Core MS files not vendor trusted, so get scanned online [M201]

A. THE BUG/ISSUE:

1. What you did: Opened General tasks ~ View logs
2. What actually happened or you actually saw: Microsoft files included Outlook.exe and OS files being ‘Scanned online and found safe’
3. What you expected to happen or see: No such entries, these files should be vendor trusted
4. How you tried to fix it & what happened: Check that trust files from trusted vendors was on in Advanced settings, File Rating ~ File Rating Settings, indeed all settings are at defaults. Checked certificate using signcheck -i -e, and they ae valid.
5. If a software compatibility problem have you tried the compatibility fixes (link in format)? : Not a software compatibility problem
6. Details & exact version of any software (except CIS) involved (with download link unless malware): Outlook 2010 SP1, 14.0 Build 5003 authenticated with valid licence. Details of other looked up files on request
7. Whether you can make the problem happen again, and if so precise steps to make it happen:

1. Install CIS
2. Open Outlook.exe for the first time since installation
3. Go to General Tasks ~ log viewer, and take screen shot. Note record of OUtlook being looked up online (appended)
4. Go to Advanced settings ~ file rating. Note trust files from trusted vebdors is ticked.
5. Run sigcheck from MS system internals in deep checking mode (-i -e) against Outlook file. Cert is OK
   I have not attempted to replicate this by re-installation as a) the installation was a clean install (uninstalled prior public release version of CIS 6.0 before this install, and did forced uninstall of CIS 5.x before original CIS 6.0 install). Also no Betas were installed on this machine b) I am operating two servers from this machine.

8. Any other information (eg your guess regarding the cause, with reasons): I wonder if Comodo CertSentry being set to hard fail is causing this problem. Cert sentry, as I understand it intervenes in the assessment of vendor certificates, ensuring that the assessments fail if all online validity checks cannot be made (or of course if they indicate problems), for example if a cert. server is offline. In other words cert sentry makes vendor checks default deny.

B. FILES APPENDED. (Please zip unless screenshots).:
0. A diagnostics report file (Click ‘?’ in top right of main GUI) Required for all issues): Appended

1. Screenshots of the 6.0 Killswitch Process Tab (see Advanced tasks ~ Watch Activity) or 5.x Active Process List. If accessible, required for all issues:: Appended
2. Screenshots illustrating the bug: Appended
3. Screenshots of related CIS event logs: Appended
4. A CIS config report or file: Unaltered IS config, so not appended
5. Crash or freeze dump file: Not appended
6. Screenshot of More~About page. Can be used instead of typed product and AV database version: Not appended

C. YOUR SETUP:

1. CIS version, AV database version & configuration: CIS 6.0 Build 2674, Database version 14786, Internet security config
2. a) Have you updated (without uninstall) from a previous version of CIS: No uninstall then install using CIS 6.0 installer.
   b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: N/A
3. a) Have you imported a config from a previous version of CIS: No
   b) if so, have U tried a standard config (without losing settings - if not please do)?: N/A
4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No
5. Defense+/HIPS, Autosandbox/BBlocker, Firewall & AV security levels: HIPS=off, BB=partially limited, Firewall=safe, AV=Default
6. OS version, service pack, number of bits, UAC setting, & account type: Win 7 Ultimate, SP1, x64, Uac=off, Admin
7. Other security and utility software currently installed: Comodo Certsentry, Vmware workstation, Logmein, Clipmate, Raser keyboard configurator, Canon Network utility, Bluetooth configurator, Vmware, Filezilla server, WAR-FTP server, Routerstats, Acrobat, Comodo Ivault, FastStone capture
8. Other security software previously installed at any time since Windows was last installed: None
9. Virtual machine used (Please do NOT use Virtual box)[color=blue]: Installed on production

Link to files on FTP server:

ftp://82.69.43.252/CisReport_v6.0.260739.2674_20121229-144436.zip

Config unchanged from this one when bug observed

ftp://82.69.43.252/Outlook.7z

Username and password as before. If you have forgotten them please consult the Mod’s Preview Board, Mod’s password sticky.

[attachment deleted by admin]

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

Can you please check and see if this is fixed with the newest version? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

I will review later on this one, not enough length of logging to be sure.

Needs to go through a few major OS updates

Sorry

Best wishes

Mouse

Can you please check and see if this is fixed with the newest version (6.2.282872.2847)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

Cannot really check this until I have CIS 2847 installed on production sorry. Will need to wait for tracker transfer. No such entries on VM.

No problem. Once you can check this please update the bug report. No hurry though. ;D

Can you please check and see if this is fixed with the newest version (6.3.294583.2937)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

Still present in 2937.

Best wishes

Mike

Thank you for checking this.

The tracker has been updated.

Can you please check and see if this is fixed with the newest version (7.0.313494.4115)? Please respond to this topic letting us know whether it is fixed or if you are still experiencing the problem.

Thank you.

PM sent.

No this is still happening in 4115. Best wishes. Mike.

Thanks for checking this. The tracker has been updated.

The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.

If you are able please check with the newest version (CIS version 8.0.0.4337) and let me know if this is fixed on your computer with that version.

Thank you.

This issue is still occurring on version <8.2.0.4508>.

I’ve updated tracker data.

Thanks.

Fixed in 8.2.0.4703 as I have tried executing multiple applications that are digitally signed and CIS didn’t log an online lookup and the files were rated as trusted in the file list.

In that case, I will move this one to “Resolved” section.
Thank you.