A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?:
Yes, every time.
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Start Google Chrome. Just that.
2: If loading any page, further alerts may appear, as Chrome may load or reload additional add-ons (see below).
One or two sentences explaining what actually happened:
First, one “potential security breach” alert as soon as Chrome is loaded - it tries to contact google.com and CIS decides that’s suspicious… Then several successive alerts that "unrecognized application C_cmd.exe_XXXXXXX.bat [where XXXXXXX is a long random hex string] is trying to access conhost.exe". Such batch files are located in one of CIS’ own folders (C:\ProgramData\Comodo\Cis\tempscrpt) and each corresponds to a loaded Chrome add-on (verified by editing and viewing the batch files).
One or two sentences explaining what you expected to happen:
I expected nothing to happen and to be able to surf the Web normally without any hassle.
If a software compatibility problem have you tried the advice to make programs work with CIS?:
None found for Google Chrome. CIS 10 is brand-new as of today, and I don’t think such advice even exists at this point.
Any software except CIS/OS involved? If so - name, & exact version:
Google Chrome 55.0.2883.87m (64-bit)
Any other information, eg your guess at the cause, how you tried to fix it etc:
As for the “potential security breach” alert, I tried to whitelist google.com, as explained at Comodo Internet Security Essentials - Understanding Alerts, Trusted Root Certificates, but it didn’t work. I tried all combinations of settings, including www.google.com, just google.com and *.google.com (asterisk wildcard, which I don’t know if it’s supported), as well as “Action” and “Status” (very ambiguous and unclear UI design there). Nothing worked, the alert still popped up the next time I opened Chrome.
I also tried disabling Web filtering, but that didn’t work either - the error still occurred when I loaded Chrome next time. I understand that this error is supposed to happen when an untrusted SSL certificate is found, but I find it very unlikely that Chrome (which is made by Google and everybody knows that it connects to Google all the time) received and accepted an invalid Google certificate - but it could conceivably use some non-standard protocol to “phone home”.
As for the “unrecognized app” error, I tried whitelisting “C:\ProgramData\Comodo\Cis\tempscrpt\C_Cmd*.bat” as “allowed applications”, but the only way I could stop the error from happening was disabling HIPS altogether - which I didn’t want to do. I also find it odd (not to mention embarrassing!) that CIS 10 considers a batch file generated by itself “unrecognized”…
B. YOUR SETUP
Exact CIS version & configuration:
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
Firewall - Safe Mode
Auto-Sandbox - Disabled
HIPS - Safe Mode when the problem happened (currently disabled so I can surf the Web in peace)
Viruscope - Disabled (I run another AV)
Website filtering - Enabled
Have you made any other changes to the default config? (egs here.):
Only whitelisting apps (too many alerts with Windows system modules, which should be the subject of a separate bug report).
Have you updated (without uninstall) from CIS 5, 6 or 7?:
No, but I did upgrade from CIS 8.
[b]if so, have you tried a a a clean reinstall - if not please do?[/b]: Is it worth the hassle for a case like this? Judging from the kind of problem, I find it very unlikely that this would be solved by a clean reinstall.
Have you imported a config from a previous version of CIS:
Not myself, but I suppose it must have done that when upgrading from CIS 8. My configuration was pretty much standard, though. I didn’t fiddle much with it.
[b]if so, have you tried a standard config - if not please do[/b]: See above.
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 10 Pro Anniversary Edition (build 14393.576) 64-bit, all Windows Updates current, standard UAC settings, admin account, no VM.
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a= Kaspersky Anti-Virus 22.214.171.1241c
b= Windows was cleanly installed from a non-OEM, original Microsoft ISO, so no bundled software. No other firewall, antivirus or such was ever installed.
C. ATTACH REQUIRED FILES
Diagnostics report attached. KillSwitch report not attached because I could not find how to generate it in CIS 10 - “Watch Activity” seems to no longer exist. HIPS Events log attached instead.
It is now less than an hour after my original posting. The “unrecognized app” error just happened, when I loaded a YouTube video, so I thought I’d post a capture. Please see it attached as a GIF image. Notice, however, that this time the error is because of Chrome trying to access the batch file, which is unusual - normally it’s the batch routine trying to access conhost.exe.
The batch file in question loads the EagleGet Monitor plug-in, but as I write now there are 30 “C_cmd.exe_*.bat” files in the “C:\ProgramData\Comodo\Cis\tempscrpt” folder. Most of them load EagleGet Monitor, but there are also some for Adobe Flash and for Kaspersky’s protection module. EagleGet is a download manager, but it also has a function for downloading Web videos such as YouTube’s.
I’ll try to whitelist EagleGet Monitor in CIS to see what happens.