First of all, thank you to Comodo for making the only (that I know) security solution that still has ‘power user’ options.
Now over to the problem I am having. (And have had since I first started with CIS many years ago).
Every time I launch a new application (mostly games) that attempt to go fullscreen (which is usually the default) they will trigger a popup from HIPS (running in Paranoid mode) or the Firewall, which will freeze the entire computer requiring a power-cycle to get back up. At this point there will be NO information in the Comodo Event logs for what froze it, so I can create a rule ‘after the fact’.
What happens every time, when I launch an application, usually a game (One that I have no profile for), say for example “divinity: original sin”, will launch and I will get the first popup.
- Game wants access to hook dinput8.dll - I grant this permission.
- Game then wants access memory to Steam.exe - I grant this permission
- Then the game will go fullscreen, and probably ask for permission to something else. At this point, the game has “taken” the fullscreen and the comodo popup, which attempts to notify me will be in ‘desktop’ mode, and there the computer will hang, forever.
So far the only solution I have found is to launch games in “sandbox” mode to get into options to go ‘windowed mode’, then copy the settings file/registry from the VTroot sandbox folders to the actual game folder, so I can launch the game normally and see all the Comodo prompts.
Another alternative is to launch the game after having gone into settings and set both HIPS and Firewall to ‘do not show popups’ and then “Deny all”. Which has me reset these settings every time, as Comodo does not remember ‘deny all’. Unfortunately, when it goes into auto deny mode, it will not create those rules for the application, so I need to hope that the game can launch with everything denied so I can go into options and set windowed mode, THEN relaunch with normal “ask” settings to configure CIS the way it should be…
A final alternative is to configure ONE application properly, then use this as a “template” rule for other applications. Unfortunately, as you get enough rules, the listbox to select which application to copy the rule from will be too long, so you have to go into the application rules and ‘move’ the rule you want to use as a template to the top of the list.
OR you could create a ruleset, but unfortunately, you can not clone an application rule into a ruleset, so you need to do it “by hand”.
So my questions:
-
Is there a way for Comodo to NOT freeze the computer when an application goes fullscreen at the same time as an application alert is triggered.
-
Is there a way for Comodo to log the specifics of all “rule hits” that are Denied, so I am able to create new rules based on the ‘deny’ trigger’. In the alert log you’ll see “HIPS”, “Firewall” etc and you can click “Related Alert” which shows specifics, BUT you can not create a rule from the event log.
-
Is there a way for Application Rules to be ‘cloned’ into a Ruleset (or a third party app that modifies the registry to do this…)
tl;dr:
- Comodo freezes Windows when fullscreen app is first launched and Comodo HIPS/Firewall popups appear; how to avoid this without having to ‘accept everything’.
–
In the case of Divinity, it likely froze when it asked for permissions to “dwmapi.dll” while triggered fullscreen. (As this was the hips warning I got after dinput8 having gone the ‘sandbox’ route first…)