Clicking widget opens CIS incorrectly when Catalyst HV/MD running [M1404]

[b]Correctly formatted report: https://forums.comodo.com/bug-reports-cis/clicking-widget-opens-cis-incorrectly-when-catalyst-hvmd-running-m1404-t108114.0.html;msg787840#msg787840[/b]

1: CIS version:
8 - all versions and 7.0.3
Current version is 8.0.0.4337 Beta

2: OS version:
Windows 8.1 64-bit

3: What you did:
Selected “Secure” bar on Widget to open Comodo Internet Security console.

4: What you actually saw:

1. Comodo Internet Security console opened in the upper left corner of a white window.
2. When I minimized the console I could not reopen it by selecting the CIS task bar icon.
3. Hovering the cursor over the CIS task bar icon made the Widget vanish from the desktop, but it reappeared when I
   moved the cursor off of the CIS task bar icon.

5: What you expected to happen or see:
For CIS console to open as designed; to open centered on top of my system’s regular desktop.

6: If possible attach a screenshot illustrating the GUI problem
Attached.

NOTE: This issue has occurred at least 50 % of the time when AMD/ATI Catalyst Control Center is installed and HydraVision Desktop Manager and/or MultiDesktop is/are activated. If, after the issue occurs, it cannot be fixed by terminating either CIS and AMD Catalyst Control Center - or both - and then rebooting system.

There are multiple conflicts between AMD/ATI Catalyst Control Center, its various modules, and both CIS 7 and 8.

[attachment deleted by admin]

Hi Hlbx

Please could you first try adding Catalyst’s clistart.bat as an ignored application for the autosandbox and as a trusted file. And then rebooting.

One problem with catalyst is that CLIstart starts very early in the boot process, and so can get sandboxed without notification or logging. If you are running HIPS you may needs to make it an installer updater as well.

If that does not solve it unfortunately CIS 8337 is not a Beta, so I will need a report in the standard format if you don’t mind.

The standard format is here:Comodo Forum

Please append your full active process or killswitch process list.

Kind regards

Mouse

Thanks, mouse1

With file submission working reliably perhaps AMD/ATI Catalyst Control Center and its components will get whitelisted at some point in the future.

The problem I experienced was that during boot CIS added various components to the Unrecognized File list and, more importantly, they weren’t allowed to run - not even in the sandbox. Since CCC and its various components control both the video and power settings drivers it eventually caused an unbootable system (“Black Screen.”)

In any case, before I proceed further I have the following questions:

Would it not be better to add the entire folder contents of the various CCC components to both the Trusted File list and the sandbox exclude list? Would this not be a better option to ensure system operation/stability?

This means that I must deactivate automatic start-up for CCC boot-up, install CIS, reboot, add the CCC files to the Trusted Files list and excluded sandbox list, reactivate CCC start at boot-up, and then reboot. Sound correct?

Also, adding CCC to the sandbox exclusion list would be to prevent problems should an Unrecognized File accessed it - and then CIS would auto-sandbox it along with the Unrecognized File?

Thanks.

Hmm problem sounds more extensive than it used to be.

Did you have ‘Block all unknown requests until the application has started’ on?

Did you have ‘advanced protection mode’ on?

(Both in HIPS settings, which have an effect even if HIPS is off)

Sorry about this problem - I think this should be addressed so would you mind making a bug report in standard format please?

(About CIS blocking unrecognised files which causes this problem?)

Did you have ‘Block all unknown requests until the application has started’ on? - No

Did you have ‘advanced protection mode’ on? - Yes

Would it not be better to add the entire folder contents of the various CCC components to both the Trusted File list and the sandbox exclude list? Would this not be a better option to ensure system operation/stability?

In other words, CCC and its modules need to run unfettered. In CIS 7 I was allowing it to be sandboxed as Untrusted - and didn’t know at that time that it was operating with severe restrictions.

Also, adding CCC to the sandbox exclusion list would be to prevent problems should an Unrecognized File accessed it - and then CIS would auto-sandbox it along with the Unrecognized File?

