Comodo 7 home screen problems/questions

Please see screenshot.

When I click on the underscored “1” next to ‘Detected threats’, all I get is a blank report display with no info about any kind of threat detected. Why no info?

The number of “Blocked Intrusions” continues to escalate. When I click on the underscored number next to “Blocked Intrusions”, I see a huge list of blocked hooks. These ARE NOT intrusions. In fact, I would like to allow all of them but there doesn’t appear to be any way to do so from this screen. Any idea on how to fix this problem?

[attachment deleted by admin]

So no one can offer any help on this? Am I the only person experiencing this problem with the new Comodo release? If so, what am I doing wrong?

I am up to 500k entries now! Whew…

By default the logs only show things that has happened within a certain time frame, I can’t remember exactly what that time frame is but you can click the arrow near the bottom of the log window and click Entire Period this should show all entries since CIS was installed or since the last time you cleared the logs (or logs were cleared automatically due to too big size)

It’s probably either a) HIPS rule for CIS processes states that it is not allowed to do the action it tries to do or b) a rule for winroll.dll that states no processes are allowed to use hooks in it. I’m not sure what “hooks” is in regards to HIPS rules, I think it’s Windows/WinEvent Hooks

Solution (MAYBE):

[ol]- Go to HIPS Rules

  • Click edit on COMODO Internet Security entry
  • Make sure Windows/WinEvent Hooks is set to Allow and Exclusions for it says Modify (0/0)
  • Click OK
  • Find the rule for winroll.dll and edit it
  • Instead of Access Rights go to Protection Settings
  • Make sure Windows/WinEvent Hooks is set to Inactive or add cis.exe to the exclusions (click modify and add cis.exe to the allowed tab)[/ol]

If the above looks correct then I’m not sure, you could upload your configuration and I’ll take a look at your HIPS rules.

Weird stuff…

I had turned off the Auto-Sandbox functionality a few days ago, Apparently, this change does not take effect until you reboot and restart Comodo. Once I did this tonight, the steady increase in Blocked Intrusions stopped happening and now sits at zero. SO the nearly 600k “blocked intrusions” stopped when the sandblock was disabled. Huh?

Well anyway, Comodo should issue a screen msg that a restart is necessary when options are changed.

Thanks.

When disabling BB (auto-sandbox) it will disable it immediately in the way that nothing new will be sandboxed, however anything that was already in the sandbox will still be in the sandbox until you restart the application.

Probably you already had something in the sandbox and after that you disabled BB however that program was still in the sandbox, when you rebooted the application was of course closed and upon boot it was started normally outside of the sandbox since BB was off.

Does that make sense? I feel like I’m struggling with words today but hopefully you can understand me.

Anyway, if you want to get rid of the 600k number you can clear the logs, this will reset the count to 0 but will of course remove all log entries which might not always be desired.

Yes, I understand.

I think it is poor design though. If I turn something off, then the program should clear all the past, such as items in a sandbox that is no longer active. Make sense?

Hi iamme99,
I am not sure if you are saying the sandbox or the logs should clear automatically.
Note: The sandbox is not only used for BB auto sandboxing, but also for running virtualized programs.
You would not want the logs or the sandbox to clear automatically without the users knowledge.
Both the logs and the sandbox could be holding vital information or data, these should only be cleared with user input.

Kind regards.