Blocked by HIPS (Where are the details?)

Hello and thank you for taking the time to read this post. I’m looking for a way to learn more about why a particular program and/or its access was blocked by HIPS. There is a particular application that is giving a log in the Blocked Applications list and says it is blocked by HIPS, but I can’t figure out specifics as to what triggered the block. Is there a way to find this information?

EDIT: I’ve found the Event Logs that provide what type of action was blocked. If anyone knows of a method of extracting more detailed information than this, It would be much appreciated.

Thank you for your time and consideration.

I’m also confused about all those things that COMODO team think we should not know. CIS gives too little info. For example I have a lot of apps automatically marked as unrecognized or blocked, even COMODO’s own files get into those lists, a lot of licensed software is also among unrecognized. And I don’t even know what that means for the app to be unrecognized, what are the limitations. And I can’t find info on that.

It means the author of the program is not in the trusted vendors list.

In HIPS setting do you have “do not show popup alert: block all requests” turned on?
In the General Setting>Logging, did you also enable Write to Windows event log? If you do that do you get better alerts?

It is in Trusted. Comodo is a trusted vendor, Microsoft too, but their files are unrecognized sometimes though there are vendor signatures.


We are working on the Unrecognize issue and you can expect fix in upcoming release.
Meanwhile, you can try this CIS - BETA and provide feedback.

Kind Regards,

Can you look at my question about blocking apps from reading files? I’m confused about containing apps

Hi UKSecurity,

Files and folders that are added to ‘Protected Data folders’ are totally hidden to contained programs. If you want to totally conceal a data file from all the contained programs but allow read/write access by other known/trusted programs, then add it to ‘Protected Data Folders’.

For more understanding, please refer the help guide from here.

Kind Regards,

I know how to add files to protected data. But when you add an app to containment list, there are two containment options - “Run virtually” and “Run restricted”. Which one should I use to block access to protected data but allow update activity online? Can you point me directly to the info that answers this question? Because when I read comodo help, it gives some very simple basic info but does not dig to details and for me it just creates more questions than answers.
Another question, unrecognized apps. Does it mean these apps are blocked from reading protected data? Are they blocked even from reading protected folders/files? Why unrecognized apps sometimes have orange question mark, sometimes grey?