Applications are isolated after being put to exclusion


I’ve been using only Linux since 2012 but I’m required to install Windows now, and I always liked Comodo Internet Security.
But I remember that some legitimate applications like EasyAntiCheat were blocked even after I put them to exclusions. I don’t remember the exact scenario but it would be something like:

  • Install CIS;
  • Download EAC;
  • Run EAC;
  • EAC gets blocked;
  • I put it to exclusions;
  • Sometimes I can run it;
  • EAC gets an update, and gets blocked again;

This is just an example. I had other applications that had some components blocked too. Not the app itself, because they were set to exclusions, but after trying to install the software some of it’s components were set to “Limited access” and it ■■■■■■■ up everything.

I’m not on Windows yet, but what can I do to avoid this?



sincerely it is not a good thing to avoid it; it is protecting you

I know. But these are legitimate software that can’t be blocked after I put them to exclusions.

put it in trust files

That won’t work as it works on file hashes.

You need to make a rule in Active HIP Rules. CIS will then not use file hashes but only the path to the file as way of identifying it. That should do the trick.

blocking is occurring because of resource access name permissions. The resource access name requires access rights fundamentally to protected files / folders, or execute of particular resource access name.

Isolation is due to unrecognized file execcute attempt; it makes no difference if executable has execute permission to particular file. This is sandboxing functionality.

Exclusion is exclusively in the AV domain. It is used to eliminate CIS AV malicious alert for known safe software, i.e., false positive.