Hopefully it’ll be fixed soon for both of us and others that are having this issue.
Question: Does the HIPS logging log events that go unanswered by the user?
If not, I suggest that it should. (Especially because these are essentially “blocked,” since they’re not acknowledged.) Here’s the issue:
I leave my desktop Win7 on continuously. Sometimes, in the middle of the night, while sleeping in a room nearby, I can hear CIS give an audio alert, that something tried to start.
It might be that Windows scheduled some system thing to run in the middle of the night. Or it might be something else. In any event (no pun intended), when I get to the computer in the morning, there’s no trace of what tried to run in the middle of the night.
That is, the Comodo window says “0” items blocked. And nothing in the log.
P.S. I have HIPS set to “Safe.” Even so, it seems more paranoid in v11 than it used to be in v8, in that I get asked a lot about normal windows stuff.
A decent solution is to disable HIPS and use only the containment. i did this years ago and everything is perfect. just activate the proactive security.
I can’t see in the Logs a way to filter in the column Component the “website filtering” settings.
Hi Cheater87,
Thanks for checking and reporting back. You can expect fix available in the July-end release.
Please bear with us.
Kind Regards,
PremJK
Yes it does you need to set the time filter to no filtering/Entire period to see all events. Also check to make sure the file group Windows System Applications is defined as Windows System Application in HIPS rules, if not then you will get alerts coming from the System process.
Click advanced filter button at the top row in the log viewer.
Thanks @futuretech. Filtering is already set for “No filtering/Entire period.” Nothing shows in the log. That’s why I made the report. Seems odd that I could have stuff beep the Alert but not see it in the log. (Hence my report.)
And AFAIK, Windows Systems Applications is defined in the HIPS Rules. (It’s a default, correct?) That is, I see it, it’s still there.
I have proactive set.
I use HIPS because I don’t understand how Containment would work with a windows Alert. I mean, suppose dism.exe needs to run. (Like it does when you launch Disk Cleanup.) If dism.exe is sandboxed, then how can it clean up your C drive? Seems to me that it wouldn’t have that (low) level of access.
Dism.exe is a digitally signed Windows executable and will therefor not be sandboxed if you have Containment enabled.
Ahhh okay. I turned off the Trusted stuff, because as Steve Gibson says, “Trust no one.” Seems a State actor could figure out a way to forge a trusted signature.
I just upgraded from Comodo 10 to 11 on my Windows 8.1 x64 PC using the Offline Setup:
https://download.comodo.com/cis/download/installs/1000/standalone/cispremium_only_installer.exe
(I will never ever use an onlineinstaller!)
I’m very upset now and reinstalled Comodo 10! I only want to use Firewall like I did many years. I don’t want any scan or other protection by Comodo!
But on every boot of Windows Comodo 11 starts an Quick Scan. That’s annoying enough. To make matters worse, the scan window remains open. And there ist a second WIndow that opens, the main Window of Comodo telling me that there ist a risk, because Anty Virus is disabled. Yes, I Know, and I want to keep it disabled!
How can I turn this ■■■■ off?
I hope you will fix these stupid bugs.
Hi User 69,
What you used is off line installer and not online installer, by default it installs both Comodo Firewall and Comodo Antivirus.
During installation you do get option to de-select Antivirus / Firewall if you want, please see enclosed.
So you might want to uninstall Antivirus module, when you uninstall, it gives you option to uninstall specific module, please see enclosed.
Hope that helps.
Thanks
-umesh
Oops - found my problem with CIS not logging HIPS Alerts.
I had disabled logging.
So, even though stupid on my part, perhaps the Comodo UI should complain when you try to look at a log page but have Logging Disabled?
Excellent, thank you very much!
wait version 12… 
Constantly appear in unidentified, trusted applications. After repeated uploads, they again appear in unidentified.
Visual bug only: https://forums.comodo.com/bug-reports-cis/unrecognised-files-t122322.0.html;msg878446#msg878446
Since maybe a week imgur.com doesn’t work properly, as some images don’t load, while cmdagent.exe is high in CPU usage; in “website filtering events” I see maaany entries related: in Category I see Phishing and in Action I see Ask (since in settings I have in Blocked Sites > Restrictions: Ask + Logging on), but it almost never ask me anything anyway. I could put Imgur to exclusion, but I think a definition change is mandatory anyway.
Among all those entries I still can’t see it; maybe it’s my eys, but are you sure?
Under the Show pulldown - choose Website Filtering Events and then you’ll see it
I’m sorry, I wasn’t clear, I change what I said:
I can’t see in the Logs > Configuration Changes a way to filter in the column Component the “website filtering” settings.
As for the post I just wrote, I add that just by trying to open an image of Imgur will fill up the log (20MB in a couple of seconds), so I hope someone could fix this, beside the Ask thing that isn’t always triggered.