Defense+ bypassed by GIMP software

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
1

A. THE BUG/ISSUE:

  1. What you did: downloaded Windows version of GIMP , installed and ran it
  2. What actually happened or you actually saw: Defense+ was completely oblivious of GIMP, didn’t issue any alert during install or running of GIMP
  3. What you expected to happen or see: alerts from Defense+ as it is set in paranoid mode. Except for GIMP Defense+ alerts me for each move when I install or run a software. With GIMP Defense+ didn’t react at all as if GIMP was invisible for Defense+.
  4. How you tried to fix it & what happened: checked my defense+ settings (see images attached), but nothing could explain why Defense+ is bypassed
  5. If a software compatibility problem have you tried the compatibility fixes (link in format)?: not relevant
  6. Details & exact version of any software (execpt CIS) involved (with download link unless malware): GIMP 2.6.11, version for Windows, downloaded at http://www.gimp.org/
  7. Whether you can make the problem happen again, and if so precise steps to make it happen: yes, at will. Just restore a previous image of my system and install GIMP again. I got the same lack of reaction from Defense+
  8. Any other information (eg your guess regarding the cause, with reasons): GIMP is an open source software initially designed for Linux, but there is a version for Windows which is the one I installed

B. FILES APPENDED. (Please zip unless screenshots).:

  1. Screenshots of the Defense plus Active Processes List (Required for all issues):
  2. Screenshots illustrating the bug:
  3. Screenshots of related CIS event logs:
  4. A CIS config report or file:
  5. Crash or freeze dump file:
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version:

C. YOUR SETUP: Fw in custom mode, Defense+ in paranoid mode (see images attached of Defense+ Settings), Configuration=Proactive Security, AV:Avast free

  1. CIS version, AV database version & configuration: see image attached
  2. a) Have you updated (without uninstall) from a previous version of CIS: no
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: no
  3. a) Have you imported a config from a previous version of CIS: no
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): none that can explain the problem
  5. Defense+, Sandbox, Firewall & AV security levels: defense+ & sandbox see attached images; FW : custom policy
  6. OS version, service pack, number of bits, UAC setting, & account type: win XP SP3 32bits; administrator account
  7. Other security and utility software currently installed: Avast free; Autoruns; Process Explorer
  8. Other security software previously installed at any time since Windows was last installed: none
  9. Virtual machine used (Please do NOT use Virtual box)[color=blue]: the problem arised on the host machine ==> real machine

NB : I’am anxious that if GIMP can so easily bypass Defense+ when set at his highest level, a malware with the same file structure than GIMP could also bypass Defense+

[attachment deleted by admin]

2

I tried to reproduce on my Win 7 SP 1 x86 and with XP SP3 in VM Ware but GIMP appeared in Active Programs list and I would get alerts in Proactive/Paranoid.

Could you try importing a clean version of the Proactive Security from the Comodo installation folder and try again? That is to see if there might be something going on with your installation of CIS or not. In case it is not we need to look elsewhere.

3

Hi Eric,

Except for GIMP, Defense+ works as it should. I will nevertheless try what you suggest and let you know if that solve the problem.

4

Eric,

I’m baffled. I imported a clean version of the Proactive Security from the Comodo installation folder as you asked and got all the alerts from Defense+ as expected.

Before the install of GIMP, I never noticed a strange behavior or lack of reaction from Defense+ tough it seems now that my proactive configuration was somehow corrupted. How is it possible? That seems so strange and tough that’s as it is.

Thanks Eric, this topic can surely be removed and I’ll close the one I had previously opened in Defense+ help section.

Boris

5

Moved thread to resolved.

6

It is always possible that one’s rules get corrupted after cmdagent.exe or cfp.exe has crashed. That sometimes happens and I have had it happen once or twice in the past.