Decided to try CIS again with v6, having an issue

I have HIPS off but BB on and set to restricted. If I try installing something that Comodo shows as unknown I get the isolate warning pop. I hit don’t isolate again and close the app. Upon launching the app again to install it I get a generic memory error.

I don’t see the app in any lists to remove it. But I can’t install it or launch it at all anymore unless I turn BB off to do the install.

Anyone have any ideas?

try adding the installer to the trusted files llst under file rating

Already tried that, it’s a no go :wink:

are there any files in the unrecognized files list? can you post a screenshot of your defense + logs

So, in the example in the log I’m trying to install, obviously, Star Wars Online. I’ve tried the installer I had, and just in case, grabbed the latest from bioware as well.

The file is added to the trusted file list. As you can tell from the logs, even though it’s in the file list and even though I choose to not isolate it again. On every launch it is getting thrown into the sandbox restricted. This is not the only installer this is happening with. But just a single example.

[attachment deleted by admin]

Here it is in trusted files.

[attachment deleted by admin]

Try giving the installer the installer policy. go to the advanced options → hips rules → add the install and give it the “install/updater” policy

another option you could try is excluding the installer from the BB
go to advanced settings → Behavior Blocker → enable “define exceptions for behavior blocking” then select the exceptions button and add the installer.

Either one of these options should work.

When I add any of them as exceptions to BB (and to hips even though I have it off), I no longer get the isolate prompt, but the installs still don’t work. Which brings me to another question, why isn’t the don’t isolate again option working?

Even after doing all of that, the various installers are still showing up in the defense logs as sandboxed and restricted.

If I disable BB, I can run the installers. But that defeats the purpose, doesn’t it?

After you respond with the “Do not isolate again” prompt, did you try and reset the Sandbox before launching the installer again? If you disable BB (and run the installer) what processes does Killswitch show are being called by the installer?

When I reset the sandbox it starts the process over, as in, launch whatever installer, get isolation prompt… etc

I’ll run killswitch in a couple mins and let you know. This is happening for much more then one installer, just figured it would be “easier” to just use one of them as an example.

With HIPS off and BB auto sandbox off, swtor_setup.exe extracts files to the temp folder in the user directory and then kicks off installer.exe. At that point installer.exe is analyzed and then rated as trusted (installer) and the install goes as expected.

It seems to be the auto sandboxing causing my issues. I can have HIPs on, with auto sandboxing unchecked in the BB and the installs go without any issues.

So, what am I loosing if I have auto sandboxing off but HIPs on?

Thats how i use it.
I find auto sandbox more annoying than a question.
And safe mode more easy than clean pc mode.

The main difference will be:
Unknown things will not get restricted if they get allowed.
In safe mode, if you would get a digitial signed trusted malware, your system might get infected without a sandbox, when you run it.
But as you say, you had to disable the sandbox at certain points to do something. So, malware could imitate that “need” too.

If you know what you do, you are safe without automatic sandbox.
You could browse within the fully virtualized comodo sandbox though, for example.

Just dont forget that you dont have the auto sandbox enabled anymore! Thats important.
I would suggest to switch to “proactive configuration” (The settings are saved by configuration. So you may need to make the settings for the new configuration.)

Thanks for the reply, I activated proactive when I turned off auto sandbox. Guess I’ll just use it that way for now on. Thanks again…

Though, why is don’t isolate again not working for some of these installers?

may be a bug

I ended up going back to internet security profile from proactive. As in proactive, even with auto sandbox off and hips on, I was then running into issues where installers would error out part way through and got no notifications from comodo. Nor were any of these showing up in any of the logs.

If I turned off hips, installs were fine.

Switched back to the internet security profile, I still can’t use auto sandbox, but I haven’t encountered any issues yet with HIPS being on.

Did you disable “dont show alerts”?

Not a single day i have used something else than proactive.
All runs like expected.
Or is written into the logs.