CIS blocked by CIS from modifying an inexisting item

Comodo Internet Security - CIS Defense+ / Sandbox Help - CIS
1

There are continuous HIPS blockings of C:\Program Files\COMODO\COMODO Internet Security\cis.exe which is trying to modify [b]C:\ProgramData\Comodo\Cis\cmc2\local_trees[/b] .

In the folder C:\ProgramData\Comodo\Cis\cmc2\local_trees\ there is nothing. It is an empty folder.

Can you please point out that why that blocking is happening and how to stop it?

Information:

updated Windows 7 sp1
cis 8.2.0.4591
Database 22905
Auto sandbox is disabled
HIPS in safe mode
Virusscope is enabled
CIS.exe is part of Comodo internet security group which is defined as allowed application in HIPS rules.

[attachment deleted by admin]

2

check for anything listed under blocked files in Defense+ > HIPS > Protected Objects section.

3

Thank you for the reply. I checked as per your instruction. In protected objects there is Comodo files/folders . That group includes C:\programdata\comodo*| . I have never altered anything there and believe it is there as it was placed by the software.

What should be done to that?

P.S: The target folder is empty.

4

Next to protected files is a tab called Blocked files see screenshot. Check to see if anything is listed there.

[attachment deleted by admin]

5

No. there is nothing in blocked things.

6

I have no other suggestions other than to reset the configuration or do a clean re-install.

7

If no one else shed new light on the topic within next couple of days, then i should reinstall. Thank you very much for your time.

8

I have found something new on the issue. There are two different Cis.exe is running in the system. One is started by cistray and other is by taskgen. See the attachment please. Can this be the issue that is causing the the blocking. Even if it is not, is another cis.exe under taskgen.exe normal? I have found this with killswitch.

[attachment deleted by admin]

9

Hi surferby,
Multiple instances of ‘cis.exe’ is normal behaviour.

Kind regards.

10

I noticed that several Comodo executables were marked as Unknown… That’s not normal.

11

Yep and those that are rated as trusted are running in the sandbox as Limited restriction, notice taskeng.exe which spawns cis.exe process is running with Limited restriction level which causes all child process to be ran with limited access rights as well and taskhost.exe is also trusted but is running as Partially Limited.

12

Thank you captainsticks, Sanya IV Litvyak and futuretech for replying.

Yep and those that are rated as trusted are running in the sandbox as Limited restriction, notice taskeng.exe which spawns cis.exe process is running with Limited restriction level which causes all child process to be ran with limited access rights as well and taskhost.exe is also trusted but is running as Partially Limited.

After you pointed this I have visited the hips rules section and found these-

  1. cavscan.exe is listed inside “windows system applications” group whose permission category is “windows system application”

  2. cmdinstall.exe is listed inside “windows updater applications” group whose permission category is “installer or updater”

  3. Except those two other CIS things are listed in “comodo internet security group” whose permission category is "allowed application.

Does everything here seem ok?

One thing I forgot to mention that before this cis blocking cis issue I got more than 5 comodo center messages about various offers within couple of minutes, which I clicked on and relevant pages opened in browser.

[attachment deleted by admin]

13

The HIPS rules is not the problem, its the fact that cis is being sandboxed as limited because taskeng.exe is also sandboxed as limited and therefore every process that taskeng executes will have the same restriction level.

14

Meanwhile the issue got auto solved. No more CIS blocking CIS. I can not confirm how it got solved. Anyways, Thanks to comodo forum members who cared to ■■■■■ the issue.