If file/folder is added to HIPS Protected Objects, HIPS monitors write access to these objects. The decision depends on 3 conditions:
1- HIPS rules
2- HIPS mode
3- default action for HIPS
By default CIS do not have a rule for browsers, so next it checks HIPS mode and file rating for the process that attempts to modify protected object. If HIPS is in Safe mode, access is granted for Trusted applications. So if it is known browser the attempt will be allowed. If app is not Trusted, default action will be applied.
If you want to monitor certain locations - add them to HIPS Protected Objects
If you want to block access to these objects for certain apps - create HIPS rule(s).
If you want to decide on the action upon detection, switch HIPS to Paranoid Mode and enable Alerts.
With your recommendations, I will do what needs to be done.
But, to avoid criticism from other people, but also unnecessary hesitation from users, wouldn’t it be a good idea to include a rule, or even a function, in the 2024 version?
The question asked by CIS could be:
“The website abcdefghij1234.com requests access to your data located in the “My Documents” location through the Opera browser”
Would you like to authorize:
Opera to access “My Documents”
1a) Always or only this time
This website to access “My documents” (regardless of browser)
2a) Always or only this time
2b) Be notified when this happens (without blocking)
Me again…
I have been using CIS for so long that I would like to take advantage of this beta, to see if certain things are possible in development.
My question: (Besides, thank you to everyone who takes the time to answer)(and a big thank you also to everyone who works on this beta).
Are there plans to have Comodo CIS do an evaluation analysis of the “scripts” located in C:\ProgramData\Comodo\Cis\tempscrpt?
Because, in my opinion, many are the same ones that end up in this folder on PCs around the world. Those, at least, could be automatically whitelisted. Once “judged” by the Comodo teams. that would be very practical.
If for example, there would not be enough staff at Comodo to do these evaluations internally, could we consider some sort of community rating?
I’ve seen this from the competition. Number of PCs that have dealt with this component, rating, Transmitter owner, details
Or am I the only one who bothers to go open the C:\ProgramData\Comodo\Cis\tempscrpt\ folder when I have related alerts and read the contents of the script to try to evaluate it myself ?
From the moment something “stuff” is reported, how can you stay (alone behind your screen) in the expository state?
Otherwise, there is a function that was present on Agnitum Outpost and the previous ZoneAlarm (as well as for example Esafe Protect)…
This is the function that would tell CIS Pro whether a series of alphanumeric values should be protected.
(CIS “Pro”, because those who pay must still have a little more than the others) (And above all, this would modify your economic model upwards, because it would encourage more users to upgrade to a paying version) ( Data theft is in the news at the moment)(You could surf on this a little more…)
If Comodo CIS Pro “sees” protected values passing from the inside to the outside, it warns the user by indicating “who” is sending their information and “where” it is going. (Without response, it blocks the exit and will warn when the user returns)
Previously, I had entered (among other things) my first and last name. I was quite surprised to see that one of these alphanumeric values to be protected “went” to a website, without me completing any questionnaire or form!
Of course, I blocked the attempt and the site concerned, then uninstalled the too “talkative” application, in this case an outdated browser.
In our current era of massive data theft, this function would be a significant plus and good publicity for CIS…
In 2024… I don’t see myself tampering with Proxomitron DLLs and others, to try to obtain the same function by myself… Nor installing a CIS competitor…
You can only catch the possible exfiltration of values you would like to be protected by breaking the end-to-end-encrypted HTTPS connection, decrypting, analysing/editing/blocking its content and re-encrypting this traffic (effectively a man-in-the-middle attack), which is generally considered a bad idea. See here why:
This would consist of using only a non-public trusted authority (CA) (in other words limited to the information system (PC)) and avoiding CAs natively integrated into the proxy. Use a key protection system (like HSM) and run the proxy in the Comodo sandbox so that no information comes out of there. CIS analyzing on the fly in the Sandbox.
Additionally, for some time now, hackers have been using encrypted streams to pass the offensive charge under the radar and out of sight.
I know, you are going to tell me: as soon as the charge takes action CIS will block it…
Is reading all of my bank’s PDFs a hostile action?
Hello, CIS lovers,
Our next beta release plan has been finalized and we’ll share the new beta version on October 23rd, 2023.
Here is the list of bug-fixes that we’ll cover with the new beta version:
Fixed an issue where icons in the taskbar disappeared after Explorer.exe restarted.
Fixed the issue of missing the “Log as firewall event if this rule is fired” option on the firewall rule screen.
