Formerly safe shell now "unrecognized executable" in HIPS??

I’ve been having a strange problem with blackbox.exe ( for the past few days.

The file already has a custom ruleset associated in HIPS.
It is in the “trusted files” list.
It is not in the “unrecognized files” list.
It is signed and distributed by a trusted developer.
It is clean of viruses and malware, as everything from a MBAM safe mode scan to a fresh replacement would attest.

But accessing entries in the programs menu gives me this:

“ is a safe application. However the parent file blackbox.exe could not be recognized. Once the application is executed, the parent file will have full control of the application…”

The file always gets put back into the unrecognized files list no matter how many times I take it out. HIPS is set to paranoid mode and there has never once been a problem with it until now.

Should I be concerned that something is modifying blackbox.exe without my knowledge?

(And If something is, why would it target a niche program yet leave explorer.exe unaffected? This whole ■■■■ thing makes no sense.)

Can you check the signature of the blackbox executable and see if it is still valid?

I confused file signature for file properties, sorry. :-\

That said, I DO trust that site/developer which is where I’ve been getting it from. Neither virustotal nor virusscan are returning a corrupt file and a copy of blackbox.exe from before this began seems to be clean as well.

Does the program update automatically? If so then its hash will have changed.


Update: I went back to blackbox 1.17.1 - and removed bb4win_mod 090820 - and the problem seems to have resolved itself. Could this have been some misconfiguration wherein Comodo began looking for the old file hash?