CIS sandboxing legitimate software [Issue Report]

This has been driving me crazy for several months now: Comodo Internet Security sandboxing legitimate software.

The bug/issue

  1. What you did: run different pieces of software, like X-Lite, WebSite-Watcher, CDBurnerXP, Hauppauge WinTV or docsvw32.exe (Directory Opus)
  2. What actually happened or you actually saw: either a Defense+ alert box saying this piece of software was not recognized and requires unlimited access to the computer or just seeing that CIS automatically sandboxed the file and added it to the unknown file list, with an option link to add it back to the trusted file list.
  3. What you expected to happen or see: let these files run, since they are legitimate files and they already ran on the computer before.
  4. How you tried to fix it & what happened:
    If I click on the option link to add the file back to the trusted file list, this might give this piece of software the rights to run for a while (provided I start it over again). The next day, it might sandbox it again.
    If I try you one of these workarounds:
  • “always trust this file or installer”
  • put the file manually in the trusted files list or in the security strategy list
  • disable sandboxing
    None of these workarounds solved the problem.
  1. If it’s an application compatibility problem have you tried the application fixes here?: -
  2. Details & exact version of any application (execpt CIS) involved with download link: any version
  3. Whether you can make the problem happen again, and if so exact steps to make it happen: this depends on CIS, but it’s very frequent for the software I mentioned before.
  4. Any other information (eg your guess regarding the cause, with reasons): -

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug: the two alert boxes

http://img821.imageshack.us/img821/5153/imagedupressepapiers.png

http://img135.imageshack.us/img135/1544/imagedupressepapiers2.png

  1. Screenshots of related CIS event logs and the Defense+ Active Processes List: the same alert boxes
  2. A CIS config report or file: My configuration file
  3. Crash or freeze dump file: N/A

Your set-up

  1. CIS version, AV database version & configuration used: 5.4.189822.1355
  2. a) Have you updated (without uninstall) from CIS 3 or 4: no
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
  3. a) Have you imported a config from a previous version of CIS: no
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): no
  5. Defense+, Sandbox, Firewall & AV security levels: D+= secure, Sandbox= yes, Firewall = personalized, AV = not installed
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows 7 64-bit, service pack 1, UAC
  7. Other security and utility software installed: Avast antivirus
  8. Virtual machine used (Please do NOT use Virtual box): no

[attachment deleted by admin]

Thank you for your Issue report.

Moved to verified.

Thank you

Dennis

As an answer to my bug report, I received the following personal message on the forum from siketa. In my opinion, this message should have been posted as a reply in this thread; this is the reason why I am publishing it here.

Applications that you named have no digital signature. Each new version has new executable hash value. You need to manually submit them in "Submit Applications Here To Be Whitelisted - 2011" topic. After procedure is done, Comodo will put them in whitelist (but only current version). This is going to continue till those vendors pay for their certificate and become members of Trusted Vendors List. Then, each new version will be recognized as safe/trusted and you will see no pop-ups from Defense+.

Sorry, siketa, but you are not entirely right.
WebSite-Watcher and its executables are digitally signed by Aignesberger Software GmbH and counter-signed by VeriSign Time Stamping Services Signer - G2.
The other pieces of software I mentioned have no digital signature, indeed.
One problem from what you said is that you are trying to make software vendors pay you so that their software is recognized by Comodo CIS as legitimate, while they are legitimate regardless.
The other problem is I have to manually white list WebSite-Watcher every day in Comodo CIS! This is still a bug in CIS.

In the meantime, I had to deactivate CIS Defense+. Is there an option in Comodo CIS to bypass or to deactivate this digital signature verification? It’s a paradox that I had to deactivate Defense+ to let my computer run properly!

The bug reporting forum is not a discussion forum. If you wish to discuss your issue, please post in one of the help forums.