Running Comodo Leaktest against current CIS 10.1.0.6476 and CLT.exe seems to be trusted by Comodo Cloud. But when disabling the cloud and removing CLT.exe from file list, it will still show up as trusted upon another execution. I have to change CLT.exe rating to Unknown 2 times for it to be treated as unknown and HIPS needs to be in paranoid mode to block all tests and then get 340/340 score (with Auto-Containment disabled).
Is it happening with anyone else? Is it a bug or some internal component of CIS is classifying CLT.exe either as Trusted or an Installer? I’ve tested also with Spyshelter’s Antitest.exe and despite Antitest.exe being trusted by Cloud, once Cloud is disabled CIS passes every test just fine.
Thank you Umesh. I think I discovered what is happening: I modified CLT.exe with ResourceHacker (removed CLT.exe icon) and re-launched it, all tests passed while in Safe Mode. I think CLT.exe hash was being somehow trusted by CIS. I will inform the whitelisting guys about this. Thanks.
Yes CLT is trusted in FLS. And if you remove it from the list and disabled cloud lookup then run clt again you won’t get any HIPS alerts despite file list indicating it is unrecognized. Umesh does this have to do with file rating cache logic?
Thanks, safe sign has been removed from file now, so you should see CIS treating it unknown. Seems it was whitelisted by mistake
In case application is executed and found Safe, unless you exclusively go to File Rating section and change rating to “Unrecognized”, it will be in cache and in quite possible we may have Safe sign in AV bases also.
So best is to change file rating if you want CIS to treat it in specific manner.
The hash of the CLT.exe I used first was 519c595797b293f4977654c8c61ae80dc735b703 the same one mentioned by futuretech. It is showing up as unknown on my end, but its actions are only blocked while in Paranoid Mode. I think it has something to do with file rating caching like futuretech said. But I am satisfied because when I changed CLT.exe’s icon (for its hash to be changed) then CIS passed all tests while in Safe Mode, so all good now. :-TU