COMODO Internet Security 4.0.664.127486 Bug Reports

Please post all bug reports & BSOD’s here and make sure to include:

  1. Your Operating System (32 or 64 bit) and Service Pack revision
  2. Other Security and Utility Software Installed
  3. Step by step description to reproduce the issue
  4. How you tried to resolve the problem
  5. Upload Memory Dumps on crash if you encounter any
  6. Attach screenshots to your posts to clarify the issue further
  7. Any other information you think that might be useful

It’s vital to provide all this information, so the developers can quickly identify and fix bugs faster.


Soyabeaner edited #9 to #7 for clarity sake

OS: Windows XP SP3 32bit updated to the latest post-sp3 Service packs + KB971029
CIS Version: 4.0.644.127486
D+ configuration: Comodo Internet Security Defaults
D+ mode: Safe mode
D+ Image Execution control: Normal

The latest version 4.0.644.127486 won’t trigger Run an executable types/dll alerts anymore when rundll32.exe is used to launch a DLL. CIS 3.13.121240.574 on XP32 was also affected.

This differs from CIS 3.12.111745.560 and previous versions, which alerts when Rundll32.exe load a DLL even using “Comodo - Internet Security” configuration defaults (image execution control disabled).

Such Rundll32 alerts triggered when a DLL is loaded provided a way to prevent the execution of the code contained in such DLL and a chance to have D+ heuristic Severity rating displayed on the alert to warn about eventual malicious behavior.

It is possible to reproduce a Rundll32 based DLL-execution scenario for testing:

OS: Windows XP SP3 32bit updated to the latest post-sp3 Service packs + KB971029
CIS Version: 4.0.644.127486
D+ configuration: Comodo Internet Security Defaults
D+ mode: Safe mode

[ol]- Some protected paths in My protected files defaults include a leading ?:\ wildcard to specify all drives (C:, D:\ , etc.) though D+ was unable to trigger “Protected File/Folder” access rights alerts for paths that pertained USB removable devices (FAT32 USB-key disk).

  • All applications policy blocked section of “Run an executable” access right include a ?:\Recycle?* rule though D+ is unable to silently block execution of application launched from paths that pertained USB removable devices (USB-key disk) but will display execution alerts.

  • Non removable HD are not affected. I’ve not tested if other access rights that apply to USB removable devices paths might be affected

  • No issue with USB removable devices plug-in was reproduced whereas drive letters are assigned to the removable pendisks
    [/ol]

If an USB removable device is assigned a drive letter (eg. I:):

  • It is possible to use a notepad application to create a new I:\autorun.inf without alerts.
  • Launching an application whose path is I:\Recycled\app.exe will trigger an alert regarless if a related “All applications” rule is meant to silently block execution from ?:\Recycle?*

CIS 3.13.121240.574 on XP32 was also affected.

A workaround tested only on XP involve the use of \Device\Harddisk?\DP(?)\ to create additional entries with a replaced ?:\ whereas this appear to match only USB Mass storage Devices (eg adding \Device\Harddisk?\DP(?)\autorun.inf to My protected files and \Device\Harddisk?\DP(?)*\Recycle?* to All applications blocked exceptions) and not non-removable HD

  1. Windows 7 32bit
  2. Prevx
  3. Open GUI, click “x” to close
  4. Right clicking on the icon, selecting close does not work
  • Taskbar icon stays open even after closing program, as if it is being minimized rather than the GUI window being closed.

  • Clicking “check for updates” in “more” section of GUI does not produce any window, response, etc…

  1. Windows XP SP3 32-Bit

  2. No Other Security. No Utility Software Installed that’s running real-time or loading drivers on start up.

  3. Step by step description to reproduce the issue:
    -from the main GUI click waiting for you review
    -either re-size/stretch the screen enough or maximize it
    -the Delete File button doesn’t stay with the rest of its team mates :smiley:
    -this can be repeated as many times as wanted

  4. How I tried to resolve the problem: Click on Delete File button, but that only temporarily removes the it. We want it to stick together with the other buttons.

