Comodo doesn't recognized System and keeps asking me what to do.

Hello. This little issue started yesterday and really annoys me. EVERYTIME i log on Steam or i shut down/restarts my PC, the message saying that System is trying to modify a logfile on the directory C:\Windows\system32\WDI\LogFiles\ShutdownCKCL.etl (this happens when i try to restart or shut down my pc) and on C:\Windows\system32\Logfiles\WMI\RtBackup\EtwRESteam Event Tracing.etl (and this is when i log on steam).

What is going on? I tried to allow it, marked as a trusted application and everything. But, everytime i restart or shutdown the problem continues to occur!

Can someone help me? Please? This never happened before. :frowning:

I’m sending a screenshot of Defense+ Logs. It’s on portuguese, sorry.

[attachment deleted by admin]

Is there an answer for this?

I have getting the same HIPS message at shutdown for a while now as well.

c

You should not be asked this System is part of the group Windows System Application in Rulesets they are allowed to do all without asking.

So either you have taken in Defense+ the application system out of that group, or you install is corrupt.

If you check in Defense+ Hips rules the group Windows System Applications should be at the bottom which will include System.

Then check Rulsets there should be group Windows System Applications with if you edit all functions allowed including the first one which says Ask as if you Modify you will see * plus a box after which means allow all applications to be run.

If you are running CIS 7/8 at default Hips is now disabled as the Sandbox takes precedence.

Dennis

Thanks Dennis 2,

Under the Hips Rules I dont have “Windows System Application” listed. Can I add the rule and setting “Windows System Application” as the Ruleset?

c

What have setting do you have Defense+ set at or is it disabled, which is the default setting.

Screenshot below of my three groups below with Windows System Applications expanded.

Please note my install is a upgrade from CIS 5.12, but the groups should still be there if you have Defense+ active.

Dennis

[attachment deleted by admin]

Yes add a new HIPS rule click Browse and select the file group “Windows System Application” and set Use Ruleset as Windows System Application.

Thanks guys for the reply.

I added “Windows System Application” to the rules last night, but the annoying thing is that this morning it was missing. I am pondering if the best thing to do now, would be a clean install. But, that will have to wait until the weekend.

c

Evening update.
I may of been a bit premature on this point. At the moment all now seems to be OK. Keeping fingers crossed.

c