I already have multiple bug reports that i am working on, and at this point, I can’t take any more on.

I am working with a single laptop system - so inducing BSODs, gathering dump files, etc isn’t practical for me.

A less dramatic alternative would be to dump CIS.exe when this is happening using a right click on the processes in Killswitch (both instances if there are two).

I realise this all takes time, but unfortunately normally QA will not process issues relating to hangs without dumps as they are normally impossible to replicate, and without replication cannot be diagnosed.

Many thanks in anticipation

Mouse

Hello mouse1,

I am going to re-install CIS 8 in the manner which I have been doing…so others can witness the rigmarole for themselves…

However, there is a simple way to avoid all the issues I have been seeing between CIS 7 & 8 and ATI/AMD Catalyst Control Center, HydraVision, Desktop Manager, etc…

Upon installation of CIS:

1. disable HIPS
2. disable Auto-Sandbox
   2.1 reboot
3. run Rating Scan
4. move all Unknown ATI/AMD modules to Trusted Files
5. reactivate HIPS
6. reactivate Auto-Sandbox

Shouldn’t this prevent Defense+ from detecting ATI/AMD as Unrecognized and then Behavior Blocker from auto-sandboxing?

So, once they are transferred to Trusted Files, is it really necessary to exclude them from running in the sandbox?

It’s all good (:WIN), I’ll get this, as well as the other Bug Reports done over the next week or so…

Thanks,

hjlbx

Thank you very much for bearing with this Hjlbx.

Just to say re your earlier comment that one of the challenges posed by this sort of driver software is that it gets updated frequently so adding to trusted files is only a temporary fix. Combine that with the fact that they often forget to sign some files and the early start problems that make certificate checking difficult and you can see why this is difficult to resolve.

One way round this is to create a permanent path-based exclusion in autosandbox rules, plus individual driver file based exclusions for the system32 and \drivers files. This is not completely secure of course.

Kind regards

Mike

Drivers…truly?

I wouldn’t think there’d ever be a scenario where drivers would run in the sandbox…since they’re loaded so early in boot-up.

Not too sure, but would not a driver be sandboxed if accessed by malware that is running fully virtualized?

And I suppose there are different types of drivers…correct?

Right…

In any case, will be working on the reinstall within next three days.

Best Regards,

hjlbx

Driver can be wrapped as portable executables, normally as pe services…

They can be loaded dynamically. Even unpacked from .exes in real time and inserted dynamically.

Anything is possible in Windows, that’s why it is such nightmare

Hello mouse1,

The Great Work is accomplished.

I reinstalled CIS 8.

As usual, the installation stopped at the Congrats screen, but I was able to proceed with installation. Unfortunately, when I rebooted BB FlashBack did not save the 1st installation video.

In any case, videos 2 and 3 are included. They clearly show problems between ATI/AMD Catalyst Control Center and CIS. I really hope these videos will be thoroughly scrutinized. Note there is no sound, so I must point out that at the required CIS installation reboot, an alert sounded. After restart and the Widget appeared there were processes that had been autosandboxed - they were all Trusted files!

NOTE: Every time I reinstall CIS the specific issues are different, but with both CIS 7 and 8 there has always been issues with CCC.exe and the various modules.

Here’s EVERYTHING!!!: MEGA

NOTE: See additional video zip of reinstallation error at bottom of thread.

As there is confidential information present in the videos and dumps, either a Moderator or someone from Comodo will have to PM me and I’ll provide the Key. Sorry, no way around this.

SystemInfo
Comodo KillSwitch.csv
Defense+ Logs.html
Configuration Change Logs.html
Alerts Logs.html
HydraGrid.exe.dmp
HydraDM.exe.dmp
Grid.exe.dmp
cmdvirth.exe.dmp
cmdagent.exe.dmp
CisTray.exe.dmp
cis.exe.dmp
CCC.exe.dmp
svchost.exe.dmp (3 instances)
CisReport_x64…zip
CISconfiguration.cfgx

As the issues are different in the specifics each time I re-install CIS, I cannot keep doing the uninstall/reinstall routine and then the rigmarole of gathering all the needed info.

