I’m using CIS pro. I get a green box around the application I just installed. It is launched from a .bat file. When I go to Containment then Auto-Containment, then Manage Contained Program there is no way to ‘Edit’ and ‘Browse’ to a .bat file. Only .exe, .dll, .ocx. No “.bat”. So, I can’t make an exception for this file.
Contents of the .bat file are as follows: @echo off
echo “Starting OpenPLC Editor…”
cd “OpenPLC Editor”
if exist .\new_editor\ (
rmdir /s /q .\editor
move .\new_editor .\editor
)
start “” “.\python\pythonw.exe” “.\editor\Beremiz.py”
I was able to add the .bat file to exceptions. The program still ran contained.
I added several more things to ‘exceptions’, but still no luck. Here are my exceptions and rules “Containment problem 3.png”. Also, I looked in contained processes as the program launched, “contained processes.png”.
Comodo confines ALL unknown files
In your image response you have unknown files
OpenPLC Editor.bat
Beremiz.py
When an UNKNOWN file is executed in the sandbox the PIDs (processes) are also confined
In your case, the files must be “Approved” in order to avoid containing it
On the other hand, as a reminder, you must reset the sandbox before renewing the operation on your .bat file or others
“the files must be “Approved” in order to avoid containing it”
So, being an exception is not sufficient to avoid containment. I found that I can make a file ‘trusted’ (same thing as Approved I think) if it appears in the contained apps list. I just right click it and select Add to Trusted Files. This worked to get the “Beremiz.py” file trusted. But, “OpenPLC Editor.bat” only appeared in the list briefly. Not enough time to right click it. Fortunately I can change the behavior of a .bat file. I added “pause” at the last line of it. Now, it appeared in the contained apps list and stayed there. So, I right clicked it and selected Add to Trusted Files.
Problem solved. See “adding pause to bat file.png”.
I suppose there is some other way to make a file trusted, but I could not find it.
Through this help request we demonstrate Comodo’s ability to block an unknown command in order to protect the PC
The inter-process behavioral analysis is an undeniable advantage of Comodo CIS against Ransomware and other indelicates
Looking forward to the next version…