I confirm the problem after test on USB
It may be wrong placing this feature request here (sorry for it) - is there a plan for any future release to make the isolation/sandbox asking user about status of unknown files being launched? I would prefer to be asked and then decide whether to sandbox an application rather than launchiong it, having it sandboxed, then receiving erros, closing it, unlocking and then lauching again as allowed app.
And please with an option (a checkbox?) to trust the program’s author and add them to “Trusted Vendors” when the executable is signed / has a valid certificate. This would especially help with re-populating the “Trusted Vendors” list after clearing it out completely, which I did for years with every new clean install of CIS, until now. This is unfortunately no longer possible with CIS v12. I am holding out on installing v12 in the hope that Comodo will re-enable users to customize their vendor lists in a future update.
By the way, @Shirka2010, I use somewhat of a workaround for that: I have the desktop widget enabled. Whenever CIS prompts me about a program (mostly explorer.exe, which is the host process for the Start Menu) trying to execute another unrecognized program, I click the Unrecognized Files button on the widget which takes me directly to the File Rating list with only unrecognized files shown. I change the program’s rating to Trusted, click OK to close the Advanced Settings window, wait a few seconds for the new settings to take effect, and then click Allow in the CIS prompt. This way I can bypass the sandbox for programs I recognize and trust. (It is crucial to wait a little after closing the settings window, otherwise the program still ends up in the sandbox!)
Thanks for the advice, but that does not seem to work for me - i use standard and portable apps, but the widget does not seem to interrupt sandboxing application. maybe I do something wrong but CIS does not prompt me about an unrecognized applications. I even unchecked isolation setting “show notification about elevated priviledges”. What I need (and hope many of us do) is to be asked before sandboxing. Even if it worked the same way each time app was launched (without setting a corresponding rule). To set it permanently at later stage, one can easily enter “unlock app”.
With current functionality the first time with new application is always a roulette and possible time waste. With portable apps it is even worse - as CIS remembers software directory patch in a rule, so moving it causes file to be blocked again.
Hi guys,
any news for me???
I am using CIS more than five years on Win 7 and 10. I used to wait till next automatic update But this time for the annoying problem of update notification on windows 10, I decided to uninstall CIS 11006744 completely and install new version manually. After completely Uninstalling Ver 11006744, I restart and shutdown Os and then I installed offline version of CIS 12006810. I had three crash report files named as cavwp.exe.xxx.dmp with size more than 300MB in C:\ProgramData\Comodo\CisDumps. I had a hang on my Windows 10 and I forced to use Power_button to restart my PC. all of these happened in three days as I installed CIS ver 12. Now on win 10, I have returned to the ver 11 with the same annoying update notifications problem. I had never experienced serious problem like this OS-hang caused by CIS before.
These are two last crashes: (all the other crashes are related to cavwp.exe too)
Source
COMODO Internet Security
Summary
Stopped working
Date
2019/4/8 3:57 PM
Description
Faulting Application Path: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
Problem signature
Problem Event Name: BEX64
Application Name: cavwp.exe
Application Version: 12.0.0.6810
Application Timestamp: 5c94a8fd
Fault Module Name: cavwp.exe
Fault Module Version: 12.0.0.6810
Fault Module Timestamp: 5c94a8fd
…
This One Led to OS-hang:
Source
COMODO Internet Security
Summary
Stopped working
Date
2019/4/8 7:32 PM
Description
Faulting Application Path: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
Problem signature
Problem Event Name: APPCRASH
Application Name: cavwp.exe
Application Version: 12.0.0.6810
Application Timestamp: 5c94a8fd
Fault Module Name: cavwp.exe
Fault Module Version: 12.0.0.6810
Fault Module Timestamp: 5c94a8fd
Anyway thanks for Free CIS 
I am using a modified Proactive Security configuration, so I have HIPS enabled in Safe Mode, with “Set popup alerts to verbose mode” checked. This way, before automatic sandboxing, I first get a HIPS alert when I (or other running programs) try to execute an unrecognized file.
