OK, I have Comodo Firewall installed, and would like to use HIPS, BUT.
Prestty much any time I try to run any of the programs on my machine (which are all clean and OK), the HIPS pops up whining about oh say this program x want to access a “protected COM interface” or some such.
I already know all programs on machine are safe as I have scanned every one with both anti-virus and anti-malware programs.
Attached you will find screen caps of the Main HIPS screen, the HIPS Monitor Settings screen, and the HIPS Rules screen. I have not changed anything else in the HIPS.
Any ideas? BTW, I currently have the HIPS DISABLED as I am TIRED of playing 20,000 questions with it. :o 88) ??? >:(
Sorry, I have already tried that, and it STILL sits there and acts like an interrogator, asking if I wish to allow this and wish to allow that. 88)
I mean there has to be some settings to change to seriously reduce that, or I will just run it as a firewall only. It at least queries if I wish to allow a program to have access to the internet, which is basically the only question I care about. Since the items are safe, I don’t really need to have everything access the net just the items that MUST.
Basically if you set it to “Clean PC Mode” it will automatically allow everything** currently on your PC, however it will still monitor and alert about new files.
** The exception being things you already have rules for since rules > mode, if that makes sense.
So lets say you have an unknown application called unknown.exe and while HIPS is in Safe Mode you get an alert that this application wants to edit the protected file “C:\Windows\explorer.exe”, when you tick in to remember your decision and then click Allow or Deny an application rule for unknown.exe will be created (edited if a rule already exists) that adds “C:\Windows\explorer.exe” to the exclusions tab of “Protected Files/Folder” under “Access Rights”… Here’s the trick, you now have an application rule for unknown.exe that says to allow access to “C:\Windows\explorer.exe” but everything else is set to “Ask”… So when you change the HIPS mode from “Safe Mode” to “Clean PC Mode” these applications will still give alerts because their rules says so.
At least the above is my understanding of the situation and it’s the only thing I can think about that would cause such a thing.
If you know an application is safe then you can tick in to remember your decision and then click “Treat as” and then click “Allowed Application” this should stop all alerts for this program except alerts about launching other applications (at least unknown applications)
Another thing you can do is a rating scan and then set the unknown files to trusted.
But honestly if you have a problem with HIPS alerting you then I’d suggest you use the BB set to either Untrusted or Fully Virtualized.
c. allow every malware on your computer to do pretty much whatever it wants***, no matter when it gets on your system… i.e why even have CIS installed?
***Exception being if HIPS is set to Paranoid / Firewall is set to Custom Mode.