Defense+ Popups for digitally signed steam games

A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?:
Yes, even after CIS reinstall.

If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1:Install Comodo Internet Security Premium
2:Have some steam games installed.
3:Try to start game

One or two sentences explaining what actually happened:
When trying to execute a game from steam a Defense+ popup appears telling me that “Steam.exe” tries execute “game.exe”. After that a series of other popups regarding the game trying to hook into “dinput8.dll” etc.

One or two sentences explaining what you expected to happen:
I would have expected CIS to “read” the digital signature of the games or check them against cloud/file rep and allow them to run like it used to.

If a software compatibility problem have you tried the advice to make programs work with CIS?:
It’s not a software compatibility problem.

Any software except CIS/OS involved? If so - name, & exact version:
Steam; games like GTA 5 (signed by Rockstar Games, Inc.), Hitman (signed by Square Enix LTD etc.)

Any other information, eg your guess at the cause, how you tried to fix it etc:
I cannot pinpoint exactly what happened, but for a month Comodo was preventing me from accessing Internet for a few minutes after boot/restart. Therefore I decided to reinstall it and after that the issue started happening. For now I have to go into the Trusted Vendor List and manually add the digital signatures or make it an “allowed application”.
B. YOUR SETUP

Exact CIS version & configuration:
8.4.0.5068/ Internet Security with some changes taken from the Quick Setup Guide.

Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
All

Have you made any other changes to the default config? (egs here.):
The issue happened even before changing anything.

Have you updated (without uninstall) from CIS 5, 6 or 7?:
No
if so, have you tried a a a clean reinstall - if not please do?:
Yes.

Have you imported a config from a previous version of CIS:
No.
if so, have you tried a standard config - if not please do:
Yes.

OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 10 Pro, latest updates, 64 bit, UAC default, Administrator, no virtual

Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=No b=No

[attachment deleted by admin]

Hi,

Is this a duplicate of Bug 1467 ?

Thank you.

Hey, thank you for replying. It is similar indeed, but I don’t have a problem after manually adding the digital signatures or choosing “allowed application”. The problem is I keep getting alerts from files that are digitally signed by big game companies, that had no problem running before CIS reinstall. They don’t get sandboxed, I just get a lot of popups if I don’t choose “allowed application” right away. Correct me if I’m wrong, but Comodo has a “Trusted Vendor List” embedded in the suite and for the others it uses cloud. Even so the file rating should acknowledge the fact that said game (executable) has run on thousands of other computers. Has Comodo user base decreased?

Why it lacks digital signatures for big companies like Rockstar, Square Enix, Ubisoft it eludes me.

Try to re-import configuration from Program Files\COMODO\COMODO Internet Security with a different name and activate it. Any effect?
Also, you can check if vendor is listed in TVL with http://valkyrie.comodo.com. It should normally say “Certificate and Vendor name are Valid”.

Thanks.

  1. Should I import my current configuration or go for one of the default configs and rename them?

  2. Valkyrie needs to be installed, I guess.

The ones located under COMODO folder are default. Try default settings.
As for Valkyrie, you need to register with account/password.

This may help: https://forums.comodo.com/defense-sandbox-faq-cis/settings-for-running-steam-draft-v6-v7-t104384.0.html;msg758690#msg758690

I changed the name for one of the default configuration files and imported it, but nothing changed. The signed executables are still not being recognized.

With Valkyrie, I tried GTA5.exe but the file exceeds the upload size limit. In this case I uploaded the launcher, GTAVLauncher.exe, also signed and the process got stuck at “Behavioral Information Analysis In Progress…”. Anyways, I will attach some screenshots with other parts of the analysis.

Also, here is an analysis of Counter Strike: Global Offensive , a very popular game, with over 10 million players worldwide. csgo.exe is different from the others because it doesn’t have a digital signature, yet had no problem with it before reinstalling comodo.

That’s one way of going about it. However I am reticent about doing such a thing. While most of the games are safe, white listing the whole folder might present a risk. Talking about Counter
Strike: Global Offensive, it was not once that community servers have been found to download trojans in the form of map assets, music files, images etc.

The thing that annoys me the most is that Comodo didn’t use to act like this. I have it installed for over 6 years and almost always it recognized the safe files and the digital signatures. I installed GTA less than a month ago and the first time worked like a charm, no popups. Now, after reinstalling CIS, I get nagged for all of my games.

[attachment deleted by admin]

Attachment"]Certificate Valid,[b]Vendor name Not Valid[/b]
From the looks of it, publisher was not yet added to Trusted Vendors List. Also, it makes sense considering that you were able to manually add the vendor to the list; otherwise, you would get a message saying that it's already in the list.

You could submit these for whitelisting by uploading files to http://camas.comodo.com and providing SHA1 value to analysts. Here’s an example of such request for vendor addition :
https://forums.comodo.com/news-announcements-feedback-cis/submit-applications-here-to-be-whitelisted-2015-t108997.0.html;msg825113#msg825113

PS: Valkyrie is running into infrastructures changes. Thus, we will experience lower service reliability for the moment. Hope it helps.

As far as it concerns me, this is a usability problem. There’s not much I can argue considering Comodo is a free product, but I have a lot of games in my collection and many of them have pretty big executable files and my upload speed is small. More than that, Steam as a platform has thousand of games. I can see this becoming a problem for an increasing number of people.

Even for a free service, I stay strong to my belief that Comodo should include the digital signatures of popular companies and even smaller ones. That or least add them dynamically after they have detected them on a considerable number of computers.

Please forward this to a dev.

I think this is fixed with 8.4.0.5076

-Lookup request is absent for file signed by unknown vendor
can you check?

I guess it is. For testing I used Serious Sam 3 which did not have its digital signature in the TVL. After running the game, the signature got automatically added. Unfortunately, some of the other games, like Rocket League or Counter Strike: GO don’t have a digital signature and I still get nagged about them.

It’s more of feedback. Not really a bug.

I would call it an issue. It was not present in previous versions of Comodo.

In that case, could you provide another example? You could provide these by PM. Perhaps I am not understanding your issue. Sorry for any inconvenience.

As agreed by PM, after discussion, it is resolved now.

Moving to “Resolved” section.
Thank you.