Under Defense+ Events i see that Comodo has flagged explorer.exe as a blocked intrusion even though it’s added to trusted files. See attached screenshot.

Why is this happening, and how do i stop it from happening again?


[attachment deleted by admin]

That’s the CIS self-protection in work, it’s stopping explorer from accessing the memory of a CIS process.

To stop it you need to create an exclusion in the HIPS rule for CIS, although I’d advise against it. Since I’m on a phone at the moment I can’t give any instructions but if you want me to I can give them tomorrow after work.

Please do that will be helpful :slight_smile:

I found your video on another thread and added explorer.exe to the exclusions of Interprocess Memory AccessesSee attached screenshot

Is what i have done correct and will it solve my issue?


[attachment deleted by admin]

I believe it’s correct and it should fix your issue but again I would recommend against it as it could leave CIS vulnerable since the self-protection has been compromised, but of course it’s up to you to decide how you want CIS set up.

So if i don’t add it as an exclusion could Comodo possibly cause problems with explorer.exe? I mean in the sense could i power my laptop on and explorer.exe doesn’t run at all because Comodo decides to block it?

No, CIS only blocks it from accessing the memory of CIS processes, it blocks that specific action, it doesn’t outright block the application from running.

That’s good to know. Thank you for your help! :slight_smile: