2 Helper Applications for the CIS 7 HIPS

2 Helper Applications for the CIS 7 HIPS : HIPS Events Viewer and HIPS Policies Reader
(Tested with Comodo CIS 7.0 under Windows 8.1 64 bits)

These programs are not a product of Comodo (well, they are a product of mine in fact)
The source code are the AU3, AUC, AUL, UDF files : my code is free to reuse or modify.

These 2 programs are written with AutoIt 3.3.12.0, compiled as 32 Bits applications (and can be run on 64 Bits systems)
They can be run either :

  • as compiled executable : CIS7HIPSEventsViewer.exe and CIS7HIPSPolReader.exe
  • as scripts if AutoIt 3.3.12.0 is installed on your computer : CIS7HIPSEventsViewer.au3 and CIS7HIPSPolReader.au3

To install and run :

  • un-zip CIS7HIPSHelperApps.zip to your program files folder : CIS7HIPSHelperApps and 2 subfolders will be created
  • run CIS7HIPSEventsViewer.exe or CIS7HIPSPolReader.exe (you’ll have to create shortcuts yourself if you want them)
    To un-install :
  • delete the CIS7HIPSHelperApps folder
  • delete the \User\AppData\Roaming\CIS7HIPSEventsViewer & CIS7HIPSPolReader folders (where are the INI files)

These programs won’t change yor CIS configuration, won’t write anything to the registry
and will only write to their INI file in their own AppData folder (to save your options).

CIS7HIPSEventsViewer : read and display HIPS events as a list
CIS7HIPSPolReader : read and display your HIPS configuration as an organized tree

(these programs do NOT deal with the firewall or anti-virus component of CIS 7, only the HIPS)

Download link :
https://www.dropbox.com/s/hax5zjktteg416o/CIS7HIPSHelperApps_18_nov_2015.zip?dl=0
Updated : 18 november 2015 (small update for the Find dialogs)
Preview images are attached to this post


Quick sum-up of what these applications can do and what they can’t : read also the 2 included Infos.ReadMe files


CIS7HIPSEventsViewer

This program for Comodo CIS 7 can read, (multi-)sort, filter (by source, type and target), search, and export to clipboard,
the events generated by the HIPS component of Comodo CIS 7.
The datas displayed in this program are similar to those displayed by the Comodo interface :
‘Comodo Firewall’ > ‘Home’ > ‘HIPS : Blocked Intrusions’

Events can be :

  • a silently blocked action, due to an existing HIPS rule
  • a HIPS pop-up alert window, action taken depends then on user choice

The program does NOT read the Firewall and Anti-virus events


CIS7HIPSPolReader

This program for Comodo CIS 7 can read, search, and export to clipboard

  • HIPS General Settings, enabled/disabled state of Auto-Sandbox & Viruscope, Heuristic and Shellcode Injections Settings
  • Content of the following lists : Blocked Files, Protected Data Folders, Shellcode Injections Exclusions
  • Content of the following groups : COM Interfaces, Registry Keys, Files and Folders
  • HIPS Rules and Rulesets

The program does NOT read the following informations :

  • Behavior Blocker : Auto-Sandbox and Viruscope Settings (except their enabled/disabled state)
  • Sandbox Rules
  • File Rating : File Rating Settings, and Trusted Files & Unrecognized Files & Submitted Files & Trusted Vendors lists
  • Firewall and Anti-virus Settings

[attachment deleted by admin]