Defense+ Shows Blocked Intrusions When Virtual Desktop Is Run [M95]

1. The full product and its version:
COMODO FIREWALL 8.0.332922.4281 BETA
2. Your Operating System (32 or 64 bit) and ServicePack revision. and if using a virtual machine, which one:
virtual machine : virtualbox 4.3.6 r91406 , windows7 x64
3. List all the configuration changes you did. Are you using Default configuration? If no, whats the difference?:
COMODO - Internet Security
4. Did you install over a previous version without uninstalling first, or import a previous conf
iguration file?:
Clean install
5. Other Security, Sandboxing or Utility Software Installed:
No
6. Step by step description to reproduce the issue. Or if you cannot reproduce it, what you actually did before it happened, step by step:
1: Run the Virtual Desktop.
2: Note that after running it Defense+ shows 2 blocked intrusions. Both of these are just from the Virtual Desktop processes.
3: These intrusions should not be shown because it is just CIS working correctly. There is no need to alarm the user by making them think there are actual intrusions being blocked.
7. What actually happened when you carried out these steps:
Every time you run the Virtual Desktop Defense+ will show 2 blocked intrusions. Both of these are just from the Virtual Desktop processes.
8. What you expected to see or happen when you carried out these steps, and why (if not obvious):
These intrusions should not be shown because it is just CIS working correctly. There is no need to alarm the user by making them think there are actual intrusions being blocked.
9. Any other information:
None

[attachment deleted by admin]

Thank you for reporting this. I checked on my computer, and I experience the same issue. Thus, it should be reproducible.

I have made some edits to your first post. Does everything look correct?

Thanks.

Initially Thank you for the test, and also thank you to modify the subject.
Everything look correct :-TU

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time, availability, and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

This issue has not been resolved

Thank you for letting me know. I have updated the tracker.

Not solved

Thank you for checking this. I’ve updated the tracker.

Not solved

I’ve updated tracker data.

Thank you.

Hello,

The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.

If you are able please check with the newest version (CIS version 8.1.0.4426) and let me know if this is fixed on your computer with that version.

Thank you.

not fixed in cis 8.2

I’ve updated tracker data.
Thank you.

V12.2.2.8012 (Firewall only) Windows 7 Ultimate 64-bit (clean install with all MS-updates)

I just noticed that every time when Virtual Desktop is started a HIPS Event is logged about Application “virtkiosk.exe” with Action “Direct Disk Access” and Target “??\scsi#cdrom&ven_. . . . . .”

Seemingly Virtual Desktop is not allowed Direct Disk Access by default.

Hi CISfan,

Thank you for reporting, we will check and update you.

Hello C.O.M.O.D.O RT,

In addition, when unblocking virtkiosk.exe from the “BLOCKED APPLICATIONS” a HIPS application rule for virtkiosk.exe rule is created but this rule doesn’t work (maybe that’s the bug). Still the same HIPS Event is being logged when Virtual Desktop is started.

Known issue merged with existing topic.