Allow Temp Folder & rubyw.exe PrivateInternetAccess VPN client & Comodo

I am using the default VPN client from PrivateInternetAccess.com.

When I start it, it creates a rubyw.exe in C:\Users\USER_NAME\AppData\Local\Temp\ocrC1E8.tmp\bin\rubyw.exe for example.

Every time the service is started the rubyw.exe is created in another folder …\Local\Temp\ocrAND_THEN_THE_NEW_TEMP_NAME\bin.. .

How do I allow all files being created in …Temp\ocr… every time I start the VPN client?

I have tried setting C:\Users\USER_NAME\AppData\Local\Temp\ocr* as allowed but it does not recognise the * as valid rule.

Where and how can I exclude these newly created folders from Defense+ please so I do not get these warnings any more?

I would somehow prefer it if there is a way of directly allowing rubyw.exe instead of excluding folders from the scan, but so far I have not managed to allow just the app since it is created in a new folder every time.

Using Comodo Firewall (without anti virus, just the Firewall) version 6.3.302093.2976 on Windows 7 Ultimate 64.

Many thanks for your help.

I’m not sure exactly what your issue is, I mean if the issue is that you get an alert that privateinternetaccess.exe (lets pretend that’s the main program) is trying to execute rubyw.exe or if you get and alert that rubyw.exe is trying to do changes itself or if it’s that rubyw.exe gets sandboxed or if it’s the firewall that gives issues about the rubyw.exe… But yeah I made a 5 minute video showing how to deal with this situation, you can find the video here: How to exclude an executable from CIS HIPS/BB/FW - YouTube

I use the same VPN. All you need to do is make all the PIA files trusted so the auto-sandbox does not interfere. Also, create rules to allow all of the PIA files to access the internet. Does that help? Good luck.

Dear Sanya and Ad, thank you for your help. I will give your solution a try and confirm when it is working.

Sanya, to answer your questions. The VPN client is based on Ruby I would assume. When I open the VPN client, it runs Ruby internally somehow and tells the whole client to kind of run from that temp folder/dir that it creates. I have allowed the rubyw.exe and the other components of the VPN client in Firewall and Defense, however the last step, allowing the temporarily created folder and the rubyw.exe inside that was what I was struggling with. Sandbox or Behaviour blocker did not interfere, it was only ever Defense. Also thank you for your video, seems much better than writing up all the details and I am sure a lot of people can follow it much better than written explanations. So thank you for your effort. Oh and please, tell me, what software is the presentation video done with please?

Ad, yes I love this VPN and I think in combination with Comodo CIS or just Firewall this gives awesome protection and ease of mind, two very good products!

Thank you and Best Regards

Just so we’re on the same page, you did find the answer in the video of how to deal with the temporary folder, right? Looking back at the video I realize I might go a bit fast on certain things.

I usually prefer videos myself, I tend to get lost reading long(er) written explanations… Worse when I’m the one writing them! :wink: Besides, it saves me time doing formatting on the text. ;D

I’m using Open Broadcaster Software, I guess it’s mainly made for streaming but I find it does local recording just as good or better than any other product I’ve tried, can be a bit of a hassle to set up though.

Yes, did find the answer, no not too fast for me and thanks for the link to the broadcast software. Altogether much appreciated.

Sorry, I forgot I have one other machine running version 5.12.256249.2599 of Comodo Firewall, is the approach there similar? I run it on Windows 7 & ok to update if it is necessary for this to work. What would correspond to Protected Objects in version 5 for example please?

Herm I haven’t used version 5 for so long, I can’t even remember what it looks like. :embarassed: Sorry, but hopefully someone else can help you here.

No worries, time to update I guess.

I actually had to add 3 exclusions in total to the HIPS ruleset for the Rubyw group. Pi_manager.exe, pia_tray.exe and openvpn.exe. Found those running as process while connected to the VPN. Creating the Rubyw protected objects group was the key to be able to make these exclusions for running an exe. Since I am not using the sandox this is it. Might make a video too since quite some people seem to have this issue over at the PIA forum.