Auto-Containment will not run a new program except contained

EricRatliff · October 23, 2022, 7:35am

I’m using CIS pro. I get a green box around the application I just installed. It is launched from a .bat file. When I go to Containment then Auto-Containment, then Manage Contained Program there is no way to ‘Edit’ and ‘Browse’ to a .bat file. Only .exe, .dll, .ocx. No “.bat”. So, I can’t make an exception for this file.

Contents of the .bat file are as follows:
@echo off
echo “Starting OpenPLC Editor…”
cd “OpenPLC Editor”
if exist .\new_editor\ (
rmdir /s /q .\editor
move .\new_editor .\editor
)
start “” “.\python\pythonw.exe” “.\editor\Beremiz.py”

ZorKas · October 23, 2022, 9:25am

Create an exception

Containment > Containment settings > check the box "Do not virtualize access to specified files/folders
Click on Specified Files/Folders
Click on Add > Files > Choose the .bat file
Click OK
Restart the PC

EricRatliff · October 23, 2022, 7:30pm

Thanks ZorKas,

I was able to add the .bat file to exceptions. The program still ran contained.

I added several more things to ‘exceptions’, but still no luck. Here are my exceptions and rules “Containment problem 3.png”. Also, I looked in contained processes as the program launched, “contained processes.png”.

Any idea what I am missing? I did restart the PC.

Eric

EricRatliff · October 23, 2022, 7:31pm

Somehow my first attachment failed to attach. “Containment problem 3.png”

ZorKas · October 24, 2022, 9:01am

Comodo confines ALL unknown files
In your image response you have unknown files

OpenPLC Editor.bat

Beremiz.py

When an UNKNOWN file is executed in the sandbox the PIDs (processes) are also confined
In your case, the files must be “Approved” in order to avoid containing it
On the other hand, as a reminder, you must reset the sandbox before renewing the operation on your .bat file or others

EricRatliff · October 25, 2022, 3:06am

Thanks Zorkas,

“the files must be “Approved” in order to avoid containing it”
So, being an exception is not sufficient to avoid containment. I found that I can make a file ‘trusted’ (same thing as Approved I think) if it appears in the contained apps list. I just right click it and select Add to Trusted Files. This worked to get the “Beremiz.py” file trusted. But, “OpenPLC Editor.bat” only appeared in the list briefly. Not enough time to right click it. Fortunately I can change the behavior of a .bat file. I added “pause” at the last line of it. Now, it appeared in the contained apps list and stayed there. So, I right clicked it and selected Add to Trusted Files.

Problem solved. See “adding pause to bat file.png”.

I suppose there is some other way to make a file trusted, but I could not find it.

DecimaTech · October 25, 2022, 2:30pm

You could have used the unblock applications task to easily unblock from containment or changed the file rating to trusted. Manage Blocked Items, Blocked Applications, Comodo Internet Security | COMODO

Also those exclusions is used in a different way and I would remove the ones you added. See help doc Containment Settings, Containment Computer Security, Desktop Software | Internet Security

C.O.M.O.D.O_RT · October 26, 2022, 8:12am

Hi futuretech & Zorkas,

Thank you for supporting.

Thanks
C.O.M.O.D.O RT

ZorKas · October 26, 2022, 8:35am

Hi C.O.M.O.D.O RT,

Through this help request we demonstrate Comodo’s ability to block an unknown command in order to protect the PC
The inter-process behavioral analysis is an undeniable advantage of Comodo CIS against Ransomware and other indelicates
Looking forward to the next version…

:-TU

C.O.M.O.D.O_RT · October 26, 2022, 10:55am

Hi Zorkas,

Ok, we will take this to the team notice and update you.
Thank you for supporting.

Thanks
C.O.M.O.D.O RT