Defense + blocks with me KillSwitch.exe

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
1

Defense + blocks with me KillSwitch.exe

I have Defense + in Safe Mode

[attachment deleted by admin]

2

We would very much appreciate it if you would edit your first post to create an issue report in line with the bug forum guidelines and format here. You can copy and paste the format from this topic.

To understand the reasons why we ask you to follow these guidelines please see below.

WHY WE ASK YOU TO FOLLOW THESE GUIDELINES
Bugs/issues can be impossible or very time consuming to fix if developers don’t have enough information to reproduce them. Since CIS is free, development time is limited. So if you want your issue fixed, please use the format below to describe it.

To avoid clutter, issues not described in the format below your post will not be moved to the ‘moderator verified’ issues topic. This means that the developers may not look at it.

Best wishes and many thanks in anticipation

Dennis

3

I have the same problem, so here is the report in the requested format:
Defense + apparently blocks KillSwitch

The bug/issue

  1. What you did: Opened KillSwitch and left it run in the background.
  2. What actually happened or you actually saw: While KillSwitch is running in the background, Defense + in the Comodo firewall logs that it blocked intrusions as seen on the Summary page (over 30000 events and that number is increasing almost every second when KillSwitch is launched.
  3. What you expected to happen or see: No logging by Defense +.
  4. How you tried to fix it & what happened: No, don’t know what to do.
  5. If its an application compatibility problem have you tried the application fixes here?: Yes, I added KillSwitch as a Trusted Application in the Defense + Rules but the problem persists.
  6. Details (exact version) of any application involved with download link: Comodo firewall v5.0.162636.1135 and KillSwitch version 1.2.174769.31 (the same problem was inherent in the previous version of KillSwitch (1.1.174294.27).
  7. Whether you can make the problem happen again, and if so exact steps to make it happen: Opened KillSwitch and looked into Defense + Events. It is apparently blocking KillSwitch in Accessing Memory every few seconds.
  8. Any other information (eg your guess regarding the cause, with reasons): N/A.

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug: Attached to the post.
  2. Screenshots of related CIS event logs and the Defense+ Active Processes List: Attached to the post.
  3. A CIS config report or file. Attached to the post.
  4. Crash or freeze dump file: N/A

Your set-up

  1. CIS version, AV database version & configuration used: Comodo firewall v5.0.162636.1135, Proactive configuration.
  2. a) Have you updated (without uninstall) from CIS 3 or 4: No.
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: -
  3. a) Have you imported a config from a previous version of CIS: No.
    b) if so, have U tried a standard config (without losing settings - if not please do)?: -
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No, I think that settings are pretty much default.
  5. Defense+, Sandbox, Firewall & AV security levels: D+= Safe Mode, Sandbox= Enabled, Firewall = Safe Mode , AV = N/A
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows 7, 32-bit, Default UAC setting - Notify me only when programs try to make changes to my computer and I have administrator rights.
  7. Other security and utility software installed: Avast 5.0.
  8. Virtual machine used (Please do NOT use Virtual box): None.

[attachment deleted by admin]

4

This is what we expect to see. CIS is protecting its self to memory access by other programs. The only you can do about this is editing the protection rules of CIS to allow Killswitch to access CIS in memory.

This is not a bug in CIS. When you think that the memory access by Killswitch is a questionable engineering practice please report it in the bug report topic of Killswitch.

5

Thank you for the explanation; I wasn’t sure whether KillSwitch was able to do his job properly as Defense + constantly blocked him.

Can you explain me how to allow KillSwitch accessing the memory?

6

To resolve the memory access problem:

Select Defense+ → Computer Security Policy.
Scroll down to Comodo Internet Security, select Edit → Protection Settings.
Interprocess memory Access (Active Yes) select Modify → Add -->Now use Running Processes or Browse to point to the concerned file(s) .
Then just “Apply” to each window as you exit.

7

Thank you very much; it works! :slight_smile:

8

Did not work for me.
I have the same problem with my log, there are new lines added every few seconds, saying xampp-control.exe access memory cmdagent.exe.
After i have done the things written above, the problem is still there.
I could solve it with deleting the complete CIS-group from the policies, which i think isn’t a good solution, but at least it works. -.-

9

Nibbler. Follow the instructions closely. Please make sure you added the exception for interprocess memory access for xampp under the Protection Settings tab (not under the Access Rights tab).

10

no a problem, I say let it be. Killswitch will work just fine, as long as you are not trying to destroy CIS with it, there is no problem.

11

Thank you so much for this.
I was actually considering dumping Comodo because of this problem.

It was doing this with both Xampp and an Nvidia dll.

This is a major flaw in Comodo security though - one cannot expect the average user to go through that entire process, let alone realise what is going on.

Not too sure why they even have “add to Trusted Files” on the right click in Defense+ Events.

12

Got a new computer and the problem continues to surface with xampp. Adding those exceptions is really painful. Please Comodo fix this.

13

Like Eric above said, this actually is not a bug, so they have nothing to fix. But I agree that is quite annoying to go through this process every time new version comes out.

Maybe they should add an option to disable logging for particular events, but leave the protection active.

14

Sounds like a wish to me. Please consider posting it in Wishlist - CIS.

15

In my case the solution worked partially for xampp. Log Viewer stopped showing that xampp is being blocked, but on Summary page in row “Defence+ has blocked 231 intrusion(s) so far” the number and simple Defence+ Events list is being continuously increasing with xamp-control.exe - access memory - CIS