Hello
Ran into an issue where Comodo is blocking and isolating an application at the same times each day at around 18:36 pm and 10:38pm.
The applications are always the same C:\ProgramData\Comodo\Cis\tempscrpt\C_powershell.exe_(then followed by massive mix of number and letters which is different at the two times) and C:\Windows\System32\conhost.exe.
As well as the Parent process path C:\windows\system32\Driverstore\filerepository\asussci.inf_amd64_928e10c7f3f296dc\ASUSSYstemAnalysis\AsusSystemAnalysis.exe for the first application and C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe for the second. The former contained by the Containment Policy and the latter is a contained process.
I’m not very tech savvy but I am very critical when it comes to cyber security. I am not sure if this is malware, false positive or a bug. I’ve already submitted the files but I would very much appreciate some insight.
Hello
I hope this is the correct area to post this.
Last week starting on the 23/06/2021. I ran into an issue where Comodo is blocking and isolating an application at the same times each day at roughly around 18:36 pm and 10:38pm GMT 00 since I am from England.
The applications are always the same C:\ProgramData\Comodo\Cis\tempscrpt\C_powershell.exe_(then followed by massive mix of number and letters which is different at the two times) and C:\Windows\System32\conhost.exe.
As well as the Parent process path C:\windows\system32\Driverstore\filerepository\asussci.inf_amd64_928e10c7f3f296dc\ASUSSYstemAnalysis\AsusSystemAnalysis.exe for the first application and C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe for the second. The former contained by the Containment Policy and the latter is a contained process.
I’m not very tech savvy but I am very critical when it comes to cyber security. Can’t tell if Comodo is blocking a process my computer needs to do or blocking something malicious. I don’t go onto dodgy sites before anyone asks. I’ve already submitted the files through Comodo but I would very much appreciate some insight.
I’ve attached a PDF with screens on what the recent containment events log is showing. Again I would really appreciate some advice with this one.
Hi Vultrio,
Thank you for reporting, we are checking this.
Thank you for investigating this.
I’ll keep submitting files through CIS. Once you’ve found out the problem could you let me know please.
Has there been any progress with this?
Hello
I’ve recently comeback from holiday (allowed my brother’s nephew to play on my computer) and I can see that Comodo is still isolating PowerShell’s. I can also see a couple other threads about similar issues.
I’ve submitted the files and added a screenshot of the latest isolated programs.