums.comodo.com/format-verified-issue-reports-cis/cis-causes-system-restore-to-fail-m2411-t124406.0.html;new#new

not sure if its fixed or not, I've simply disable the option that cases it.

#4 (Unknown)
This one I haven't reported yet. But it is the reason for writing this post. The "C:\Windows\System32\SIHClient.exe" (explanation below) is blocked. Even at custom ruleset. So my point here is this. Comodo, you guys. Proud yourself for being very good at what you do. And in most cases I agree. So it's time to dedicated some time to update CIS so that important futures as this and from the past is not disrupted by CIS.


Quote
Sihclient.exe is a file that is responsible for automatic Windows updates
Sihclient.exe is an executable that runs on the Windows operating system and is created by Microsoft. The part of the name SIH stands for Silent Install Helper, which helps to handle files that deal with automatic Windows updates. By default, it is located in C:\WINDOWS\System32\SIHClient.exe and shows up in the Task Manager depending on when it is scheduled to do so. While its initial form is harmless, many users reported that their Firewall had blocked the Sihclient.exe due to it being recognized as a virus. In most cases, this diagnosis is false positive, but users should still be wary if their AV engine detected the executable as malware

That's all  8)
« Last Edit: August 23, 2019, 01:41:54 AM by blackkatt »

Offline Mathi R

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 149
Re: Seriously, Comodo, its time you catch up!
« Reply #1 on: August 24, 2019, 01:17:12 AM »

Quote
#3 (Unclear)
2019 yet another show stopper. CIS causes System Restore to fail



Hi blackkatt,

Please update CIS to the latest version 12.0.0.6882 and check whether the system restore was working properly. If the problem still exists provide the logs using our given tool.
Check your inbox for steps to run the tool & collect the logs.
« Last Edit: August 24, 2019, 01:18:49 AM by Mathi R »

Offline Mathi R

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 149
Re: Seriously, Comodo, its time you catch up!
« Reply #2 on: August 24, 2019, 01:25:49 AM »
 
Quote
#4 (Unknown)
This one I haven't reported yet. But it is the reason for writing this post. The "C:\Windows\System32\SIHClient.exe" (explanation below) is blocked. Even at custom ruleset. So my point here is this. Comodo, you guys. Proud yourself for being very good at what you do. And in most cases I agree. So it's time to dedicated some time to update CIS so that important futures as this and from the past is not disrupted by CIS.


That's all  8)

Hi,

Check if "Trust files installed by trusted installer" is enabled in File rating settings.
Steps - Settings -> File rating -> File rating settings
Also share the file "Sihclient.exe" that was blocked by CIS to us.

Thanks
Mathi R

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4589
Re: Seriously, Comodo, its time you catch up!
« Reply #3 on: August 24, 2019, 03:20:23 PM »
Quote
#4 (Unknown)
This one I haven't reported yet. But it is the reason for writing this post. The "C:\Windows\System32\SIHClient.exe" (explanation below) is blocked. Even at custom ruleset. So my point here is this. Comodo, you guys. Proud yourself for being very good at what you do. And in most cases I agree. So it's time to dedicated some time to update CIS so that important futures as this and from the past is not disrupted by CIS.
Yes during startup if any application tries to make any outgoing connection attempt before the CIS tray/UI is loaded, the firewall will block and log the attempt. I think it has been that way for awhile but they added the logging of it instead of silent blocking. Nevertheless I submitted the issue into the mod tracker but I haven't yet had any confirmation if it is indeed a bug or it is by design.

Offline blackkatt

  • Comodo Loves me
  • ****
  • Posts: 150
Re: Seriously, Comodo, its time you catch up!
« Reply #4 on: August 24, 2019, 03:23:09 PM »


Hi blackkatt,

Please update CIS to the latest version 12.0.0.6882 and check whether the system restore was working properly. If the problem still exists provide the logs using our given tool.
Check your inbox for steps to run the tool & collect the logs.

I already have that version. I try it later.


