A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
Can U reproduce the problem & if so how reliably?:
On my system 100% reliably
If U can, exact steps to reproduce. If not, exactly what U did & what happened:
[li]Only enable HIPS (disable BB)
Go to Leaktest | PCFlank and download the leaktest (it will be detected as an unwanted application so add it to AV exclusions.
Run the leaktest and follow the instructions, at a certain point HIPS will alert that the leaktest is trying to access the protected COM Interface C:\Program Files (x86)\Internet Explorer\iexplore.exe (note, don’t click “remember my answer” for any of the alerts, we don’t want the file in HIPS rules list!!)
Create a new COM group called for example Browsers where you add C:\Program Files (x86)\Internet Explorer\iexplore.exe
Go to HIPS rules and edit All Applications then make sure Protected COM Interfaces is set to Ask and then click Modify then switch to Blocked COM Interfaces tab and add the group Browsers
Click OK on all windows
Run the leaktest again, notice that it STILL ASKS FOR COM INTERFACE THAT WE SPECIFIED TO BE BLOCKED, i.e DON’T EVEN ASK!!
Go back to HIPS rules for All Applications and go back to Blocked COM Interfaces tab and this time add C:\Program Files (x86)\Internet Explorer\iexplore.exe directly (no groups)
Click OK on all windows
Run the leaktest and this time notice that it doesn’t ask you for protected COM interface access!!!
[/li]
If not obvious, what U expected to happen:
I expected a COM group to work in the Blocked COM Interfaces tab for HIPS objects, yet it doesn’t work.
If a software compatibility problem have U tried the conflict FAQ?:
N/A
Any software except CIS/OS involved? If so - name, & exact version: Leaktest | PCFlank
Have U made any other changes to the default config? (egs here.):
Yes, config file is attached.
Have U updated (without uninstall) from CIS 5 or CIS6?:
No
[li]if so, have U tried a a clean reinstall - if not please do?:
N/A
[/li]- Have U imported a config from a previous version of CIS:
Yes
[li]if so, have U tried a standard config - if not please do:
Yes and no difference
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 8.1 update 1 64bit; UAC enabled; Administrator account; No VM used.
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=Zemana AntiLogger Free b=None
[/ol]
Thank you for reporting this issue. I will forward this to the devs. However, I first need one more piece of information.
You left blank the section which asks for any antimalware software which used to be installed, but is now removed. Although it is very unlikely that this could affect the results you achieved, it’s still probably a good idea to make sure it is filled in completely. Was that meant to be labeled none? If not, please list all which used to be installed, but are now removed.
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.
The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.
If you are able please check with the newest version (CIS version 8.0.0.4337) and let me know if this is fixed on your computer with that version.
The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.
If you are able please check with the newest version (CIS version 8.1.0.4426) and let me know if this is fixed on your computer with that version.
Bug not fixed in 8.2.0.4508 however due to some changes (or bugs) methodology has changed.
Previously I tested this by blocking access to C:\Program Files (x86)\Internet Explorer\iexplore.exe for the “All Applications” rule, either as a stand-alone COM Class (worked) or as part of a COM Group (Didn’t work) as described in my original post, however it seems that Comodo has now opted to block COM Class access to C:\Program Files (x86)\Internet Explorer\iexplore.exe for all applications no matter if there is a rule to or not (I deleted all COM Groups which had the path in them as well as deleted all COM classes from “All Applications” yet it was still blocked…) or it is a bug, perhaps corrupted config file where the rule is stuck even if I remove it? Either way the test changed from trying to block access (since CIS would allow by default) to allowing access (since CIS will now block by default) and this is the result:
[ol]- Created COM Group Browsers
Added COM Class C:\Program Files (x86)\Internet Explorer\iexplore.exe
Went to the edit window of the HIPS rule All Applications
Went to Protected COM Groups exclusions (allowed exclusions)
Added the COM Group Browsers to the Allowed exclusions
Ran the leaktest and it was blocked (passed) (Remember that we wanted to allow it!!!)[/ol]
[ol]- Went back to Protected COM Groups exclusions for All Applications
Removed the COM Group Browsers
Added the COM Class C:\Program Files (x86)\Internet Explorer\iexplore.exe
Ran the leaktest and CIS didn’t block it (Failed) (Remember that we wanted to allow it, so it worked!!!)[/ol]
Conclusion: Normal file paths added as COM Classes in COM Groups does not work, however if one goes directly into a rule and adds it as a COM Class outside of a COM Group then it works.
This is an interesting bug and I can confirm that this is not fixed in 8.2.0.4703. However if I create the COM group Browser with *iexplore.exe then pcflank will report a pass and no alert is displayed but if the COM group contains the full file path to internet explorer, then CIS will generate an alert.