CIS 10 container and MineCraft x64 BSOD and unable to whitelist.[M2220]

Hello

Really boring with CIS 10 !!! Always BSOD with Minecraft x64 when sanboxed and unable to whitelist it whatever I do in container configuration…
I would add that it is the same with Brother control center 4 (BrCcBoot.exe) which is systematicaly blocked even if I choose to unblock it…

Very disposanted whis this release 10 !!!

Can you provide the memory dump from the BSOD? Also provide containment event logs from view logs task.

Hello,

Here is my dump. I restored a previous image so I cannot send you comodo logs, but as far as I remember, after BSOD occured, I did not noticed any informations about that on comodo events log.

Regards

Hi Philarmor22,

Thanks for providing the dump. We started investigation on it.
Can you also please provide the Diagnostic Report.
Thanks in advance.

Kind Regards,
PremJK

Ok,
Can you explain how can I provide you such a diagnostic report ?
Did not see anything like that on comodo UI…

Regards

Open the main UI and look for a ? icon then go to support > diagnostic and save the report then attach it to your post.

The diagnostic did not detect any problems. Here is the report.

Regards

Hello Philarmor22,

Thank you so much for the report. We will get back to you if any other info is needed.

Kind Regards,
PremJK

Hello Philarmor22,

Please check your Inbox and report us back.
Thanks in advance.

Kind Regards,
PremJK

Hello,
Sorry for being late, I have to sort out the situation when upgrading to ESET NOD32 A/V 10. This is done by disabling Comodo HIPS.

I tried the workarroung proposded but unfortunately I can say that the new sys file did not solved the problem…
Minecraft64.bat did load (but very slowly), the game seemed to play well but BSOD occured when quitting the game !

My configuration : windows 10 64bit -last release, Comodo PFW last release with Proactive Security, HIPS OFF, SandBox just enabled for the test (I tried to exclude the bat file from HIPS disabling embedded… But with no result), it is impossible to prevent the bat file to be sandboxed)…

So, no evolution from my side.

My A/V is NOD32 10 with HIPS enabled. But, a priori, only Comodo is involved because vhen deactivating autosandbosing, no problem at all…

Regards

Hello,

I was thinking about the procedure you asked me to follow, e.g. repalce C:\windows\system32\drivers\cmdguard.sys by the one provided in link in your mail… Why is it possible to rename cmdguard.sys en put another cmdguard.sys without any security alert or even block action, from comodo personal firewall ? I’m a bit disturbed by the fact it is so easy to modify or replace such a driver and by the way corrupt or bypass comodo ?

To my mind, it’s a security hole and if I’m right, really it is a big one…
Waiting for a little more explanation…

Anyway thank you for support.

Regards

Hi Philarmor22,

Why is it possible to rename cmdguard.sys en put another cmdguard.sys without any security alert or even block action, from comodo personal firewall ? I'm a bit disturbed by the fact it is so easy to modify or replace such a driver and by the way corrupt or bypass comodo ?

You are able to rename the driver cmdguard.sys because you are doing it in explorer.exe which is trusted but malware activity cannot do that.

Could you please provide the dump again after following the procedure as requested.
Thanks in advance.

Kind Regards,
PremJK

Please check issue with 10.0.1.6246

Please check with 10.0.1.6254 thanks.

Please check with Comodo Internet Security v10.0.1.6294 thank you.

Hello,
Yes, I will check once updated.

Regards

Currently 6258, 6294 still not proposed as upgrade for french customers… Waiting and test after…

Regards

Should be fixed with 10.0.2.6396 moving to resolved.

Thank you,

Will test when update available.

Regards