COM Interface Bug

Hi all, i have been using cis 3 for a while now and just recently upgraded to cis 5 but the behaviour of d+ is a bit different for the COM interfaces to cis 3, for example say I get a d+ alert, explorer whats to access the COM
interfaces but it’s for svchost or any other process which are not in the protected COM interfaces how is that possible. Has something changed in the behaviour d+ in cis 5. I am running in paranoid mode, firewall custom policy on vista sp2 and no other protection.

hey and warm welcome to comodo forums!

I suggest you reinstall CIS by uninstalling the current CUS, running CIS clean up tool as admin in safe mode and then installing CIS 5

CIS 3 and CIS 5 are so different from each other.

Valentin N

I’ve done what you said valentin but still got the same behaviour as stated, even from a clean image of vista sp2 on a real pc and virtual pc, seems like a bug to me.

What configuration are you running? How is D+ set; to Safe Mode or to Paranoid Mode? Do you have sandbox enabled? Did you make changes to the default settings of your configuration? If so, which ones?

Can you post a screenshot of the D+ logs? They are in View Defense + Alerts.

Hi Eric, I am running D+ in paranoid mode with create rules for safe applications checked the rest are unchecked, Image excution control enabled with only shellcode injection checked. sandboxed disabled and firewall in custom policy mode and no anti virus installed.I just upgraded to cis 5 a couple a days ago so I’m Suprised nobody picked up on this bug. I have tested on both vista and windows 7 clean images with the same results. Attached is a screenshot as requested.

[attachment deleted by admin]

There is a couple of more bugs I found, one is with process termination and the other is services.exe can not hold it’s custom policy keeps reverting back to default settings.
Well i’ve gone back to cis 3 now as cis 5 was to buggy to run in paranoid mode, I know most users run in default config but at least it should have been tested in paranoid mode, after all it is a HIPS program.