Disappointment with CIS 6, Issues with HIPS/Behaviour Blocker

First a thank you - I’ve been a long term user of Comodo protection software, reguarly recommending it to other profesionals, associates and family/friends. Although, I will admit I never have purchased a license - as I’ve never need anything beyond the impressive basic protection it offers. It’s kept me 99.999% virus free, kept my information safe and save my computer many times. I’ve been very happy with the level of information and options available, and have never had an issue with the number or type of popups until now.

I’ve recently upgraded to Windows 8, and am fairly happy with the new interface, it’s not perfect, however I’m only interested in efficiency, and a few extra clicks to perform simple tasks isn’t an issue for me - although, my system colours and icons now look a lot like Workbench! I haven’t really got any issues with your new interface, it does seem now though, that each popup requires me to click three things, click the down arrow to see what’s actually happening (the important info about what the program is trying to do), then click block, then click block only (99% of the time it’s an app I’ve run, why would I need block and terminate?). So that’s now 4 clicks to remember the action as well!

My main problem lies in the HIPS system, I’ve used Defense+ for years and never had any real problems, all windows system stuff worked fine (Windows XP & 7 - upto V5) and my normal applications had 6 or 7 popups, which when remember work fine and never bother me, and for most random executables I encounter, I’d end up with 6 or 7 popups and if something rogue happened, I would know, block and get rid. Worked fine with Visual Studio, my own applications and random internet ones. Simple, efficent and exactly the protection level I need.

But HIPS now seems completely broken, It’s playing up on all windows systems apps, when I tried to run office 2013 or Visual Studio 2012, I encounter 30-40 popups, with 10 or so every time I compile and run a new build of my own application - in the end I just got sick of it. I’ve tried reducing down the number of popups, but even for small apps it either doesn’t give me anything useful, or too many to actually use. So after searching the forums and reading some guides (thanks to the community) I’ve disabled HIPS and enabled behaviour blocker. Now I get nothing but auto-sandbox everything (including windows system stuff, apps, control panel dll’s etc) - and all I have is an sandbox/not sandboxed. I have no idea if the sandboxed app is trying to invade my registry or anything else - I don’t seem to get any messages about anything. Sure, I can run things in the sandbox, but most things I do affect files and I usually end up working outside the sandbox. And there are already many other sandboxing options, I already use VMWare and Sandboxie!

How do I know if it’s ok to now remove that app from the Sandbox? And it means unlike Defense+, I have to go into options and manually trust it after a few runs? In V5, I could not tick the remember options - run an app a few times before deciding what to allow it to do on my system. I don’t remember a single visit to the comodo options window in the last year before installing V6.

I’d happily pay money for a working HIPS, I’m not interested in geekbuddy or any other service though - and I’ve even looked around for an alternative solution, but it appears the level of control on unknown exe’s I’d like just doesn’t exist anymore…seems a step backwards for tech users.

Anyway, I’d like to say thanks for the free protection over the years, and I still think for an average user you can’t beat Comodo’s free security suite! But I guess I will have to look elsewhere!

Dave

It sounds like something went wrong with your installation.

Can you check if Trust files signed by Trusted Vendors is enabled? After that check that the Trusted Vendors list is populated.

After that run Diagnostics and see if that finds a problem and is able to fix it or not.

Thanks for the reply - have checked those settings and they we’re fine. Does it make a difference if I haven’t installed the Antivirus - just firewall (with hips) as that’s all I require.

I can’t find diagnostics to run? And the online help only shows that for V5 unless I’m misiing something?

Also I’ve noticed an issues with autosandboxing - put a fresh cleanly compiled app on my system (I only know it’s clean because of the build system I use - but this could have been an app provided by a 3rd party), ran it - auto sandboxed (which is fine, exactly what I wanted), 2nd run ok, 3rd run the app window didn’t appear - no process or anything in killswitch (which is great btw), 4th run - ran outside the sandbox, killswitch said it wasn’t restricted - no popups at all, went into advanced options, added it to sandbox partially limited, app refused to run with first no error, then a weird random shill error (this is a .net app), then moved it to another folder, re-added it to the sandbox and now it’s running under the sandbox? I will try and emulate this problem again and file a bug report if it’s repeatable…Doesn’t fill me with confidence though?

Dave

For Diagnostics look toward the upper left corner and look for the question mark. Click on it and go to Support → Diagnostics.

On what Windows version is the above happening? Did Diagnostics find something and could it fix it?

What happens when you remove everything from Untrusted Files?

Diagnostics said everything’s ok.

I’m Running windows 8 professional fully up to date, from a clean install.

I’ve removed all untrusted files in the list, and will see what happens.

Getting some odd program access issues - I’m not sure if this is Windows 8, CIS, or what but I’ve installed Win7 in a VM to test CIS a bit more and see if it’s just an issue with 8 (and maybe my install).

Kaspersky has HIPs and is very good, especially turn application control to high restricted or like Comodo untrusted

!ot! This topic is not about Kaspersky, Tony…

I know that, I was suggesting alternative security software that has a HIPs function as the person was unhappy with the Comodo HIPs. Sorry if I was out-of-line

Getting some odd program access issues - I'm not sure if this is Windows 8, CIS, or what but I've installed Win7 in a VM to test CIS a bit more and see if it's just an issue with 8 (and maybe my install).

What do you mean with odd program access issues? Can you describe in more detail or post a screenshot of the alert you're getting?

I didn’t actually snap the error, although it was repeatable at the time - it looked like a windows 8 error, very long box, two lines saying something along the line of

Permission error - you don’t have access to this resource (maybe it was file or program, can’t remember 100%).

I’ve done a google search and can’t see anyone’s taken a picture of the error message unfrotunately.

So far I’ve had to re-install two applications to get round this - at the moment I’m assuming it’s my windows 8 setup and not CIS (I only mentioned it in case someone had the same problem or it was a known issue).

CIS in windows 7 seems to be working better, is it worth/safe to uninstall CIS on my windows 8 and attempt a reinstall, just to rule out win8 installation problems?

Thanks for your help,

Dave

When you enable D+ do you still get the problems you had at the beginning? In that case a clean install of CIS makes sense.

No.
Kaspersky has awful HIPS.
Nowhere near as granular as comodo.

Tony was warned to not go off topic. That also extends to you.This is the second time tonight I am warning you. You have been on our radar more than a few times over time. It’s a thin line you’re maneuvering on.