Hi,

Check if "Trust files installed by trusted installer" is enabled in File rating settings.
Steps - Settings -> File rating -> File rating settings
Also share the file "Sihclient.exe" that was blocked by CIS to us.

Thanks
Mathi R

I'm using the default settings, so yeah. "Trust files installed by trusted installers" SIHClient.exe is also marked as "rating, trusted" and have already been submitted.

Do you want me to share a native Windows file, digital signed by Microsoft? makes no sense but OK. Here you go...

Yes during startup if any application tries to make any outgoing connection attempt before the CIS tray/UI is loaded, the firewall will block and log the attempt. I think it has been that way for awhile but they added the logging of it instead of silent blocking. Nevertheless I submitted the issue into the mod tracker but I haven't yet had any confirmation if it is indeed a bug or it is by design.

Not sure if CIS tray/UI was loaded or not when it was blocked. But it was blocked many, many times. so during the first and last block the CIS UI should have been loaded =)
« Last Edit: August 24, 2019, 03:26:37 PM by blackkatt »

Offline blackkatt

  • Comodo Loves me
  • ****
  • Posts: 150
Re: Seriously, Comodo, its time you catch up!
« Reply #5 on: September 03, 2019, 04:25:24 PM »
This latest event only straightens my point that Comodo is falling behind. In this case CIS ask to allow/deny the "Windows operating system" access to the internet. Looking up the IP it belongs to Microsoft. "Windows operating system" aka "system" is a default group rule that includes two rules

"Allow System To Send Requests If The Target Is In [Home #1]"
"Allow System To Receive Requests If The Sender Is In [Home #1]"

So in other words. There isn't any default rules to handle a request like this. So like I've been saying, CIS needs an update...  :a0

Offline Mathi R

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 149
Re: Seriously, Comodo, its time you catch up!
« Reply #6 on: September 05, 2019, 03:26:46 AM »
Hi blackkatt,

Thanks for reporting. I have forwarded the suggestion of including the default rules in CIS to our developers.

Offline blackkatt

  • Comodo Loves me
  • ****
  • Posts: 150
Re: Seriously, Comodo, its time you catch up!
« Reply #7 on: November 14, 2019, 02:12:32 PM »
Hi blackkatt,

Thanks for reporting. I have forwarded the suggestion of including the default rules in CIS to our developers.

All of these (and more) should be added to the default Firewall config/File Rating/File Groups Under "Windows System Applications" as they all have the same damn rule "Allow IP Out From MAC Any To MAC Any Where Protocol Is Any" and are native to Windows 10.  :-TD

Also, one example that does not work %windir%\System32\smartscreen.exe (which is added to the above group) because as you can see below I've been asked to create a rules for that one anyway...

I would also like to know how to fastest add these myself in bulk?

These are custom rules. They all have the same rule. They should all be added to the default config.

C:\Windows\System32\MicrosoftEdgeCP.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\Windows\System32\browser_broker.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
C:\Windows\System32\CompatTelRunner.exe
C:\Windows\System32\AppHostRegistrationVerifier.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\System32\backgroundTaskHost.exe
C:\Windows\System32\taskhostw.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Windows\System32\Speech_OneCore\common\SpeechModelDownload.exe
C:\Windows\System32\MicrosoftEdgeSH.exe
C:\Windows\SysWOW64\rundll32.exe
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
C:\Windows\System32\MRT.exe
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
C:\Windows\System32\SystemSettingsAdminFlows.exe
C:\Windows\System32\dasHost.exe
C:\Windows\System32\SIHClient.exe
C:\Windows\System32\WerFault.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\wermgr.exe


Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4589
Re: Seriously, Comodo, its time you catch up!
« Reply #8 on: November 14, 2019, 08:55:25 PM »
There is no need to add those to the WSA file group as all of those are trusted rated and won't be blocked by the firewall if you have it set to safe mode. If you are using custom ruleset mode, then you need to deal with using such mode by either answering the alerts or setting up the rules in advanced.

