There are continuous HIPS blockings of C:\Program Files\COMODO\COMODO Internet Security\cis.exe which is trying to modify [b]C:\ProgramData\Comodo\Cis\cmc2\local_trees[/b] .
In the folder C:\ProgramData\Comodo\Cis\cmc2\local_trees\ there is nothing. It is an empty folder.
Can you please point out that why that blocking is happening and how to stop it?
Information:
updated Windows 7 sp1
cis 8.2.0.4591
Database 22905
Auto sandbox is disabled
HIPS in safe mode
Virusscope is enabled
CIS.exe is part of Comodo internet security group which is defined as allowed application in HIPS rules.
Thank you for the reply. I checked as per your instruction. In protected objects there is Comodo files/folders . That group includes C:\programdata\comodo*| . I have never altered anything there and believe it is there as it was placed by the software.
I have found something new on the issue. There are two different Cis.exe is running in the system. One is started by cistray and other is by taskgen. See the attachment please. Can this be the issue that is causing the the blocking. Even if it is not, is another cis.exe under taskgen.exe normal? I have found this with killswitch.
Yep and those that are rated as trusted are running in the sandbox as Limited restriction, notice taskeng.exe which spawns cis.exe process is running with Limited restriction level which causes all child process to be ran with limited access rights as well and taskhost.exe is also trusted but is running as Partially Limited.
Thank you captainsticks, Sanya IV Litvyak and futuretech for replying.
Yep and those that are rated as trusted are running in the sandbox as Limited restriction, notice taskeng.exe which spawns cis.exe process is running with Limited restriction level which causes all child process to be ran with limited access rights as well and taskhost.exe is also trusted but is running as Partially Limited.
After you pointed this I have visited the hips rules section and found these-
cavscan.exe is listed inside “windows system applications” group whose permission category is “windows system application”
cmdinstall.exe is listed inside “windows updater applications” group whose permission category is “installer or updater”
Except those two other CIS things are listed in “comodo internet security group” whose permission category is "allowed application.
Does everything here seem ok?
One thing I forgot to mention that before this cis blocking cis issue I got more than 5 comodo center messages about various offers within couple of minutes, which I clicked on and relevant pages opened in browser.
The HIPS rules is not the problem, its the fact that cis is being sandboxed as limited because taskeng.exe is also sandboxed as limited and therefore every process that taskeng executes will have the same restriction level.
Meanwhile the issue got auto solved. No more CIS blocking CIS. I can not confirm how it got solved. Anyways, Thanks to comodo forum members who cared to ■■■■■ the issue.