Defense+ creates quarantined files without AV, then blocks them [solved]

This bug report is a synopsis of my experience, which I have documented in Defense+ Help forum with the subject: “Adobe Reader 9.1 has bad, continuing problems”.

I am on Comodo Firewall v3.9.95478.509 with settings: Configuration: Proactive Security; Defense+: Clean PC mode; Firewall Security: Safe Mode, and have had no problems installing or using the various versions of Adobe Reader. 9.0 installed and ran fine.

Now 9.1 had these problems: 1) couldn’t install it successfully. Comodo blocked Reader\plug_ins\search.api. Even when I added that file to My Safe Files, it still blocked it. The only way to complete the installation was to changed to Configuration: Firewall.

Subsequently, Adobe Reader would not run. CIS kept blocking Reader\CoolType.dll no matter what I tried, even when I disabled D+. Only when I switched to Firewall Security would it run. A workaround solved the problem, as suggested by EricH: to load in a new Proactive Security. It worked.

Bug analysis: I found multiple quarantined files in HKLM\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Quarantined Files, including CoolType.dll, even though AV is not installed. Furthermore, this file was blocked for execution, even though AV is not installed.

So there are two bugs (at least): (1) The free CIS, without AV, can quarantine files, (2) which D+ blocks. There is no way for the normal user to remove the files from quarantine.

Guess it was not a bug. At most there is a typo in the “My Blocked files” dialog which still use the old “My Quarantined Files” name

As you confirmed there was a configuration that blocked acrobat components.

Defense+ Tasks > Common Tasks - My Blocked Files allow to lock-down files and folders by completely denying all access rights to them from other processes or users.

(due to a typo Blocked files dialog is still titled “My Quarantined Files”;
PS: the above image taken from the online wiki was likely meant only as an example, everybody is discouraged to quarantine Important/File folder group)

If D+ is set to CleanPC mode the Pending file list will be automatically updated with a list of new files.

Using the Move to button in the pending file list is either possible to manually move these files to My safe file list or to D+ Quarantine/blocked file list.

Note: D+ blocked file/quarantine is different from the AV quarantine feature.

[attachment deleted by admin]

Much thanks. I activated my old Proactice Security configuration that had been giving me the Adobe Reader trouble, and yes, you are right, the blocked files show up there.

So no bug.

(But it’s so much fun to nail down a bug.) :frowning: :slight_smile: