What you did: Disabled the two checkmarks for the cloud lookup and for the sending of files BEFORE i enabled the internet. After a while i looked in the log mainscreen. The summary of the cloud said: “2 good files found, 0 files sent”. In total it found like 6 files until now.
What actually happened or you actually saw: Disabled cloud found files. I am not sure if the disabling had an effect.
What you expected to happen or see: The cloud should not send or find things when its disabled.
How you tried to fix it & what happened: Cant fix it.
If a software compatibility problem have U tried the compatibility fixes (link in format)?:
Details & exact version of any software (execpt CIS) involved (with download link unless malware): CIS V6
Whether you can make the problem happen again, and if so precise steps to make it happen: It happened several times.
Any other information (eg your guess regarding the cause, with reasons): Cloud could not accept the users choice. Or trusted vendors list “findings” lead to the wrong summary, “cloud found a good file”.
B. FILES APPENDED. (Please zip unless screenshots).
0. A diagnostics report file (Click ‘?’ in top right of main GUI) Required for all issues):
Screenshots of the 6.0 Killswitch Process Tab (see Advanced tasks ~ Watch Activity) or 5.x Active Process List. If accessible, required for all issues:
Screenshots illustrating the bug:
Screenshots of related CIS event logs:
A CIS config report or file:
Crash or freeze dump file:
Screenshot of More~About page. Can be used instead of typed product and AV database version:
C. YOUR SETUP
CIS version, AV database version & configuration: CIS V6 release, Proactive
a) Have you updated (without uninstall) from a previous version of CIS: No
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
a) Have you imported a config from a previous version of CIS: No
b) if so, have U tried a standard config (without losing settings - if not please do)?:
Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): Yes
Thank you very much for your bug report in standard format. We very much appreciate the effort you have made to document this bug.
We are sorry to trouble you further but there are some items of information missing or unclear in your post
[i]0. A diagnostics report file (Click ‘?’ in top right of main GUI) Required for all issues):
Screenshots of the 6.0 Killswitch Process Tab (see Advanced tasks ~ Watch Activity) or 5.x Active Process List. If accessible, required for all issues: [/i]
The reasons we need these items of information, though they may not seem directly relevant to the issue are explained here.
We would be very grateful if you would add these items of information so we can forward this post to the format verified board, where it is more likely to get fixed. You can find assistance using red links in the Format and here. If you need further help please ask a mod. If you do not add the information after a week we will forward this post to the non-format board. If this happens we will tell you how to rectify this if you wish to.
In the current process we will normally leave it up to you whether you want to make a report which includes all necessary information or not. We may remind you if we think a bug of particular importance.
In 5.x you had to disable 2 check boxes.
I know that because all is ok now with 5.10
I had nothing enabled in V6 that would have to do with sending to the internet. Especially nothing that would be allowed to send without my permission and without having a rule(!), not to mention without a name.
Up to +30 connections at a time.
If you dont call this a bug, it must be a disguised and possible (user-)unwanted feature. Hidden in a hidden traffic monitor.
To make it simple to understand what the serious problem is:
If you install a program, and this program would create an un-named process which could not be blocked with the firewall, which would send to the internet whatever it wants, even if you dont want or dont expect it… (Setting says “No”)
how would you call such a program?
I would call it sneaky, disguised, untrusted, unwanted.
And if this would happen with a firewall that i use TO have control over outgoing traffic, this firewall is not a firewall anymore, but an information gathering tool. Especially if this behaviour is combined with the “removing” of the traffic meter.
Something is not ok.
The best that can happen is, it comes out to be a bug.
If its not a bug, it must be intended.
That would be just wrong.
I am writing because i want to use this good program when it does not have this undisable able “feature”
Ok, today i got the written proof that i am right.
Punkbuster got “scanned online and found to be safe”. I did not see these entries in the last days, because i had to reduce the size of columns to see other parts of it.
Did not expect a “scanned online…”
This is what i had disabled right after installation:
Send to cloud
Each scan cloud setting is off
Autosandbox is off
There is no button left to press. I can not disable the cloud.
I reinstalled the program. I did what i allways did. I pressed all buttons. The program contains a feature that can not be disabled.
I have to uninstall it.
Such a nice product has such a bad aspect.
Well that seems to be a bug, blocked network connections give the same result.
So if you disable your network and do e.g. a Quick Scan it will show ‘Scanned online and found to be Safe’ in the logging.
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.
There appears to be only one setting (with a sub-setting) now in file rating
With that off I could not get it to look-up unrecognised files in cloud, as judged by the logs. I tried:
running several files I knew to be unrecognised but which I would expect to be on C’s whitelist as they are well known utilities (eg Fshed64)
several that had previously been looked up in the cloud in this installation of CIS according to the logs, removed them from trusted files and ran them. In one case I rebooted before running the file to clear any non-persistent cache.
In AV there are settings in each scanning profile, but there is no scanning profile for file rating. I ran a normal scan with the setting off and nothing was looked up. I ran a rating scan and things were looked up, suggesting that the normal scan would have if it could have. Running a rating scan constitutes requesting lookup I think, so lookup by rating scan is not an issue in itself.
So as far as I can see without checking firewall logs, I think this is resolved.
Please note that I did not test with Clockworks program as it was complex, having server and client components and possibly requiring interaction with an (unstated) game. Without precise steps to replicate it would be difficult to check via that route. Unfortunately I did not keep a record of the file I originally used to replicate.
It would be good if Clockwork could check, but pending that I suggest moving to resolved.