Sorry for the confusion. What I actually meant to say was that behavior changed as it shouldn’t mess up with streams in such unwanted way. It seems like a bug specific to some operating systems from your description. I was able to remove streams data under Windows 7.
You could try using Trusted Installer privileges while attempting streams deletion.
PS: It’s not a known issue. (as far as I know)
Thank you for the trusted installer suggestion. It did not help. Uninstalling Comodo 8 resolves this issue immediately.
I guess we will have to find someone running Windows 8.1/10, and see if they can remove ADS with Comodo 8 installed…
Installed Windows 10 x64 on a virtual machine and I was able to delete streams data. Tested with CIS 10 beta & disabled Auto-Sandbox.
echo hello > test:stream
streams64.exe -d test
On second thought… there seems to be a problem.
echo hello > test:$CmdTcID
streams64.exe -d test
I will report it soon.
// Bug 1935
Finally, a breakthough!
Hope you can ask that fix be included in mature version 8 so we are not forced to install initial version 10 over this legitimate bug that has gone on for so long…
Thank you qmarius!
A brand new version Comodo Firewall 8.4.0.5165 has just been released.
It does not include the fix.
It is still not possible to remove Alternate Data Streams while Comodo is installed.
It would be nice to hear if developers didn’t have time to implement the fix in this version… or…
CIS 10 doesn’t use ADS, but a database instead.
I don’t think they will release a fix on CIS 8 since CIS 10 is going to the stable release.
So, my suggestion for you is to wait for CIS 10 to be released as stable. At that time you can uninstall CIS 8, use a 3rd party SW to delete ADS, then install CIS 10.
If you don’t wanna wait, just switch to another security software until CIS 10 is released
Just to be clear, this is not about adding new ADS but about removing existing ADS. The two are confused often.
You cannot remove existing Alternate Data Streams under version 10 either.
Completely uninstalling Comodo software every time you need to remove ADS… that’s not a viable solution, surely we agree on that?
Because if it is, that means the developers are not acknowledging this as a bug, and then we’re back to asking why is Comodo preventing existing ADS from being removed, what is the reason for that?
Please read my post again:
At that time you can uninstall CIS 8, use a 3rd party SW to delete ADS, then install CIS 10.
As you said, you have to uninstall CIS to be able to remove the ADS.
Once you have done so, you can install CIS 10 which won’t create any new ADS (if I have understood correctly)
It’s important to clarify that there is no difference between what you suggest and uninstalling Comodo software every time you need to remove ADS.
Since Comodo 8 also does not add ADS if you do this:
Comodo 8 Security Settings > Defense+ > Sandbox > Auto-Sandbox > UNCHECK: Enable file source tracking > OK
Thereafter there is no difference between 8 and 10. Neither 8 or 10 would add new ADS but both would block removal of ADS unless they are uninstalled.
Yes, of course uninstalling either 8 or 10 is a way to remove ADS. But that nuclear solution is not a viable solution.
Uninstall 8 > remove ADS > Install 10 directly implies that there are only a few ADS infested files which Comodo added in the past. That is just simply not the case. Other sources can add ADS. We need to be able to remove ADS. We cannot, if either Comodo 8 or Comodo 10 are installed. Yes, uninstalling Comodo is the only way to removed ADS, you are absolutely correct. Also remember both 8 and 10 can be made to stop adding new ADS - that is not the point:
Removing ADS while Comodo 8/10 are still installed - that is the goal, that is the question, that’s the problem bug.
Then, check this:
Can Alternate Data Streams be removed while either Comodo 8 or 10 is installed?
The answer is NO.
Alternate Data Streams cannot be removed until Comodo software is uninstalled.
The above quote massively confuses that very simple question.
This isn’t a matter of opinion, here is freeware that can remove ADS. They cannot remove ADS while Comodo is installed.
You can create an ADS infested file by leaving this option checked then downloading anything, like this:
The above post does not change that fact in any way.
