Comodo Firewall isolates its own script??

Hi, Comodo has isolated its own script, is this really the way it needs to work? Plus Comodo didn’t show any popup when it isolated the scripts. They were just 2 Command prompt windows with green borders around them. Please take a look at the screenshots for this issue and also for the one below. 88)

Also, i have another question. In the summary of the logs it says that 85 unknown files have been detected but 0 have been submitted. I have the “Analyze unknown files in the cloud by uploading them for instant analysis” set to ON. So what’s going on?

Screenshots

Also, i had the initial released version of Comodo 10 installed and my SUMo notified me of available update 10.0.0.6092, but Comodo has not. I have been checking through the Comodo interface for 20 days now, it said that it was up to date, but it wasn’t. I have then uninstalled Comodo and downloaded the installer from the site and installed the new one. Why Comodo was not detecting its own update?

Is there someone alive at this forum??

http://i.imgur.com/j6L2g0c.png

https://forums.comodo.com/news-announcements-feedback-cis/why-are-all-these-comodocreated-batch-files-getting-sandboxed-t117693.0.html

https://forums.comodo.com/news-announcements-feedback-cis/brand-new-comodo-internet-security-10-with-secure-shopping-is-released-t117514.0.html;msg847406#msg847406

egemen:

Oh yes. This is a new feature we have introduced to catch fileless malware. Fileless malware uses script interpreters such as powershell.exe to execute code through commandline. There are various ways. What CIS 10 does is it catches embedded commandlines and sandboxed them.

But while sandboxing them, we create a file out of them i.e. convert file-less scripts into files in C:\ProgramData\Comodo\Cis\tempscrpt. If is the command-line interpreter. What you can do is

1-You can trust them just like any other file
2- Or you can disable cmd.exe from commandline parsing from Settings->HIPS->Do Heuristics commandline analysis(Certain applications)

It is a new feature.

Good to know it is by design. :slight_smile: Do you have an idea why the number of detected unknown files is waaayy bigger than the number of submitted files(which is actually 0) when automatic submission of sandboxed and unknown files is ON? Plus when something gets quarantined there is no notification shown. Comodo is allowed in Windows 10 notification settings app.

https://forums.comodo.com/news-announcements-feedback-cis/brand-new-comodo-internet-security-10-hotfix-version-is-released-t117645.0.html;msg847860#msg847860

Dunno, but it should.

When i tried to update 1 World of warcraft addon with the WowMatrix program it created 51 C_cmd.exe files, all of them was submitted as unknown.

It’s probably related to how often you encounter/run it. In my opinion, it’s better to inspect those by yourself; not submit. Also, a very high number of unknown scripts could indicate a possible compatibility issue (with involved applications).

Nevermind. I has submitted some files, but not all of them, so maybe it does it selectively.

qmarius, do you have something against me using your signature on forums? 88)

I have nothing against anything/anyone. Feel free to do whatever as you feel appropriate. Have fun. :slight_smile:

Hello,
I really appreciate this new feature. :-TU

Only, I work with a lot of Powershell scripts using variable arguments, and this creates really many C_powershell.exe_***.ps1 files and alerts. I understand I can exclude Powershell from heuristics analysis, but isn’t there a way to avoid the script replication for the scripts opened from a specific folder?
Thanks!

After about two and a half years, I think this question is still valid.

I wonder if there is today a way to avoid the script replication for the scripts opened from a specific folder. I have tried finding a solution, but not succeeded so far…