Let’s just wait and see if this sheds any light on the various issues. If QA or Developers need further info then I’ll do my best at that time.

The only other thing I can do is to ship my laptop to Comodo - which I’m willing to do. (:WIN)

Best Regards,

hjlbx

[attachment deleted by admin]

Do you want me to further process your bug report? Please use the required format.

I’m assuming a driver conflict at first sight. A normal dump procedure might not be ideal.

Hello qmarius,

Yes…I’ll reformat the Bug Report

Thanks,

hjlbx

A. CIS 8.0.4344 Installation and Start Up BUGS/ISSUES

Can U reproduce the problem & if so how reliably?:
Occasionally. I can not reproduce each at will, but they occur frequently enough to negatively impact user’s experience.

If U can, exact steps to reproduce. If not, exactly what U did & what happened:
1: Clean install CIS 8.0.4344
2: Activate HydraVision and Desktop Manager in AMD Catalyst Control Center
3: Select bar on Widget to open CIS Console
4: CIS console opens in upper left corner of screen with white background
5: When minimize CIS console and then move cursor over top of CIS Task Bar icon, the Widget disappears.
6: If move cursor off of CIS Task Bar icon, the Widget reappears.

One or two sentences explaining what actually happened:
AMD/ATI Catalyst Control Center, HydraVision, Desktop Manager - CIS 8 conflict. CIS 8 console and Widget graphical malfunction.

One or two sentences explaining what you expected to happen:
Upon installation for CIS 8 console and Widget to work as intended without conflict/graphical malfunction upon activating AMD/ATI Catalyst Control Center components.

If a software compatibility problem have you tried the advice to make programs work with CIS?
Yes.

Any software except CIS/OS involved? If so - name, & exact version:
AMD/ATI Catalyst Control Center - versions 13.35 thru 14.12
AMD/ATI HydraVision - any version
AMD/ATI Desktop Manager - any version
AMD/ATI MultiDesktop - any version

Any other information, eg your guess at the cause, how U tried to fix it etc:
Not at this time.

B. YOUR SETUP
Exact CIS version & configuration:
CIS 8.0.4344, Proactive Security configuration

Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
All

Have U made any other changes to the default config? (egs here.):
AV: Scan computer memory after the computer starts
Defense+: Enhanced Protection mode (AMD x86-64)
Firewall: Stealth Ports (Block All Incoming Connections), Filter IPv6 Traffic, Block Fragmented Traffic, Do Protocol Analysis,
Enable Anti-ARP Spoofing

Have U updated (without uninstall) from CIS 5 or CIS6?:
No
if so, have U tried a a a clean reinstall - if not please do?:
Not Applicable; clean installation

Have U imported a config from a previous version of CIS:
No
if so, have U tried a standard config - if not please do:
Identical results by selecting Proactive Security with no additional changes to that configuration

OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
(Restored/Refreshed) Windows 8.1 x64, UAC - Alert Me When Making Changes to System, Administrator, No VM used

Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a= Windows Firewall deactivated b= Windows Defender deactivated

[attachment deleted by admin]

Just to be clear,

1. After you run a rating scan, does the issue persist?
2. If possible, could you please try to uninstall your graphics drivers and recheck for any similar behavior?

Thank you.

Hello qmarius,

Also, I’ve had to uninstall CIS 8 from my system for the time being.

[b]If you watch the videos you will see that on my system, upon the installation reboot there were some processes that were auto-sandboxed…

cmdvirth.exe
svchost.exe
svchost.exe
svchost.exe

Someone has to take the time to watch the videos carefully…it’s all there…[/b]

I created full dumps of all these and they are included in the zip file that you downloaded from Mega.co.nz

If you look at all the Bug Reports I’ve submitted I’ve had a lot of issues with both CIS 7 and 8…

Thanks,

hjlbx

If possible, could you please re-encode your video? The format that you’re using is not common.

Thank you.