I am running Comodo Firewall version 7 on a Windows 7 PC.
Windows & Comodo software are up-to-date.
I am having a problem of my own doing. I made an attempt to run
debug.exe from a command prompt & received an alert from Comodo.
I replied with “Block & Terminate” which I assumed would give me
another opportunity in the future to “Allow” running of debug.exe.
Now, when I try to run debug.exe I get an “access denied” message
which I have not been able to eliminate. The message is contained
in the command prompt window & appears to be coming from Windows,
not Comodo. An Windows elevated command prompt doesn’t help.
Comodo sees this as a “Blocked Intrusion.” The log file shows the
following: Application - C:\Windows\ystem32\cmd.exe
Flags - Create Process
Target- C:\Windows\System32\ntvdm.exe
There is also a “Related Alert” from the original attempt at debug.exe.
Description - cmd.exe is trying to execute ntvdm.exe
Answer - Deny
Flags - Remember
I have added cmd.exe, debug.exe & ntvdm.exe as “Trusted Files”
and added HIPS rules for them, to no avail. Any suggestions on how to
Un-remember my answer so that I can “Allow” debug.exe to run?
Note that other command prompt directives dir, fc, etc., etc. as well
as various batch files work fine - as they had previously.
The HIPS Rules thought occuured to me also. I originally had “Custom ruleset” for debug.exe & ntvdm.exe but have since changed them over to “Allowed Application.” The “Custom Ruleset” for cmd.exe came from Comodo, (as mentioned, I have successfully been using other batch files, various command line entries, etc. - so I’m assuming it is of the correct format.)
Here are screenshots of HIPS Rules & the Custom Ruleset for cmd.exe
As an additional experiment, I temporarily turned off the Firewall & the Sandbox. Still receive the “access denied” message (the message appears inside of the command prompt window, which is why I think this is a Windows7 message.) Has Comodo made a change to the Registry? Just a thought on my part.
Have you tried allowed application with ruleset, instead of custom ruleset, ticked. Disabling the sandbox allow my program to run and that was how I tracked it down but you have tried that
Someone who knows more than me will be able to help you more. Good luck
I am afraid you are looking in the wrong place, when you check logs you need to check the first mention item ie:-Application - C:\Windows\System32[b]cmd.exe[/b]
In cmd.exe in run a executable there should be a blocked application debug.exe
It is best when using custom rulesets to avoid having the box ticked remember my answer.
Are you suggesting getting rid of the “Custom ruleset” for cmd.exe?
If so, should it be replaced with “Allowed Application” or “Windows System Application?”
I’ve also attached the first & subsequent pages of the “Custom ruleset” for cmd.exe currently in effect, which I failed to properly do on my previous reply.