  5. Attached screen shot

  6. My DPI is 120 instead of the standard 96.

[attachment deleted by admin]

Same setup as above. This report is on GUI bugs.

1st & 2nd screenshots are DPI related.
3rd screenshot depicts the slight delay when closing/opening CIS screens (but not always repeatable).

[attachment deleted by admin]

  1. See Signature
  2. See Signature
  3. try to run Fraps.
  4. Yes, Fixed by running in sandbox as Unrestricted.
  5. N/A
  6. N/A
  7. Fraps does run, but GUI never shows and its takes up massive amounts of CPU, When i close it, it crashes MSN and Windows live mail. This FIX works even IF the sandbox is off.

@ Egemen, you skiped from 6 to 9 ;D :slight_smile:

Same setup as above (CIS without AV installed and Defense+ using predefined Proactive Security config. Left Sandbox settings on default).

This one’s about an audio player I use called AIMP, which isn’t recognized by CIS as safe or trusted.

I launch it and received two alerts. When I either either click Cancel or Block, it still allows the drivers to load.

This was tested with Defense+ in Clean PC mode and then in Safe Mode; and on both occassions, I checked to make sure there were no rules in Defense+ Policy. I also tested with the Remember option enabled on both alerts and manually re-added aimp.exe to the My Pending Files with the same results.

Two other behaviours I noticed:

  1. If aimp.exe is in the pending list, whenever I launch it after 1 second, I can’t move its GUI around. I think the sandbox is what keeps a “hold” on it even though it isn’t when I go inside the Sandbox screen.
  2. After the above step 1) is done, CIS automatically removes aimp.exe from the pending list.

Update:
Figured out the culprit to 1) - with the default Sandbox options enabled, Defense+ did not alert the keyboard access (see 3rd screenshot). I disabled Sandbox and re-tested to notice this missing alert.

[attachment deleted by admin]

cis completely installet
win xp pro sp3
after restart the icon does not appear in the tray

GUI, bug report

  1. See Signature
  2. See Signature
  3. look at picture (happens when you open My Pending Files and stretch the window to the right)
  4. N/A
  5. N/A
  6. N/A

[attachment deleted by admin]

CFP failed the GRC Leak Tester on my system:

http://www.grc.com/lt/leaktest.htm

fine here, it blocked it

The only way it was blocked on my system was to choose Block All Mode in the firewall settings.

–EDIT–

I found the leak. Under Network Security Policy/Application Rules, there was an entry to Allow All Applications Out! I deleted the rule, now the Leak Tester is blocked.

The AV doesn’t Count.

It wasnt blocked here also, that how the firewall works now, However you can change that.

I can confirm that this occurs on Windows 7 64bit as well.

No other security programs installed.

so far ive had to reinstall my intel 3945abg wireless and ultranav drivers…not quite catching the installs, but much better than v3 already…give it time, we’ll all be hounding the devs like crazy…lol

oh…always forget this:

win7 x64
vipre av

scrolling didnt work in firefox with ultranav - reinstalled driver…good now…but possible bug
wireless got the exclamation point 5 minutes after laptop stabilized…cis detected the network though…i think it maybe reacted too late to let me allow the drivers…uninstalled and reinstalled wireless drivers…ok now, but again, possible bug…when i reinstalled the drivers i had to do a few allows…

btw, i uninstalled v3 1st

I can confirm this as well.

I am running Windows 7 64bit.
Using the stealth ports wizard I set it to alert me to each connection on a case by case basis. Under this setting it failed.

i dont have this trouble…my dpi is 96

Where is the windows explorer contextual menu option Comodo Antivirus Scan ???
I have custom policy firewall and defense plus on paranoid and the leak test did not pass through.

@Chiron494

Leak Test is Application Outgoing
Stealth Ports is Global Incoming

Bad