Help with Visual Studio 2008

When compiling with visual studio 2008 / 2010, Comodo Internet Security 5 complain about one or more .bat files being executed, Comodo Internet Security 4 didn’t have this problem.

My question is how do i correctly setup Comodo Internet Security 5 so it doesn’t complain ?

see attachment for process tree info

[attachment deleted by admin]

Batch and other scripts files are intercepted with v5. The setting is called Do heuristic command-line analysis for certain applications.

Try adding the .bat file to Trusted Files.

Too bad you can’t disable or put the process (visual studio) under a exclude filter for “Do heuristic command-line analysis for certain applications”

Or perhaps you can add a fancy new feature:
If example a .bat file gets executed by a process (cmd.exe) by which parent process (doesn’t need to be the direct parent) is visual studio 2008 (devenv.exe) then it is allowed.

Ah right i forgot to mention, visual studio generates the .bat files during build, goes like this:

  1. Generate .bat file, it gets created in the %TEMP% folder
  2. Gets executed and then removed right after.

So it has a random name every time.

And disabling “Do heuristic command-line analysis for certain applications” seems to be a bad idea, security risk, etc…

Can this be solved another way without compromising security ?

If it is executed by cmd

You will have to allow cmd to execute %TEMP%*.bat

  • is for the random name.


Too bad there wasn’t a more secure way to do this :frowning:

Well i did what you said but i also had to add “%TEMP%*.bat” to ‘Computer Security Policies’, ‘Defense+ Rules’
and under ‘Use a Custom Policy’ → ‘Run an executable’ and add the exe files the bat files executes under the ‘Allowed Applications’.

Not the most elegant or secure way but oh well, i can always hope for some new features to get added to comodo that will make this more secure :wink: hint hint

Like my feature idea in the previous post.

If you have a better way of doing this, do tell.

Thanks for your help.

You could make VcBuildHelper.exe a Installer or Updater, but this then gives VcBuildHelper.exe a lot of rights but less rights to cmd itself.

I presume the way Visual Studio 2008 does this has not changed from Visual Studio 2005.