Comodo autocontainment incompatibility with new wsl (windows 10 December update)

2072 · December 17, 2022, 5:36pm

since this update, where wsl is now installed directly from the app store, distro shortcuts that you can find in the start menu or opened through the windows terminal app will fail to work with the following error:

The specified service does not exist as an installed service.
Error code: Wsl/0x80070424

After several hours of my life spent on the problem it appears that Comodo auto-containment is silently triggered and contains the wsl executables when they are launched this way (just typing wsl in a command prompt will fail)

wsl.exe points to reparse points located in the user folder:

L:\Windows7_Users\USERNAME\AppData\Local\Microsoft\WindowsApps

Comodo seems unable to deal properly with reparse points (which are using file system handlers) and follow the execution path and therefore contains the app (without any prompt nor any way to prevent it from being done).
All the wsl components appear to be trusted. I also tried to add the reparse points to the containment ignore rule list but you cannot select them, adding them manually by typing the path has no effect.

way to reproduce:

have Comodo auto-containment enabled
enable the windows subsystem for Linux feature
install wsl from the windows store
install the Debian distro from the windows store
click on the Debian shortcut in the start menu
will fail with the above message.

C.O.M.O.D.O_RT · December 19, 2022, 4:25am

Hi 2072,

Thank you for reporting.
We will check and update you.
Kindly provide the below details for investigation.

CIS version and win Version along with system bit type?
Any software except CIS/OS involved? If so - name, & exact version.
Is there anyother security product installed on your machine?

Thanks
C.O.M.O.D.O RT

Avos · December 20, 2022, 6:37pm

Guys I need your help.
CIS keeps detecting Chrome.exe with HIPS and C_cmd.exe with containment.
How can I fix?
My system is Win 11, CIS 12.2.4.8032

2072 · December 22, 2022, 2:12pm

CIS Internet Security Premium 12.2.2.8012
64 bit OS
Windows 10 21h2 (OS Build 19044.2364)

WSL (wsl.exe --version):

WSL version: 1.0.3.0
Kernel version: 5.15.79.1
WSLg version: 1.0.47
MSRDC version: 1.2.3575
Direct3D version: 1.606.4
DXCore version: 10.0.25131.1002-220531-1700.rs-onecore-base2-hyp
Windows version: 10.0.19044.2364

I disabled the antivirus of CIS and use windows defender instead, I only use CIS for HIPS, Firewall and up until my last pos, auto-containment which I had to disable so I could use WSL.

So to sum up: Auto-containment is normally enabled, CIS HIPS is set to Safe Mode, VirusScope is enabled and website filtering is disabled.

Only Windows 10 Defender

C.O.M.O.D.O_RT · December 23, 2022, 5:09am

Hi 2072,

Thank you for providing the requested information.
We do not recommend customers to use two or more AV simultaneously as it causes compatible issue and more issues.
So, kindly disable the windows defender and use CIS AV & check the issue.
Kindly let us know your feedback.

Thanks
C.O.M.O.D.O RT

2072 · December 30, 2022, 12:51am

Hi,

Just did that and no change, still the same behavior as soon as I turn auto-containment back on.

C.O.M.O.D.O_RT · December 30, 2022, 7:59am

Hi 2072,

Thank you for reporting.
Kindly unblock the blocked application.
Then create Ignore rule for the application/files which is getting auto contained.
Kindly let us know your feedback.

Thanks
C.O.M.O.D.O RT

2072 · December 31, 2022, 4:35pm

It worked! I did not even tried this after reenabling the antivirus as it wasn’t showing in this list nor gave any alert before, this time though it did not create any alert but it did appear in the blocked application list and I could unblock it.

Unblocking the element was enough but note that I still cannot create an ignore rule manually for reparse point: “wsl.exe - The file cannot be accessed by the system”