I also would like that, on first launch of a program unrecognized by CIS, I could skip sandboxing, set file rating to Trusted, and if the file is signed, add its author to the Trusted Vendors list, all from a single prompt, the reason being:
Most open source software are never signed, at all. Even software from commercial companies might lack signatures. Some major open source projects have code-signing certificates, but a portion of these only sign their main version releases. If you frequently update your software with pre-release, or worse, nightly builds, it quickly becomes a chore to go through the procedure you described (or the workaround I use) to properly run a newly installed program.
If there is a concern that providing such a functionality might lead to some user unknowingly skipping the sandbox for a malicious file and getting infected, then perhaps it could be hidden behind an advanced setting for expert users.
I can’t set some Vendor in Vendor List to Unrecognized.
Did you save the crash memory dumps? If not then it is pointless to say anything about it crashing as they need those memory dump files to investigate and fix the issue.
As for ask before sandboxing, it is supposedly going to be in a release during this or next month.
Yeah known issue with changing vendors who have more than one entry in the vendor list.
Same thing for me and It’s impossible for me to use outlook with Comodo Anti-virus. I’ve sent this night (cause I’m french) the comodo crash report to Comodo (with cisreporttool.exe).
I’m waiting now
Best regards
No I didn’t save dmp files cause I assumed they would send automatically when the check box under General>Logging>User Statics section is ticked. Then next time I have to send them manually?
Hi,
Processing of automatically submitted dumps takes much more time as we don’t know which issue is associated with it, steps etc.
So could you please send them to me (or other Comodo staff) via PM if you will face the issue again?
Surely! I will send it manually next time but as I mentioned I have returned to CIS 11 and there is no crash on this version.
Thanks for your respond
In my opinion, just a few improvements are needed to make it a great product. The web protection and the removal of malicious files on USB devices in my opinion 'fundamental for optimal protection. ???
Thank you!
Nunzio.
Hello,
This is what happens according to my research
- This is an NTFS formatted USB flash drive
- I proceeded this way
- I introduce a malware in the USB key, Comodo detects it but does not display the reader F: \ so for him it is impossible to place it in quarantine
- I chose the manual analysis mode of the Comodo menu by indicating the folder where the malware is located, it detects it with the disk F: \ and proposes to clean it
It seems that it is the process of automatic detection (with the insertion of the USB key) which poses problem
I attach you the images for understanding:
A> Automatic detection
B> Manual Scan
Hi guys,
I understand your commitments but is anyone willing to help me? :azn:
you should create your own topic in the help section so it doesnt get lost in the release topic
Why is Comodo so quick in releasing unfinished products, but so slow in repairing them…
Does that make sense to anyone?
To me yes.
There’s multiples reasons that comes to my mind :
Firstly programming is hard. It’s harder when you have to deal with low level kernel systems and components.
Debugging is really harder especially when you have near infinite different hardware possibilities.
You have to stay up to date with every changes that are made to Windows with every updates and rewrite your code accordingly, without introducing new bugs. Now that Windows 10 are frequently updated (while there was only Service Packs once in a while a for previous versions, that didn’t change kernel as much as current builds) this can be tough for third parties to quickly adapt (maybe to implicitly ‘force’ user to stay with Windows Defender).
It may be because of (economical) internal reasons. It’s a free product; in a company stand point you lose money every time you don’t take the possibility to make money so you may face a few restrictions.
You can’t add/improve things without causing more bugs, or you are forced to freez your build for several years to get rid of every bugs possible (that what you see with Debian for example), but then you don’t add any new or improved existing features. For a security product it’s quite a bad move, especially when there’s no long term support of customer Windows builds, and for a company you can’t only provide solutions for outdated systems (for the user point of view, since you can still provide corporate solution, but you actually pay for it then).
Unlike other security product, Comodo is actually developing features from scratch instead of relying in Windows’ ones, like the firewall part which is an entire and dedicated product (which is good security wise) and not just an user interface to control the Windows Filtering Platform like 99.9% of other company do.
An HIPS is the hardest part to deal with, metaphorically like a surgeon since you have to dig in the deepest part of the system and not ■■■■■ up. I think the only issues you can encounter is with this component, but it’s also what it gives you the most security.
Edit : accidentally posted while not finished.
Good idea :-TU
Thanks