blocked intrusion problems

Hello, everyone

I am running Comodo Firewall version 7 on a Windows 7 PC.
Windows & Comodo software are up-to-date.

I am having a problem of my own doing. I made an attempt to run
debug.exe from a command prompt & received an alert from Comodo.

I replied with “Block & Terminate” which I assumed would give me
another opportunity in the future to “Allow” running of debug.exe.

Now, when I try to run debug.exe I get an “access denied” message
which I have not been able to eliminate. The message is contained
in the command prompt window & appears to be coming from Windows,
not Comodo. An Windows elevated command prompt doesn’t help.

Comodo sees this as a “Blocked Intrusion.” The log file shows the
following: Application - C:\Windows\ystem32\cmd.exe
Flags - Create Process
Target- C:\Windows\System32\ntvdm.exe

There is also a “Related Alert” from the original attempt at debug.exe.
Description - cmd.exe is trying to execute ntvdm.exe
Answer - Deny
Flags - Remember

I have added cmd.exe, debug.exe & ntvdm.exe as “Trusted Files”
and added HIPS rules for them, to no avail. Any suggestions on how to
Un-remember my answer so that I can “Allow” debug.exe to run?

Note that other command prompt directives dir, fc, etc., etc. as well
as various batch files work fine - as they had previously.

Thanks in advance for your help.

Did you check Blocked Files list?


Sadly, the “Blocked Files List” is empty.

Thanks for taking the time to lend a “newbie” a helping hand.


Can you show a screenshot of Active HIPS rules?

Had a similar problem found answer here, I had my file as custom ruleset instead of ruleset. hope you get sorted op

Put up the screenshot of Active Hips rules at Advanced Settings > Security Settings > Defense+ Settings > Active HIPS Rules

Thanks EricJH

[attachment deleted by admin]

The HIPS Rules thought occuured to me also. I originally had “Custom ruleset” for debug.exe & ntvdm.exe but have since changed them over to “Allowed Application.” The “Custom Ruleset” for cmd.exe came from Comodo, (as mentioned, I have successfully been using other batch files, various command line entries, etc. - so I’m assuming it is of the correct format.)

Here are screenshots of HIPS Rules & the Custom Ruleset for cmd.exe

As an additional experiment, I temporarily turned off the Firewall & the Sandbox. Still receive the “access denied” message (the message appears inside of the command prompt window, which is why I think this is a Windows7 message.) Has Comodo made a change to the Registry? Just a thought on my part.

Thanks again.

[attachment deleted by admin]

Have you tried allowed application with ruleset, instead of custom ruleset, ticked. Disabling the sandbox allow my program to run and that was how I tracked it down but you have tried that

Someone who knows more than me will be able to help you more. Good luck

I am afraid you are looking in the wrong place, when you check logs you need to check the first mention item ie:-Application - C:\Windows\System32[b]cmd.exe[/b]

In cmd.exe in run a executable there should be a blocked application debug.exe

It is best when using custom rulesets to avoid having the box ticked remember my answer.



Are you suggesting getting rid of the “Custom ruleset” for cmd.exe?

If so, should it be replaced with “Allowed Application” or “Windows System Application?”

I’ve also attached the first & subsequent pages of the “Custom ruleset” for cmd.exe currently in effect, which I failed to properly do on my previous reply.


[attachment deleted by admin]

No you do not have to do that.

In your first screenshot it shows a blocked application with a 1 on the right for Run a executable.

Just click Modify then blocked files and folders then remove the blocked application.

Make sure you click OK on all open screens so that the change is saved.



Good catch. Everything back-to-normal again after deleting ntvdm.exe from the “Blocked Files/Folders” list.

Many thanks for your time and expertise.