https://forums.comodo.com/data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAWQAAACLCAYAAABWfuPDAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAzwSURBVHhe7d1PjBtnGcfxZzYcaJQDoLRbTikq2cPa2dBbKSqHRs6Blao21BtVSu7UHNgoLUJwsC1RCZVGCYduOPSARCTUdVRVSNtDTCLBgYIKKl1sHzai20UgshGHPbAtEmnM+868Y49n5/WOvTPZ18n3U43seef/bPLrk9fjd70fvvJyVwAA++7A0994qiZzZ+XV82flROmkPx2TVfnjR9tmFQBAku9Uvit37tyRW7dumZZBX3viCXnu1LflT++/b1qGO/D0S5drr56ZlhsX6vLmO0250VyVQ8+/LM8eIpQBYBgdxs+dOiVbW1s7QjkI41Pym+Y1a2DHHahdvlzbfqcuv/7ItMi2rH/kyZNnjsu2CufbphUAMEgHrQ7jeCiHYfzO22/LXz74wG9Lw9vsfti9/v1fSss0BKblxPmzIldel+ubc/Liayfl9pVVKZ4pySNq6e3m6/Kz5qZZ9aR873zQLrIqv/L3ZbZR6zxTmvOXDGwDAPeRaABr44SxNiWbm5YqeFoemTZv1ftnSqLC9hX50YWmSOmsnPCXqeA9PyetC6pdL7sicqIUbqS2mf7QtK/KI6WTUjRLAOB+ooNXB7AO4nHDWJuSaRW8ZmaQCupeQbspN65cC4J785pcXzVhPf2o2lYF7/mfyquvqenMnGoPA1lt01wN3q5+qKrmaX0oAIDFVGtzTo4FvQp908elOL2pi+cE8WDV3RSmQjbVMAA8SKJdFmGlrNtGNXVdVbHFM2cj3Qm6G6Ik0rwW6VeeluKcSWE/rFflrzp3N2+pqnku0k0BAA+W+Ad40e6LUUP5wNNfPVS7sXlcvtd7Dvm43L7yirz5XvjI27QcKz0q29vH5cUzz8uJpx6X9Suvyw2/et6U1qp+IuOsPGueYT6hKusbKqyPlR6X7fd+L+v+bvQ+ovMAMPniYRyyPX2xmxTf1DNPTFzQT1yYJgCA/8WQP6hC0/YBng7sJ7/+lPx86Q3TMtyUeQUAjEgH7bCnKfSytGGsEcgA4AgGFwIAR1AhA4AjCGQAcASBDACOIJABwBEEMgA4wusq5j0AYB9RIQOAIwhkAHAEgQwAjiCQAcARBDIAOIJABgBHEMgA4AgCGQAcQSADgCPyCeR//iKYAACp5fPV6d99JXj95nrwCgDYVfYVsq6M//dxMFElA0Bq2VfIqjruHlJhrHj/eYwqGQBSyrZCNtXx3S+JP1ElA0B62VbIpjq+eziYnfo3VTIApJVdhRypjkNUyQCQXnYVcqw6DlElA0A62VTICdVxyN0quSELXlHqbTMLAPssm0D+W126X1SvSXtTbf4ytQ4AwG7vgTykOg7RlwwAu9t7IA+rjkM5VsmNBU8WGmYm3g3RrkvRX9iWetETzwum/voWejuzructqL0G2xfDHTcWxCvWVauxY30AGN3eAtlSHX/uSDBF5VUll8tlaTRMBKrXTkG9XA2isn1VtRdmVUNdarPLoj+/1NNy2V9soUK92JByK1i3uyxSV/8fqbaWZbZWV0vV8gWR5VZV1KEs69MxDWB0ewvkNNVxKK8qebYghU7Hr1YbjY6UqyptG1fVfFt0HpdfULGp11FVba/CHabdEb23WlhRq3K6rdrUnmRZhe2CqoD1m16mW9cHgNGMH8gp+o7jcqmSCy+ocGzI1baqXTtleaGs59vSaV9VrWpel7GFqrRU9fqWnPZDc9cuCx2+ppoOqt6hJbUy6voAsNP4gTxKdRzKpUouqBBWRfHpunRUGKtaWM13pKGrYX++r1BtSatWkE4nXilH+p4LszKr5nd2O5iuCt0nod70Mt26PgCMZrxAHqM6DuVRJRd0Ivv5G8Svnu/o7gsz738IZz50K9ZmpVqNxnScqnZbNZFasbeNt1CXenFBOrWqWlqWaq0jC70P9ZLW37UEB4AdxvumnuVbeaHwA707G8FrHN/eA4CdRq+Q91Adh3LpSwaACTd6II/TdxyXS18yAEy20WI1g+o4RJUMAINGC+QsquMQVTIADEgfrRlWxyGqZADoSx/IWVbHoQyqZD2WRe9xs8hUrNf3Prxm+LicfsTNH68i3F/kueX7wv12PbuxXW/W9+FBu6/Yq3TxOmJ1rB93sz3yFrfXKrm8HH5DTn+duSA1M6ZEqzpr1hiX+su00Aj2r8et8L/t15KhjzA7jXDIn2v3mJ/5pEkXyHlUx6EMquT8FPyxiQDgXtg9YsfoO04a7W2YXPuSO/2hMQcGFxo6ZKauLIJhN/WgQcF2Q6qNVMNvJg8BOtDl0vuGnzlWPfINw96Bhy1TBs4lPM7g9Vi/STjWvQokX4dmG/rU0p54rKR1