I make it simple. The answer is NO and don’t expect it to be solved with CIS 8 because it will be soon replaced by CIS 10 (which doesn’t create ADS).
The only way to get rid of ADS created by CIS is to uninstall CIS.
It appears you cannot, but CIS can in certain circumstances.
[quote="EricJH"] Thank you for the heads up Buket. What do you mean with "However, if you execute a certain file and correspondent ADS exists - CIS will remove that ADS."? Does it mean CIS will remove the ADS it made with a previous version when an executable gets executed. [/quote] Hi EricJH,Yes, exactly !
Kind Regards
Buket
If Comodo 8 remains broken, then that’s the conclusion of that. But I can switch to your point, sure. Let’s not talk about Comodo 8.
Comodo 10 currently cannot remove ADS, limited circumstances aside.
The fact that Comodo 10 doesn’t add ADS by default has nothing to do with removing existing ADS.
Creation of new ADS has nothing to do with this topic.
The topic is removing existing ADS, not stopping creation of new ones. Even version 8 can be stopped from creating new ADS right now.
So if we can agree on that, let’s talk about version 10:
Version 10 cannot remove all ADS. Creation of new ADS has nothing to do with that. ADS can already be there inside files created by other programs.
Those ADS cannot be removed as long as version 10 or any version of Comodo is installed on the system.
I am wondering out loud what happens when you would give an application that can remove ADS the Windows System Application policy. I haven’t tried or tested it.
EricJH. Thanks for the suggestion.
If the following is not sufficient, please post an alternate test:
Control Panel > View by Category > System and Security first > Administrative Tools [fourth from bottom] > Security Configuration Management or Local Security Policy > Right click on Software Restriction Policies > New Software Restriction Policies SO THAT ADDITIONAL RULES SHOWS UP UNDERNEATH > Right click on Additional Rules > New Path Rule… > Browse… to the path of ADS removing software .exe file
OK > Set the security level to Unrestricted > OK
The above still did not allow ADS removal unless Comodo software is completely removed from the system.
Hi c627627,
I haven’t done any further testing, but I have said before ADS created by CIS can be removed in Windows safe mode.
It might be only a workaround, but in most cases this is easier than removing CIS even with dual boot systems.
Kind regards.
Well rebooting into another OS is quicker than rebooting into Safe Mode (if you do a stop watch test) but both accomplish the same thing, a workaround.
There are many (many) workarounds to this problem, some more cumbersome than others.
I now have a feeling that the developers have been aware of this issue for some time.
If we can move to accepting that this is a side-effect of having Comodo software installed, that it is the price we pay for having Comodo installed, it would then be nice if someone posted something about the background of this problem.
Why it is happening and why it cannot be fixed.
At first there was a concern that all these workarounds served to prevent this issue from being taking seriously and finally resolved, but I am leaning towards this being a long-term problem and that it has been for a while.
Have you seen anyone post on the forums what the background story is, why does Comodo prevent ADS removal? What is it that makes this not an option you can tick?
Because labeling files is a way to track things, track people, by definition.
Explaining why Comodo blocks removal of ADS would prevent people from incorrectly assuming there are other reasons for keeping those Alternate Data Streams attached to people’s personal files.
Because of Microsoft’s new business model, evident in Windows 10, I incorrectly thought that it was Microsoft and not Comodo who was responsible.
Telemetry is front and center business model for Microsoft now. Data Mining. Microsoft is now doing what Google was doing all these years. Targeted advertising is big business.
Tracking people’s habits is central in that business model and that it why it wasn’t out of place to think it was Microsoft.
But it wasn’t Microsoft. It is Comodo.
So in conclusion, an explanation of why this is happening would go a long way in countering any discussion that Comodo has a hand in the telemetry-related world we live in today.
In other words, is blocking ADS removal a bug or is this by design?
I would say it is a bug. I know of no evidence that ADS by CIS is used for tracking users.