A. THE BUG/ISSUE:
- What you did: Opened General tasks ~ View logs
- What actually happened or you actually saw: Microsoft files included Outlook.exe and OS files being ‘Scanned online and found safe’
- What you expected to happen or see: No such entries, these files should be vendor trusted
- How you tried to fix it & what happened: Check that trust files from trusted vendors was on in Advanced settings, File Rating ~ File Rating Settings, indeed all settings are at defaults. Checked certificate using signcheck -i -e, and they ae valid.
- If a software compatibility problem have you tried the compatibility fixes (link in format)? : Not a software compatibility problem
- Details & exact version of any software (except CIS) involved (with download link unless malware): Outlook 2010 SP1, 14.0 Build 5003 authenticated with valid licence. Details of other looked up files on request
- Whether you can make the problem happen again, and if so precise steps to make it happen:
- Install CIS
- Open Outlook.exe for the first time since installation
- Go to General Tasks ~ log viewer, and take screen shot. Note record of OUtlook being looked up online (appended)
- Go to Advanced settings ~ file rating. Note trust files from trusted vebdors is ticked.
- Run sigcheck from MS system internals in deep checking mode (-i -e) against Outlook file. Cert is OK
I have not attempted to replicate this by re-installation as a) the installation was a clean install (uninstalled prior public release version of CIS 6.0 before this install, and did forced uninstall of CIS 5.x before original CIS 6.0 install). Also no Betas were installed on this machine b) I am operating two servers from this machine.
- Any other information (eg your guess regarding the cause, with reasons): I wonder if Comodo CertSentry being set to hard fail is causing this problem. Cert sentry, as I understand it intervenes in the assessment of vendor certificates, ensuring that the assessments fail if all online validity checks cannot be made (or of course if they indicate problems), for example if a cert. server is offline. In other words cert sentry makes vendor checks default deny.
B. FILES APPENDED. (Please zip unless screenshots).:
0. A diagnostics report file (Click ‘?’ in top right of main GUI) Required for all issues): Appended
- Screenshots of the 6.0 Killswitch Process Tab (see Advanced tasks ~ Watch Activity) or 5.x Active Process List. If accessible, required for all issues:: Appended
- Screenshots illustrating the bug: Appended
- Screenshots of related CIS event logs: Appended
- A CIS config report or file: Unaltered IS config, so not appended
- Crash or freeze dump file: Not appended
- Screenshot of More~About page. Can be used instead of typed product and AV database version: Not appended
C. YOUR SETUP:
- CIS version, AV database version & configuration: CIS 6.0 Build 2674, Database version 14786, Internet security config
- a) Have you updated (without uninstall) from a previous version of CIS: No uninstall then install using CIS 6.0 installer.
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: N/A
- a) Have you imported a config from a previous version of CIS: No
b) if so, have U tried a standard config (without losing settings - if not please do)?: N/A
- Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No
- Defense+/HIPS, Autosandbox/BBlocker, Firewall & AV security levels: HIPS=off, BB=partially limited, Firewall=safe, AV=Default
- OS version, service pack, number of bits, UAC setting, & account type: Win 7 Ultimate, SP1, x64, Uac=off, Admin
- Other security and utility software currently installed: Comodo Certsentry, Vmware workstation, Logmein, Clipmate, Raser keyboard configurator, Canon Network utility, Bluetooth configurator, Vmware, Filezilla server, WAR-FTP server, Routerstats, Acrobat, Comodo Ivault, FastStone capture
- Other security software previously installed at any time since Windows was last installed: None
- Virtual machine used (Please do NOT use Virtual box)[color=blue]: Installed on production
Link to files on FTP server:
Config unchanged from this one when bug observed
Username and password as before. If you have forgotten them please consult the Mod’s Preview Board, Mod’s password sticky.
[attachment deleted by admin]