Firefox public release running non-virtualised with blank verdict [M264] [v6]

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary: Pls give a clear summary in the topic title, NOT here.

  • Can U reproduce the problem & if so how reliably?: No, Random, occurs maybe once a week. Please see [145] [137] for previous rating failures with different executables.
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
    a. Received multiple HIPS alerts for Firefox and Outlook (trying to execute Firefox). HIPS is on but set to safe mode.
    b. Opened Killswitch from Advanced tasks ~ Watch activity
    c. Noted Firefox.exe was running Rating=blank, Restriction=Disabled
    d. Noted a second, previously opened, instance running trusted
    e. Concluded that HIPS alerts were due to one instance of Firefox running not trusted
  • If not obvious, what U expected to happen: Should be trusted as it is signed - I have verified this. I also did an enhanced check using sigcheck and all signatures are current and valid.
  • If a software compatibility problem have U tried the conflict FAQ?:
  • Any software except CIS/OS involved? If so - name, & exact version: Firefox.exe version 18.02 (if not updated since it happened)
  • Any other information, eg your guess at the cause, how U tried to fix it etc: Problem resolved on reboot. Possible recurrence of intermittent file rating issue [145] [137], as I noted that Dragon was running with blank verdict in sandbox shortly afterwards.
  • Always attach: Diagnostics file, Watch Activity process list, (dump if freeze/crash).
    If complex: CIS logs & config, screenshots, video, zipped program (not malware).

    [/ol]

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: CIS 6.0 Build 2674, Proactive

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: All, HIPS=safe, BBlocker=Limited, Firewall=Safe, AV=cloud is on
  • Have U made any other changes to the default config? (egs here.): No other major changes
  • Have U updated (without uninstall) from a previous version of CIS: No
    [li]if so, have U tried a a clean reinstall - if not please do?:
    [/li]- Have U imported a config from a previous version of CIS: No
    [li]if so, have U tried a standard config - if not please do:
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, & virtual machine used: Windows 7, SP1, 64bit, UAC=off, admin, VM not used
  • Other security/sandbox software a) currently installed b) installed since OS: a) None b) None
    [/ol]

Link to file on FTP server:

ftp://82.69.43.252/CisReport_v6.0.264710.2708_20130209-093028.zip

User name and password as before, please see Mod’s new products preview board ~ password sticky, if you have misplaced.

[attachment deleted by admin]

Do you mean that in KillSwitch it showed a process of Firefox running as trusted and another untrusted or do you just mean that earlier in the same session you noticed that Firefox was running as trusted and suddenly was untrusted?

Did you restart your computer between these times or was it actually running as trusted after starting your computer and then after you closed Firefox and later opened it again this time it was untrusted?

Can you please verify that it was signed?

Thanks.

Thanks Chiron, good questions, now clarified in report.

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

Can you please check and see if this is fixed with the newest version? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

Not replicable and have not seen on any fix list so probably best left open ATM.

Probably due to occasional race conditions?

Best wishes

Mouse

Can you please check and see if this is fixed with the newest version (6.2.282872.2847)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

As this is probably related to an intermittent event, which probably is CIS load related, it will need to be tested on production for a while before declaring fixed. So it will need to await transfer of tracker.

I think there may be a fix which relates in a fix list, but I will let Ymalyi judge that (as the list descriptions are not precise) and mark in tracker if appropriate.

Best wishes

Mike

No problem. Once you can check this please update the bug report.

The devs have flagged this as fixed. Thus, I will move this to Resolved.

Please let me know if you are still experiencing the issue.

Thank you.