Comodo HIPS Rules Viewer for Comodo 3.X

Comodo Internet Security - CIS Install / Setup / Configuration Help - CIS
1

A Comodo HIPS Rules Viewer for Comodo 3.5 or 3.14 (and probably other CIS 3.X versions)
See update in next post

As stated this program has been written for comodo 3.X
Result is unknown for other version…

This program just reads the registry for HIPS rules, and display them
in a tree view inside a window, with the possibilty to copy them to the clipboard (as text).
HIPS predefined and application rules, for each profile, are displayed (but not Firewall rules).

This program can be useful

  • to save your HIPS rules as text before upgrading Comodo
    and have them under the eyes when recreating them in the new install
    (since export/import between versions might not work)
  • to send your ruleset to someone, for analysis, sharing…
  • to spot ‘dead-rules’
    (application rules that remain in the registry but without effect,
    because they are superseeded by a ‘TreatAs’ rule for example)

Nothing is written to the registry or the file system (except the program itself when unzipped).
With Comodo version other than 3.X unknown datas can be displayed, but no damage should occur.

The program is written with AutoIt (a script language),
the ZIP file contains the compiled executable and the script version (the AU3 file),
both do the same thing but the script requires AutoIt to be installed to run
AutoIt site : AutoIt Scripting Language - AutoIt

In any case you should perform a virus scan before executing any unknown program
from an unknown source (for example at http://www.virustotal.com/)

The link to my program (should be available for at least a month, or more…)
[s]DL.FREE.FR
ZIP File MD5 : C5480AE37598046D8CFB97990E02F526

My program is provided ‘as is’ without warranty
and anyone can reuse the code or debug/improve it…

[s]At this time at VirusTotal :

:frowning: PrevX and Symantec antiviruses say for my zip file and the included executable
Prevx 3.0 2010.04.07 High Risk Worm
Symantec2009 1.2.0.41 2010.04.06 Suspicious.Insight
(too much heuristics at work ?)
:slight_smile: but Comodo antivirus says zip and exe files are not viruses…
;D however my script (AU3) file is said clean for all of them
[/s]

2

An update of the ‘Comodo 3.X HIPS Policies Reader’
Compatible with Comodo 3.5 and 3.14 (and probably other CIS 3.X versions)

(see attachment for download)

:cry: still 1 detection at VirusTotal for the exe file :
McAfee-GW-Edition 2010.1C 2010.12.14 Heuristic.BehavesLike.Win32.Worm.H
but no detection for the script file.

[attachment deleted by admin]