Auto Containment Block rules are not applied after restart

Comodo Internet Security - CIS Install / Setup / Configuration FAQ - CIS
1

Hi,
I have created a file group ‘blocked folders’ and added d:\ to it. I have applied an auto containment rule with ‘block’ action and set it to ‘ON’.

It is working file until I restart. Once I restart, it is not working. If I restart again, it works sometimes. Even if I log out and log back in it stops working.

Please help me understand the inconsistency in the behaviour and if I need to make any other change here.

2

Hi gvvsss,

Thank you for reporting.
Could you please share us the steps to reproduce this issue ?

  1. May i know your CIS and win version ?
  2. And are you using any other security software simultaneously other than CIS ?

Thanks
C.O.M.O.D.O RT

3

Hi Comodo RT,

I have tried with two different systems both have Win11 23H2.

12.2.2.8012 and 12.3.1.8104 (2024 beta 2).

On one system I have MalwareBytes installed, with all real-time protection component OFF.

Steps I followed:

  1. I have added a File group in File ratings, named it ‘blocked folders’ and added d:\ to it.

  2. I have added an ‘auto containment’ rule with ‘block’ action and selected with file group ‘blocked folders’ and left every setting in it as is (I did not add any specific filter)

  3. I saved the settings and try to run any app from d:\ it is blocked from execution, as expected

  4. But, when I restart the system, or log out and log back in, the rule is not working. If I click any app in D drive, it is running normally.

image
image940×881 96.4 KB

image
image
image2218×657 178 KB

4

Hi gvvsss,

Thank you for providing the requested information.
we do not recommend customer to use several security software simultaneously as it causes crash, bsod, malfunction…etc.
Kindly disable/uninstall the other security software and check the issue.
However we will check this issue and update you.

Thanks
C.O.M.O.D.O RT

5

Hi Comodo_RT,

As I mentioned earlier, MalwareBytes is being used as an ‘on demand’ threat scanner and not a real-time security engine, which is equivalent to having it disabled state. Also, it is only present in one system.

The issue I mentioned is independent of it, and is present in both the systems.

Hope you understand.

6

I uninstalled Malwarebytes on the system, but the issue is still the same.

One thing I observed is, that I can quickly see the change in behaviour even without restart, just by logging out and logging in as a different user.

7

Hi gvvsss,

Thank you for providing the requested information.
We reported this issue to the dev team.
We will keep you posted.

Thanks
C.O.M.O.D.O RT

8

I couldn’t reproduce, the only time it didn’t work is if the drive was a network connected drive, but it doesn’t look like your drive D:\ is based on the file icon. So what type of drive is it? Another internal drive/volume or is it an external connected device?

1 Like