Comodo freezes Windows due to HIPS/Firewall popup during fullscreen app launch

First of all, thank you to Comodo for making the only (that I know) security solution that still has ‘power user’ options.
Now over to the problem I am having. (And have had since I first started with CIS many years ago).

Every time I launch a new application (mostly games) that attempt to go fullscreen (which is usually the default) they will trigger a popup from HIPS (running in Paranoid mode) or the Firewall, which will freeze the entire computer requiring a power-cycle to get back up. At this point there will be NO information in the Comodo Event logs for what froze it, so I can create a rule ‘after the fact’.

What happens every time, when I launch an application, usually a game (One that I have no profile for), say for example “divinity: original sin”, will launch and I will get the first popup.

• Game wants access to hook dinput8.dll - I grant this permission.
• Game then wants access memory to Steam.exe - I grant this permission
• Then the game will go fullscreen, and probably ask for permission to something else. At this point, the game has “taken” the fullscreen and the comodo popup, which attempts to notify me will be in ‘desktop’ mode, and there the computer will hang, forever.

So far the only solution I have found is to launch games in “sandbox” mode to get into options to go ‘windowed mode’, then copy the settings file/registry from the VTroot sandbox folders to the actual game folder, so I can launch the game normally and see all the Comodo prompts.

Another alternative is to launch the game after having gone into settings and set both HIPS and Firewall to ‘do not show popups’ and then “Deny all”. Which has me reset these settings every time, as Comodo does not remember ‘deny all’. Unfortunately, when it goes into auto deny mode, it will not create those rules for the application, so I need to hope that the game can launch with everything denied so I can go into options and set windowed mode, THEN relaunch with normal “ask” settings to configure CIS the way it should be…

A final alternative is to configure ONE application properly, then use this as a “template” rule for other applications. Unfortunately, as you get enough rules, the listbox to select which application to copy the rule from will be too long, so you have to go into the application rules and ‘move’ the rule you want to use as a template to the top of the list.

OR you could create a ruleset, but unfortunately, you can not clone an application rule into a ruleset, so you need to do it “by hand”.

So my questions:

• Is there a way for Comodo to NOT freeze the computer when an application goes fullscreen at the same time as an application alert is triggered.

• Is there a way for Comodo to log the specifics of all “rule hits” that are Denied, so I am able to create new rules based on the ‘deny’ trigger’. In the alert log you’ll see “HIPS”, “Firewall” etc and you can click “Related Alert” which shows specifics, BUT you can not create a rule from the event log.

• Is there a way for Application Rules to be ‘cloned’ into a Ruleset (or a third party app that modifies the registry to do this…)

tl;dr:

• Comodo freezes Windows when fullscreen app is first launched and Comodo HIPS/Firewall popups appear; how to avoid this without having to ‘accept everything’.

–

In the case of Divinity, it likely froze when it asked for permissions to “dwmapi.dll” while triggered fullscreen. (As this was the hips warning I got after dinput8 having gone the ‘sandbox’ route first…)

Yes, comodo added a feature called ‘game mode’ which deals with such issues with full screen applications, it has been renamed to silent mode. But it will allow requests and set up allow rules for that application similar to setting HIPS and firewall to training mode.

I don’t think it has anything to do with EAC but a known problem with launching full screen applications that produce HIPS alerts in which you can’t answer. You should either switch to silent mode before launching of games or add the games developers digital certificate to the local trusted vendors list.

What if you do not want to ‘allow’ everything, but ‘deny’ them and still have it logged as a rule-set you could manually change afterwards.

That is why I said 'But" because I knew you didn’t want to automatically allow everything, only thing I can think of is to create a predefined ruleset with what you want to allow then set every access right to block. Then apply that ruleset to the application in the HIPS rules. In other words make a modified version of the “Contained Application” because I don’t know if the application would launch if you were to just use the contained predefined ruleset.

As the title suggests, for example, when running a full-screen game without making it trusted, the computer will instantly enter a black screen without any response, sounds or prompts and the whole system completely dead/frozen. no Comodo warnings as well. Even disable certain monitors of the HIPS such as ‘system hooks’, the problem persist and the only way to end this dead computer is hard powering off, restarting keyboards also not working at all. This problem has persisted for a long time in all Comodo HIPS. Running any full-screen games with default setting or no-recognised vendors will instantly cause this system failure. The problem gets more serious in the latest versions while in the previous versions such as only Comodo Firewall, disable ‘system hooks’ monitor will permenantly solve this glicth or making ‘system hooks’ trusts any full-screen apps. Please fix this serious bug of COMODO killing windows system.

The other minor problem is the significant delay of launching certain programs in the recent CIS. For example, by using SKSE plugin to launch The Elder Scroll V: Skyrim, the command line windows is significantly running slower than previous versions such as Comodo Firewall standalone or without CIS. HIPS is enabled in all these cases and it seems the latest CIS is being lagged and less eficient internally.

Please fix these bugs and lags. Example programs are too large to upload for sampling.

Not a bug, there are many ways to prevent this and this is a situation when you should use game mode/silent mode. Or use training mode or set HIPS to do not show alerts allow requests. Never mind you can trust the application manually before launching it by adding it to the file list and setting it to trusted.

