DEF + keeps giving privileged rights to IE8

Hi everybody.

Just made a new install of CIS 5 on an acronis restore of XP. Do’nt understand what’s happening. I set all the rules for IE8 at ASK, but Comodo keeps returning them to ALLOWED. I keep resetting the rules to ask (with OK, Aly, OK), but as soon as i launch IE, Comodo revert them to allow. I have no more control on IE and do’nt receive a single alert from Comodo. I’m in parano mode and have checked everything in monitoring and execution control settings. I have been using Comodo for several years and never encountered this problem with previous versions.

Everything else seems to work fine, except this problem with IE.

Does anybody know what’s the matter and what to to to make Comodo remember my rules? Is it a bug in Cis?

Any help is welcome. Thanks in advance

Microsoft is a trusted vendor. this may be why it keeps getting changed back.

Hello John. Thanks for you reply.

You might be right.

In fact after installing CIS 5 I set it to training mode and launch all my apllic including IE8. After I changed to parano mode. The rules created by CIS for IE8 were too permissive for my taste (everything was in allow except run exe and protected registry keys and files) so I set all the rules to ask and had the always resetting to allow by CIS.

Yesterday, I made a second new install of CIS 5. This time I did’nt enter training mode for IE8 and instead set immediately the rules to ask. After launching IE, CIS asks permissions and I was able to make him remember MY rules.

So if I understand well, with CIS 5 if you set him to learning, he allows nearly everything for the applic he knows because for him they are trusted and if you find his rules too permissive well you CAN’T change them afterwards. CIS learns just one time and for good. All the applic he knows are trusted and can do everything they want. For instance, IE can install device drivers, access physical memory, intall hooks,…without a single prompt from CIS and without the knowledge of the user.

I do’nt understand why the user is’nt allowed to stiffen the rules even for applications considered trusted by CIS. What the use of a HIP if lots of things are allowed without the consent of the user?

You don’t need to to reinstall in such a situation.

You only have to untrust the vendor you want (or all of them as far as i am concerned) and then amend the previously written firewall and defense+ rules.

It is said that a majority of users did’nt want to be alerted for usual applications, therefore said to be trusted.

Thanks Brucine for the suggestion.

I’ll take the name ot the vendor out of the list of “trusted vendors list” if have the same problem with another application, but I’m not sure it’ll be enough since the vendor will still be in the whitelist of Comodo.

As for IE, it is part of Microsoft. If I tell CIS that MS is untrusted, I’m afaid i’ll have lots of problem running my OS.

No you won’t.

I don’t have any trusted vendor, including Microsoft.

The turnabout is of course some alerts being asked for Microsoft software (but that’s we want, right?), and being asked to run IE if there’s no other way (e.g. some stupid softwares, including Comodo, only update some features via IE).

But you won’t be asked for any standard Windows application as long as you keep them in the default Windows Operating System group.

I described a way to customize each and every Windows application, but there you indeed shall be alerted for everything you do, including on your local disk: most certainly the safest conguration, but quite a pain to set.

Thanks Brucine. I’ll try what you suggest.

Notes that for he time being, having set CIS5 to parano mode after installation seems to have made the trick. I receive all the prompts I expected.