Access memory blocked with ProcessTamer - can't configure to stop the logging

Hi,
I’ve read many posts and followed different suggestions but have not been able to stop the 100s of logged notices that Defense+ has stopped ProcessTamer from accessing memory of CIS.exe. Using CIS 7.0.317799.4142, I’ve added ProcessTamerTray.exe as exception to Behavior Blocker, added to HIPS rules (copied ruleset from Comodo files). Is there a simple fix? I’ve also tried adding a rule to ProcessTamer to ignore CIS.EXE. I don’t want to unistall ProcessTamer or go crazy watching the number of blocked intrusions increase every few seconds. Thanks for any help.

Hi Halftime,

Did you try to add ALL processes related to CIS as exception to Process Tamer?
cis.exe is not the only one.

Hi qmarius,

I added CIStray.exe and cmdagent.exe but that made no difference and the blocked behavior only showed cis.exe as the target for access memory.

It’s maddening because ProcessTamerTray.exe and ProcessTamerConfigurator.exe are both trusted files.

Thanks.

You could try this:

[ol]- Go to HIPS rules.

  • Find COMODO Internet Security in the list and right click it and then click Edit.
  • Switch from Access Rights tab to Protection Settings.
  • Look for Interprocess Memory Accesses and then click Modify (x) to the right, under Exclusions.
  • Right-click anywhere in the new window and click Add > Running Processes (Make sure the application is running) then look for the application in the list and then select it and click OK.
  • Click OK on any remaining windows and try again.[/ol]

Hi Sanya,

I think you did it! I made the change you suggested and it’s been 15 minutes without new blocking alerts. Thank you so much - you saved what little sanity I have left!

Just a small note of warning I presume you absolutely trust Process Tamer :slight_smile:

As you have now allowed it access in Protection Settings it can now kill any or all of COMODO Internet Security processes.

Previous Solution + Exception Rules (in Process Tamer)

cavscan.exe
cfpconfg.exe
cmdinstall.exe
cistray.exe
cis.exe
cmdagent.exe
cmdvirth.exe
cavwp.exe
cmdupd.exe

Thanks for taking time to help me with this problem. I have thought seriously about what a bad actor could do in the protection of the CIS and a couple of Windows processes. I do trust Process Tamer. When Dennis2 mentioned his warning, I decided to redo everything. I uninstalled Process Tamer and CIS and then did a clean install of CIS, and then a complete hard drive backup. Then I installed Process Tamer with the listed 9 CIS programs ignored. With HIPS enabled in Training Mode then in Clean PC Mode and in Safe Mode, I was still getting the blocking access memory logged every few seconds. I got the same when I closed Process Tamer and then tried Process Explorer. Both were trusted and added under exceptions in HIPS and in Behavior Blocker. None of this blocking occurs with KillSwitch, which is probably protected as a Comodo program. I’ve stopped using Process Explorer mostly because KillSwitch is easier to deal with and allows resetting priority, etc. It just doesn’t do it automatically like Process Tamer. I use several programs that will eat up 90-100% CPU - including cavwp.exe when it’s running with background priority. Sanya’s solution works so I’ve gone back to it knowing that if something changes in the future I can remove Process Tamer from its shelter. I guess another alternative would be to turn off HIPS or have it not monitor interprocess memory access, but I don’t want it to do that.
Anyhow, thanks very much. I’ve left the exception rules in Process Tamer as well.