Heur Cmd-Line Analysis fails when the path is too long [M1212]

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
#1

A. THE BUG/ISSUE (Varies from issue to issue)
Can U reproduce the problem & if so how reliably?:
Yes, every time.
If U can, exact steps to reproduce. If not, exactly what U did & what happened:

  1. Make an application which has to be detected by heuristic command-line analysis. Use a very long filename. Possible formats: *.js, *.vbs, *.wsf, *.hta, *.jar, *.chm, *.msi. I have attached an example.
  2. Just run it.
    One or two sentences explaining what actually happened:
    The script executes with no restrictions. If the name is shortened it will be restricted.
    One or two sentences explaining what you expected to happen:
    Defense+ has to control scripts regardless of the filename.
    If a software compatibility problem have you tried the advice to make programs work with CIS?:
    NA
    Any software except CIS/OS involved? If so - name, & exact version:
    NA
    Any other information, eg your guess at the cause, how U tried to fix it etc:
    I have tested various formats, and the result was the same: when the path is longer than 130, command-line analysis fails (except batch files). It is specific for the version CIS 7.

B. YOUR SETUP
Exact CIS version & configuration:
CIS 7.0.317799.4142
Configuration: Proactice Security
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:

Antivirus:
Stateful
“Do not show alerts: Block threats”

HIPS:
Safe Mode
“Don not show popup alerts”: disabled
“enchanced protection mode”: disabled
the rule for explorer.exe: allowed application

Auto-Sandbox: disabled
“heuristic command-line analysis”: enabled
Viruscope: disabled

Firewall:
Safe mode
Website filtering: enabled

Have U made any other changes to the default config? (egs here.):
AV: “Do not show alerts: Block threats”
HIPS - “enchanced protection mode”: disabled
Auto-Sandbox: disabled
Viruscope: disabled
Have U updated (without uninstall) from CIS 5 or CIS6?:
No
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
WinXPx86-SP3 (VMware)
The same problem occurs on Win7x86-SP1 (real), UAC is enabled
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=None b=None

[attachment deleted by admin]

#2

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

#3

I’ve added MSI to dangerous formats.

#4

Thank you. I’ve updated the information in the tracker.

#5

Hi kibinimatik,

Devs have marked this issue as “Fixed” in version <8.0.0.4314>. Please verify.

Thanks.

#6

Hi qmarius,

I have verified it on WinXPx86SP3, CIS 8.0.0.4314. The issue hasn’t appeared.

Thanks.

#7

I’m very happy to hear that it seems this is fixed with CIS version 8.0.0.4314. In that case I will move this bug report to Resolved. Please let me know if you find that this issue reappears for any future builds.

Thank you.