Fixed issues with performing Quick Scan, Full Scan, and Rating Scan and errors related to updating the last scan date.
Fixed the “Report a Bug” link being incorrect, outdated.
Fixed an issue with the first beta version, which had compatibility issues with Win 11 x64 after installation and uninstallation, where the internet connection would be interrupted and a popup would appear in the CIS tray saying "The network firewall is not functioning properly”.
Fixed an issue where clicking on the scan exclusion under advanced protection would crash the entire advanced settings window/menu.
Fixed an issue where the antivirus still appeared to be running despite disabling all components in CIS and could not be disabled.
Fixed the “TDT agent is not working” issue.
Fixed the “Intel TDT driver not loaded” issue.
Fixed the issue of displaying the IntelTDT options on the UI with not supported CPU. If the CPU does not support TDT, it will be written to the log, and then unload tdt.dll. Users will be able to manually delete TDT’s log files.
Fixed an issue with CIS crashing after uninstalling the old version and installing the new beta version.
Fixed an issue where firewall settings caused the internet connection is being cut after installation of CIS 2024 Beta.
Fixed issues with cmd/diskpart or diskadminisration such as not being able to clean up all or create new volumes and formatted/deleted data/files restoring themselves after formation.
Fixed translation errors in Russian, French, Polish, Italian and Portuguese.
Problems with Killswitch, Cleaning Essentials, recognizer, and updater will also be fixed.
Thank you for your patience, we look forward to seeing the results of your experience with the new beta.
C:\ProgramData\comodo\Cis\tempscrpt\C_powershell.exe_806C4F4A619CD1C9927A6A5F237CABF3BCB036F3.ps1
containing :
“Get-PhysicalDisk | Select BusType | ft -HideTableHeaders”
I don’t know who created it, when, or what it does.
Sometimes it’s understandable, others… not at all.
So, it’s very nice to warn about powershell tempscripts (or others?), but it would be even nicer if we knew where this is leading us…
Hello kindly whether it is worth waiting for the new CIS 2024 Beta I am very happy with this information and thank you to the Comodo team for improving the Polish language errors with uncommonly waiting for Beta greetings from Poland.
Good morning,
There is a big problem regarding process control under CIS (beta).
Let me explain :
Since updating from Windows 10 to Windows 11 did not work with CIS, I disabled CIS from startup with Revo Uninstaller.
Failure.
Then, I completely uninstalled CIS with the Comodo utility and also with Revo for potential “leftovers”.
So, no more CIS at all.
So the update to Windows 11 worked.
Once on Windows 11 Pro (64), I wanted to reinstall CIS.
The installation went well, he didn’t notice anything or indicate anything.
But now, being used to the software, I noticed that things were not going right.
After several unsuccessful attempts at the diagnostics function, I tried several reinstallations. Without success either.
Then, I had the idea to look at the functions of controlling the users when starting Revo Uninstaller. The entries that I had blocked in Windows 10 to allow the system update were still blocked…
After checking them so that they are at the next startup, the installation worked and so did CIS.
I conclude the following:
Any process can very easily prevent CIS from returning to the next boot
CIS does not know how to realize that it will be blocked at the next boot
CIS does not know how to reactivate at the next boot
The installation of CIS does not notice the problem either and does not restore the start of the program to boot.
But even worse… the diagnosis doesn’t know how to do it either…
And don’t notice it either
It would still be super cool to correct this on this version.
With all the most sincere thanks in advance.
FYI, the CIS config was locked by a password.
I tried to do the same with another antivirus, sure enough, it came back perfect on reboot.
There is also the fact that Comodo CIS files should only belong to Comodo.
I was able to add Killswitch too easily (when it didn’t work on the first beta). The one I added is positive by 7 antiviruses on virustotal. I think I could have even added another exe and named it KillSwitch.
If we can so easily replace the official exe of the current version, this could open the way to out-of-control vulnerabilities.
Otherwise… CIS cleanup tools does not uninstall Comdo Secure Shopping which remains in place after uninstalling CIS.
And Comodo SHopping works alone with its environment.
Sorry to keep coming back, but the beta testing period doesn’t last forever.
So I communicate everything I notice.
So… something else:
When you install the official version of CIS Pro, it starts doing an update as soon as the installation is complete, then a quick scan, then offers to restart the computer to complete the installation process.
With the beta version, I didn’t see an update starting automatically, nor an analysis, and not a reboot request each time.
However, I installed it several times…
