Application rules for WSL binaries incorrectly treated as invalid [M2377]

coolstorybro · March 27, 2018, 4:58pm

Can you reproduce the problem & if so how reliably?:
Yes, invariably.
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Create a rule for a WSL binary.
2: Run purge on current firewall ruleset.
One or two sentences explaining what actually happened:
The entry is incorrectly treated as invalid.
One or two sentences explaining what you expected to happen:
The entry is recognised as valid.
If a software compatibility problem have you tried the advice to make programs work with CIS?:
N/A
Any software except CIS/OS involved? If so - name, & exact version:
WSL on Windows 10 16299.
Exact CIS version & configuration:
10.2.0.6526, firewall only.
Any other information, eg your guess at the cause, how you tried to fix it etc:
A mapping between the binary’s WSL filesystem location and it’s actual location in the Windows file system either doesn’t exist or is not used during a purge operation.

This seems complicated since multiple distros can coexist as of 16299, but I would like to see it fixed. It’s possible that these rules are applied to all binaries existing in the same WSL path but in different distros, which would also be incorrect (and a security risk), but I have not checked this.

prem1991 · March 28, 2018, 9:32am

Hi Coolstorybro,

Thanks for reporting to us. We will investigate it further.

Kind Regards,
PremJK

futuretech · May 5, 2018, 9:03pm

Will be fixed in next release. A beta build will be made available in upcoming week which you can confirm the fix.

futuretech · May 16, 2018, 9:53pm

Should be fixed with Comodo Internet Security v11.0.0.6574 - BETA please check thanks.

coolstorybro · May 17, 2018, 6:50am

Will verify later today.

coolstorybro · May 17, 2018, 3:17pm

Unfortunately, the issue doesn’t look fixed. I’m seeing no changes in behaviour compared to the previous version.

futuretech · May 17, 2018, 5:30pm

I tested with Windows 10 1803 version and it comes up as the full windows path. So it must be the way Windows reports the path and they changed it with the April update.

coolstorybro · May 18, 2018, 4:38am

I’m guessing the solution was implemented using the wslpath tool, which is unavailable in versions prior to RS4. Can the dev team confirm this is the case?

If so, I think it’s acceptable for the sake of keeping the implementation simple, but you should perhaps note it as a known wontfix for prior versions. I can report back after I’ve migrated to RS4 to confirm it works for me.

futuretech · May 18, 2018, 2:49pm

I don’t think comodo does anything specific for dealing with WSL as I went back and installed 10.2 and it still uses the full path in the rules. So I still believe it was a MS change on how they report WSL image paths to native Win32 applications. However another bug in HIPS on determining the WSL binary being executed which I have already reported but will ask for more investigation from devs.

coolstorybro · May 19, 2018, 6:49am

If RS4 fixes this problem on its own, that’s fine by me, too. It’s up to Comodo if they want to provide a fix for earlier versions; either way, it looks like this beta doesn’t have one.

coolstorybro · June 1, 2018, 11:30am

Made the move to RS4 yesterday. Confirming this resolves the issue (in 10.2.0.6526).