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 399
  • Paranoid B#st#rd - CIA
Re: Seriously, Comodo, its time you catch up!
« Reply #9 on: November 14, 2019, 08:56:33 PM »
Bulk add files/folders feature for creating and managing File Groups would be a very useful idea!

P.s. futuretech you on multiple occasions beat me to posting replies. Ha ha.
« Last Edit: November 14, 2019, 08:58:41 PM by ReeceN »

Offline blackkatt

  • Comodo Loves me
  • ****
  • Posts: 150
Re: Seriously, Comodo, its time you catch up!
« Reply #10 on: November 15, 2019, 02:15:51 PM »
If you are using custom ruleset mode, then you need to deal with using such mode by either answering the alerts...

I'm using this mode because CIS sometimes feels like blocking native Windows components as discussed before. Therego I feel my request is valid.

...or setting up the rules in advanced.

I've already added %windir%\System32\smartscreen.exe to the File Rating/File Groups but I've been asked to create a rules for that one (and others) anyway...

Bulk add files/folders feature for creating and managing File Groups would be a very useful idea!

Agreed  8)
« Last Edit: November 15, 2019, 02:23:24 PM by blackkatt »

Offline blackkatt

  • Comodo Loves me
  • ****
  • Posts: 150
Re: Seriously, Comodo, its time you catch up!
« Reply #11 on: December 07, 2019, 05:38:31 AM »
So this is why I can't use SafeMode  >:(
Newly installed fresh config and CIS blocks not only its own browser but other signed/safe/known apps too!

PM: The first two entries are before I upgraded/installed latest build.
« Last Edit: December 07, 2019, 05:41:25 AM by blackkatt »

Offline liosant

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1221
  • internet providers are not ready ...
Re: Seriously, Comodo, its time you catch up!
« Reply #12 on: December 07, 2019, 08:13:39 AM »
Quote
C:\Windows\ImmersiveControlPanel\
%windir%\systemapps\

is part applications applications metro
===============================================================

Apps list
Quote
C:\Windows\System32\MicrosoftEdgeCP.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\Windows\System32\browser_broker.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
C:\Windows\System32\CompatTelRunner.exe
C:\Windows\System32\AppHostRegistrationVerifier.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\System32\backgroundTaskHost.exe
C:\Windows\System32\taskhostw.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Windows\System32\Speech_OneCore\common\SpeechModelDownload.exe
C:\Windows\System32\MicrosoftEdgeSH.exe
C:\Windows\SysWOW64\rundll32.exe
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
C:\Windows\System32\MRT.exe
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
C:\Windows\System32\SystemSettingsAdminFlows.exe
C:\Windows\System32\dasHost.exe
C:\Windows\System32\SIHClient.exe
C:\Windows\System32\WerFault.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\wermgr.exe
is used for exploits, in windows 7 and windows 10
==================================================================
Comodo Internet security protect and ask output in firewall

Offline blackkatt

  • Comodo Loves me
  • ****
  • Posts: 150
Re: Seriously, Comodo, its time you catch up!
« Reply #13 on: December 07, 2019, 08:17:02 AM »
is part applications applications metro
===============================================================

Apps list is used for exploits, in windows 7 and windows 10
==================================================================
Comodo Internet security protect and ask output in firewall

And?  :)

Offline Ploget

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1129
  • 'Your best teacher, is your last mistake'
    • CIS Help
Re: Seriously, Comodo, its time you catch up!
« Reply #14 on: December 07, 2019, 08:17:29 AM »
Are you sure this isn't when you start the system? You're running pretty much the applications I am in that shot and they're always in the log on startup - before CIS 'activates'. If you check the  Task Manager after startup, you'll find they are actually running
So this is why I can't use SafeMode  >:(
Newly installed fresh config and CIS blocks not only its own browser but other signed/safe/known apps too!
« Last Edit: December 07, 2019, 11:54:12 AM by Ploget »
Ploget
All Win10x64 Pro 1909 (18363.752) systems  /  CIS 2020 v.12.2.2.7036 RC
Comodo Forum Policy / CIS Help

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek