Hi All,
Updates have been released to all older versions of CIS/CAV/CFW products.
Please share if you experience any issue.
Thanks
-umesh
VirusScope monitors unrecognized applications and alerts when it triggers a recognizer suspicious activity. If it was rated as trusted then you won’t get VirusScope alerts.
Interesting enough valkyrie says it is trusted but CIS still see it as unrecognized Advanced File Analysis System | Valkyrie
“fls”: {
“timestamp”: “2018-03-20T14:48:43.076Z”,
“verdict”: “Unknown”,
“transport”: “DirectFls”
Seems safe verdict given in past hrs and yet to appear in cloud. Checking…
Are these applications digitally signed then you can add their signatures to the Trusted Vendor List and request the publishers to become part of the TVL in Submit Applications Here To Be Whitelisted - 2018.
When they are not signed their installers and binaries need to be whitelisted every time they get updated. There are more options to deal with that when you would not be using default settings and take matters more into your own hands.
About the detection by Viruscope would you please consider filing a bug report on it in the bugs section following the required protocol? Following protocol is necessary to be sure Comodo will see and take the bug into consideration and will try to reproduce etc.
Well, some files which are part of K-Lite Codec Pack have digital signatures (like madVR) and some not (like LAV filters).Media Player Classic Home Cinema is a some kind of project (instead of Media player Classic) and doesn’t have digital signature, but it is perfectly safe and now one of the most popular media players in the world with many abilities.
I would like to fill a bug report about VirusScope detection, but that’s happening only during installation of K-Lite Codec Pack and I already chosen options to put a file to exclusion list.And that’s also strange, I can’t see nothing about Media Player Classic Home Cinema in the Scan Exclusions under Advanced Protection under General Settings.I don’t know at all where we can find VirusScope exclusion list and flagged false positive files?
I can fill bug report when I will install a new version of K-Lite Codec Pack if the problem still exists.
I have the same issue. Updated throught the program.
Hello team,
Just to say that I received the update some minutes ago.
the update caused no problems, restart and logon without anything working weird.
It seems this version 10 is way better for updates than older versions.
great job.
greetings,
ailef
Does Viruscope flag the installers or does it also flag some the individual binaries after installation?
Updated fine, but I still can’t watch videos on Facebook or see gifs on it.
VirusScore flags only Media Player Classic Home Cinema exe file.
Windows 7 - 64 bit - version 10.1.0.6476
Updated to current version (10.2.0.6526)
Everything works correctly
Thanks for the update!
:-TU
I got updated to 10.2.0.6526 yesterday and all seemed well. But this morning I encountered a couple of odd behavior and I was wondering if anyone else was aware of it and if there is something on my end to fix this.
[b]Issue #1
[/b]I am fairly certain is a GUI bug, and may have been there for a while, don’t know but just encountered it. If you get a “warning” popup in the settings GUI, then it will no longer respond to OK button or CANCEL and can only be closed by using the X on the top but when you go back in, it shows the setting did take, which means somehow it didn’t return control back to the main GUI that generated the pop up. Let me elaborate on the step that resulted in this for me, so maybe you can test it on your end.
- Open Advanced Settings
- Under say HIPS Settings, check “Block all unknown requests …”
- A pop up comes up that says something to the effect of, are you sure, it is only for really infested systems, etc etc.
- Click ok to continue and it will dismiss the popup
- Click OK to save and close the GUI, won’t do anything
- Click CANCEL to close the GUI, won’t do anything
- Click on the X on the top, it will close the GUI
- Go back in, the setting is checked (meaning the setting took)
[u][b]Issue #2
[/b][/u]This morning the system loaded and all was well but the systray icon for CIS (I only have the firewall installed) wasn’t there. Nothing showing. I ran a couple of apps that I know won’t be on the rules list (I use custom rules) and the decision panel never popped up. This has never happened before, it always runs with the system, but today it didn’t. I clicked on the app from the start menu and it showed up and all was well but in the meantime the suggestion being, it wasn’t running, despite CIS service showing in the task manager as running. I hate to think that during all this time until I noticed it, nothing was being blocked, that would suck big time for sure. So, anyone seen this happen and know why?
Running diagnostics within the app shows nothing is wrong, so again makes this even more odd for me. Thoughts? TIA.
I only use FW and HIPS components. 6526 is the best version recently. Please don’t ruin it!
It does not reproduce on Win 10 Insider 17123 running CIS.
[u][b]Issue #2When you say CIS service do you mean cmdagent.exe? When you checked task manager did you see other CIS processes (cis.exe, cavwp.exe)?[/b][/u]This morning the system loaded and all was well but the systray icon for CIS (I only have the firewall installed) wasn’t there. Nothing showing. I ran a couple of apps that I know won’t be on the rules list (I use custom rules) and the decision panel never popped up. This has never happened before, it always runs with the system, but today it didn’t. I clicked on the app from the start menu and it showed up and all was well but in the meantime the suggestion being, it wasn’t running, despite CIS service showing in the task manager as running. I hate to think that during all this time until I noticed it, nothing was being blocked, that would suck big time for sure. So, anyone seen this happen and know why?
Running diagnostics within the app shows nothing is wrong, so again makes this even more odd for me. Thoughts? TIA.
Did you change the settings of CFW to get alerted when Apps (from App store) are being run?
When cmdagent.exe is running and the client (cis.exe) is not running then I would expect CIS to block because of the Default Deny principle.
Will protect CiS from Squiblydoo ?
What do you think yourself? 
I’ll be honest, I do not know ;D
Comodo Internet Security v10.2.0.6526 It’s perfect. I’m very happy. Thank you very much.
Interesting, I am on Windows 10 Pro 1709 (16299.309) and it is consistently reproducible, perhaps we can test this on a release version of Windows instead of Insider build? Given that the release version is the common version, not the insider, just thinking out loud here.
When you say CIS service do you mean cmdagent.exe? When you checked task manager did you see other CIS processes (cis.exe, cavwp.exe)?
I mean COMODO Internet Security (aka cis.exe, cavwp.exe, cistray.exe) closing out shortly after running and then disappearing from the task manager, BUT, COMODO Internet Security Helper Service continues to run (aka cmdagent.exe). Does that clarify? I checked the event manager and the error that appears about the same time that this happens has a message about twin_ui crashing explorer.EXE (which I wish I had the exact message but unfortunately this system purges logs daily, ■■■■, I should have grabbed it - hindsight, thou art a heartless )
Did you change the settings of CFW to get alerted when Apps (from App store) are being run?
First, there is no specific setting for “Windows Apps” and yes, they are detected just fine as regular attempting to make a connection and always have, I have tons of them on my rules, some allowed, some not, some limited to just LAN (my own configuration not on the default rulesets). So, where are you seeing this specific setting? And that is not the issue that was encountered anyway, the apps I tested with were not Windows Apps but even so given my experience, they would be detected just the same. I am open to clarification on that if you have it.
When cmdagent.exe is running and the client (cis.exe) is not running then I would expect CIS to block because of the Default Deny principle.
While that expectation may be the case (or intended), we have no way to know if it is actually happening and that wasn’t my observation. Since an app that has no internet access shouldn’t be able to successfully check for updates if it hasn’t been ruled to do so already (which they weren’t) and the default deny is on, if that was the case. Right? Assuming that’s what you mean, they shouldn’t by default have access.
Please advise.
Recently, the Carbon Black Threat Research Team was made aware of a [b]post exploitation technique[/b], dubbed “Squiblydoo,” designed to bypass application whitelisting software by utilizing tools that are built into the operating system by default.First the payload needs to be dropped on a system. First it needs to bypass the sandbox or fool the user.
This discovery continues a trend of attackers using native OS tools to conduct attacks, a trend that has been well documented in recent months. (The Carbon Black Threat Research Team recently discovered malware written in PowerShell.)
Never previously seen in the wild, Squiblydoo allows a user with normal privileges to download and execute a script hosted on a remote server.That looks like a fileless malware which should be caught by the sandbox. [s]However Powershell is not enabled by default under [url=https://help.comodo.com/topic-72-1-766-11485-Miscellaneous-Settings.html#heuristic_analysis]Configure heuristic command line analysis for certain applications[/url]. [/s]
But luckily such a malware has not been seen in the wild as of yet and it also needs to get on the system in the first place. If you want to be ahead of a possible curve simply enable to check Powershell under Configure heuristic command line analysis for certain applications.
Edit: My information about settings for Powershell under Configure heuristic command line analysis for certain applications was not correct. It reflected that I am using a profile that goes back several versions and that when new script hosts were added that did not reflect in my configuration.