Bug from CIS 8 still unresolved [M2117]

So I was describing this problem I was having a few months back with CIS 8 after updating it to a newer version ( still 8 ) regarding the HIPS module asking questions even if the .exe had a digital signature that was present on the Trusted Vendors List.

This issue was gone when I started using CIS V10.0.0.5144 Beta, but after installing the latest beta version I had the unpleasant surprise of finding out it still has the same problem. Am I the only one experiencing it?

I will post again a few screenshots in which you’ll see that Hitman.exe and Launcher.exe which are signed by the same vendor - Square Enix LTD, get auto-sandboxed and even after I tell the sandbox they are trusted files, I start getting nagged by HIPS.

This happens for almost all my steam games that have valid digital signatures and it’s getting pretty annoying to go and get them out of the sandbox, unblocking them etc.

The method with making exclusions for the whole steam folder is out of the question. I’ve seen Comodo recognize installers from sourceforge, github etc that had no signature, but had probably been sent to analysis before and now to not recognize signed ones it defeats the whole purpose of having a Trusted Vendor List, Cloud checking, file rating etc.

Right-click on file > Properties > Comodo
Copy & Paste

Here are the results.

Mentioned files appear to be signed by Square Enix LTD which does not exist in TVL.

Try adding the vendor to TVL and remove unknown files from File List. You could submit the vendor for whitelisting. Any change?

This is a new installation of latest CIS beta on a virtual machine. How can you say it’s not on the TVL?

In your screenshot, vendor does not exist.


"vendor": { "name": "Square Enix LTD", "sha1": "338dbb38494be37cb907caae124a137952f1f504", "fls": { "timestamp": "2016-12-15T16:11:43.216Z", [b]"verdict": "Unknown"[/b] }

Which of the screenshots are you referring to?

Also the quote from the file properties states “name”: “Square Enix LTD”. same as the TVL.

Screenshot from Reply #5. It could be the same vendor but you have a different signature as signer name is not the same (even a dot matters, for example). At least, it appears so. Am I misunderstanding?

It’s the same company, just the last two letters are not capitalized. I see this as a issue with Comodo not Square Enix. There are not 2 Square Enix companies in this world.

Please PM with an executable. I will check it.


This is the game launcher which has the signature.

The certificate is valid but vendor name was not verified. It does not exist in TVL like I said.

So you’re telling me Square Enix LTD and Square Enix Ltd are two different entities?

On second thought there seems to be a problem.

CIS says that vendor exists.
Cloud says that vendor does not exist.

I will report it. Thanks.

Phew, finally man. Here is another example with Batman Arkham Knight, which again doesn’t get recognized even if it’s signed by WARNER BROS. ENTERTAINMENT INC. which is on the TVL and this time with the same capitalization.

Thank you

Should be fixed with version <>.

Thank you.

Should be, but it’s not.

Thanks. Did you add vendor to TVL?

While indeed, adding a vendor to the TVL resolves the problem, what purpose would the cloud check and TVL serve in the first place? I have almost 100 games on Steam. If I would have to take the time and add every vendor to TVL why did I install even install Comodo? I reiterate that it defeats the purpose of Comodo and what it has built in the last 8 years I’ve used it. I don’t know what the problem is, but it happened somewhere after CIS, as I was describing in my other thread. Before that everything would get automatically recognized and allowed to run even if did not have a digital signature. I presume everything was getting checked against the cloud.

Now, in this version, even executables signed by vendors that are in the TVL get blocked. I will post the necessary evidence to demonstrate this problem.

P.S.: I wish I could have added the details from the Comodo tab in the file properties but I see it was removed.