R9leibQX67sM/rTjPgTHGris+BCsw+7x2Pc1fo3DziO+ruV8Eo9p/kw1+sv06u16/9unA+eN/Ohv6g3128e6d/8s3Tsb6Se9Wz0lLbNN+hj6WONb7pal0K21zKw/r86jUOv6TctldU5l1Roui6yrlhX6GxpJ+wvnbe/1bNK+Wt1aQRLao+L7VOdeDs5257kPXxYu6rZqXVXjJ5/nALPP8F4N2y7x+qKi69uu29ZuOZa+xt5FGUlt1nMNri9cvVUrqHsWWa8nWC/xPsSOt1yO3Oee2PHj+9P7GOXPYNI12s4jad3E80k6ZtJ5Rn4+/nx43sjT8Ap5jOpYUwGbug85lE+VXJDaW2bc4rIehaIj/rhCWQ6ZmWZfeuS5djl5DI3eOBvxCkmdux5KVIueu8+yzD8XNW8W6VHuqmVVO6W6tMi9im6X5vq0pOuwXbe13XKspOFTk9ps2+v2Qk1dU7BaoarHJLGx3Ad9n1XVGVaUjU5/f8Pt4c9g0jXaziPNELNDjxk/z0J/LJjoeSNXwwM5z77juHvel5zlkJlj7kv/89EfQU5v1xJVNTqiLZ2BbNjl+jK9joRjJQ2fmtTmy/LnGr0PwaBSelS/dj0cWXCvdjnXxGu0nIf1fsRleX+QNXvU6kr1vx9L9/Mi3if3ZtLH0sfMpS85KsshM9PsS4/ZXEhYR5Uc7UJBba/4VaPfOj5zLuEvUNFBWW+o6ibV37l27zethBWsv12a67Ndh+26re3Dj5U0fOpAm2173d6uqXsRzOogs+aV7T4o/qiCDX1PVayF1eO40txXI37dw87DPsSsMsIx7Ux/8152ASt7IJtKdeofavr7PZrUsXy5V8mqSshsyMw0+yqYXwHVX8dfpVyVmvrP/yDldFv/q3OPgnPphB+w+b9aKvztJjpYzD9XE69VBWo7qK68Yk1me78VJcX1Wa/Dct3Wdsuxet0hXn/41KQ267mqdlUJhh88nlbzJmMT2O6DorswZtX/8GbVa+LPard7HJXiviZeo5J0Hpb7MXg+KY6JfTXe8JvAA0qHeqO82+9lzJ8r54FsEchAWrqv/LTIW71fcLtPXDkPZO5efFwHTDjzjK/uAgqfRNgXrpwH8kKFDACOoEIGAEcQyADgCAIZABxBIAOAIwhkAHAEgQwAjiCQAcARBDIAOIJABgBHEMgA4AgCGQAcQSADgCMIZABwBIEMAI4gkAHAEQQyADiCQAYARxDIAOAIAhkAHEEgA4AjCGQAcASBDACOIJABwBEEMgA4gkAGAEcQyADgCAIZABxBIAOAIwhkAHCEt76+3jXvAQD7yNva2iKQAcABdFkAgCMIZABwBIEMAI4gkAHAEQQyADiCQAYARxDIAOAIAhkAHMEXQwDk4gs/+Zd592Db+sGXzbvdUSEDgCOokAHkIqyQN1466L8+aI5c/sR/pUIGgAlEIAOAIwhkAHAEgQxg8q1U5MiRI72pdGnNLNBWpHKkJP2mNblUUutVVsy8OwhkAJNNh3HlppxrbsjGhp6aMr9SioVy30qlJCvzTdlYmjct7iCQAUwwVe1eWpH5paYszpgmmZHFN86JXLykauNBa5dKUpElafZXdgqBDGByrb0rK2vzMh8vdme+JfMzN+VmtEh+tyKllXlpOlgZhwhkAJNtZkaOmreD1mTtpnmr3l+8qCrpxUVVP7uLQAYw2dbWpJe7A2ZkppfUM3Ju6ZzcrEQ/3HMPgQxgcvldEyuysqOzWHdlHJWj0XL46KI0l47KxVJlR9+yKwhkABNsRhYX52WlEg3ZFamULoqcW5QdvcXzS9I8d1MtvyQuFsoEMoDJpkJ2Y0mk0nsOuSKytGF9kmJmsSlLRy9KycFQZnAhALlgcCEGFwKAiUUgA4AjCGQAcAR9yABywa9wCtCHDAATiAoZABxBhQwAjiCQAcARBDIAOIJABgBHEMgA4AgCGQAcQSADgCMIZABwBIEMAI7wflyr8k09AHCAd/jw4R2B3O2S0feDLH6On332mTz00EP+9Omnn5pWAOPwPM+8GxS2ew8//HDvby1BfH+5e/eueTc+HcgHDx4kkIEMjBTISQjpyZVVhUwgA9mLh7PnefJ/1SMYEp6v2IgAAAAASUVORK5CYII=

Previously, even adding the path manually failed to work with Windows defender enabled but now the ignore rule that I could create from the blocked application list is applied and wsl appears to work normally.

Thanks for your help.

C.O.M.O.D.O_RT · January 2, 2023, 8:50am

Hi 2072,

Thank you for your feedback.
Have a nice day.

Thanks
C.O.M.O.D.O RT