Merging same issue topics. As stated before, game mode which is now called silent mode is designed for this purpose. Or even use training mode to have HIPS learn and allow the actions needed by the full screen application.

If something freezes your computer and forces you to restart, it is by all definitions a “bug”. Don’t you think it’s possible to have Comodo not lock up the computer even if Game mode isn’t turned on? No other security application I know of does this.

Even the idea that you are required to turn on silent mode / blindly allow the fullscreen application to do anything it wants is a glaring security flaw - don’t you think? Shouldn’t I be able to manually decide what my fullscreen applications can and cannot do - just like with other applications?

I would totally agree with you and many thanks for the clarity of issues. Thank you for your mutual understanding which feels really humane.

On the flip side, if this is not a bug still, the only point makes sense is that it is suggesting COMODO may not be good enough and should cease to be used and find other alternations or replacement. However, I hope this is not the case and its advanced HIPS has already drawn quality users who are interesting enough in such software and sorting out the tough policies.

What is really relevant here is how to appropriately avoid this problem (as it does cause a significant problem and seriously problematic) or fix it by any chance. Turning on silent mode might be a working around, however, for some strict circumstances that software policies shall not be compromised, silent/game mode only lower down the capability of HIPS and less different from simply turn HIPS off as there will be still many unrecognised or not fully configured apps coming in or already running in the process. However, these are just background stories or possible conditions relating to software design WHILE the key issue is whether to FIX SUCH FLAW in the security system of software itself, not talking about what users are about. And this cannot achieved at the moment without the original developers.

As the topic suggests, version 5 might be a good one but it may not work properly in Windows 10. And also, the main websites for downloading may not allow previous versions being attained. I wish the HIPS can really go well later on especially after so much of the reports and attention already.

The reason it seems like the system is frozen is because CIS will halt execution of the application when an alert is generated. Because the application is running full screen while being paused, you can’t interact with it or other applications. I believe it happens when the full screen app is trying to install a global hook or access csrss.exe in memory.

I have done some testing and I noticed that changing the default alert timeout period to a low value like 5 seconds will allow you to either alt-tab or use alt-ctrl-del. The problem is the way of using full screen causes the alert to be hidden behind the application and won’t allow you to answer it. In some other games, the game either minimizes as the alert takes focus or the alert opens on top. Lowering the alert timeout should reduce the freeze time of not being able to interact with the game or the whole system.

Hi,

This is what I ended up doing, making a ruleset with the ‘baseline’ allowed, then I just add to this as new “problems” arise.

Happens for SOME games when HIPS is set to “Safe Mode”.
Takes couple of seconds, then cursor does not respond.
Sometimes it gets to black screen, sometimes before game window is shown.
CTRL + ALT + DEL does not work.
Restart via reset button on case is required.
When HIPS is disabled game runs without problems.

Version: 12.2.2.7098

Use the search as this has been covered already, however I merged all topics of the same issue into one. You should use silent mode or switch to training mode whenever launching full-screen applications to prevent alerts from not being able to show up while in full-screen mode.

Or set logging enabled then in HIPS Silent - Block All.
Launch the application and watch it fail, then look in your log file for what failed.

I made a HIPS Ruleset for games so I can apply that to titles, that takes care of most of them.

Run Executable: Ask
Memory Access: Block
Windows/Hooks: Block

But allowing:
C:\Windows\System32\dinput8.dll
C:\Windows\System32\dwmapi.dll
C:\Windows\System32\msctf.dll
C:\Windows\System32\dinput.dll

Process Termination: Block
Device Driver Installation: Block
Windows Messages: Block

Protected Com: Block
But Allowing:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Protected Registry: Block

But I have allowed:
HKLM\System\Controlset001\Services\TCPIP\Parameters
HKLM\Software\Microsoft\Windows\Currentversion\Internet Settings\Connections
HKLM\System\Controlset001\Services\Eventlog\Application\Nvidia OpenGL Driver
HKLM\SYSTEM\ControlSet001\Control\MediaResources\DirectSound\Speaker Configuration\Speaker Configuration

Protected Files: Block

But I have allowed:
\Device\KsecDD
\Device\NvAdminDevice
\Device\Afd\Endpoint
\Device\Afd\AsyncconnectHlp
\d3d12.dll
\Device\MountPointManager
\Device\hid
\Device\NETBT_TCPIP_ (for my internet nic)

Blocked:
\Device\RasAcd
\Device\NETBT_TCPIP_ (for the network cards I do not use for internet)

DNS: allow
Physical memory: Block
Computer monitor: Block
Disk: Block
Keyboard: Allow

Used to get the ‘freeze’ thing for a lot of games before I made a ‘basic’ profile that covered a few of the Registry Keys and Windowss hooks.

If you spam ctrl-alt-del when it supposedly freezes, then just wait FOREVER it should eventually show you the Popup message and return you to windows, or you can press the power button on your pc (soft press) and just wait forever, but you’ll then have to reboot.

Once I had it fail during saving of a rule and upon reboot almost my entire HIPS configuration was gone, so I had to restart from a old backup (So remember to export your settings)