HIPS and Firewall is blocking everything. [M2400] [M2401]

This is my second clean install of Windows 10, trying to correct this problem. For some reason Comodo Firewall (free) HIPS and Firewall is constantly blocking trusted programs. I’ve included a screenshot. I’m pretty sure that they are blocked due to interprocess memory access, but this was never an issue before. It would block maybe one or two programs but not programs such as NVIDIA…Steam…or…shutdown.exe???

are you using paranoid mode of hips?

Hi nihil66861986,

Could you please check your Inbox for private message and provide the requested logs.

It is a bug with 1903 and 32-bit applications in which HIPS thinks those applications are trying to perform inter-process memory access for every running process which includes CIS own processes. Due to self-protection it will automatically block the inter-process memory access and thus you see the applications listed for blocked applications.

Any idea on when this will be fixed? I have also experienced it when trying the 1809 Windows 10 build? Another quick question as I’m fairly new to firewalls…when a firewall blocks a program such as NVIDIA or Steam or a Windows application to directly connecting to a legitimate server, should I unblock it for all incoming connections or should I only allow it to make outgoing connections? I don’t really get how that works…if I block incoming connections then how can these programs provide updates for my computer? I’m a noob. I already have block all incoming connections selected (added that when setting up the firewall) but how am I able to receive downloads when I have that option selected? I don’t get it.

CIS also ignores unblocking.

Actually it doesn’t, there are certain actions that using unblock application wont be useful for.

Hi nihil66861986,

We need logs for further investigation of this issue,Could you please check your personal message.

I no longer have Comodo installed. Running the tool generates no logs whatsoever. I will reinstall once the bug is fixed. I do however know that this issue is present on build 1709, 1804, and of course 1903. That is, if you uninstall and reinstall Comodo. I only know this because I’ve been working on some laptops in which I’ve had to clean install these builds of Windows 10 along with Comodo.

Sorry to see you go. Blocked Applications logs and unblocking functionality are immature at best. Blocked Applications is not thought through and in my opinion it should be removed because it needlessly scares people makes think CIS is not working properly.

There is most likely nothing out of the ordinary happening. Most likely CIS blocking interprocess memory access to its processes as part of it’s protection.

The only way to know the exact nature of the blocking and whether it is normal or unwanted we need to have is to see the HIPS logs. Then we can judge if there is a problem or regular blocking as f.e. blocking interprocess memory access which is part the self protection of CIS. You don’t want to unblock this as it makes vulnerable for attacks.

Understandable. I get the part about it needing to block Interprocess Memory Access, but this was out of control. Unless I added an exception for the application, then it would continuously and repeatedly block app (Sometimes the same app within the span of a few seconds) after app after app until my computer was completely bogged down. It was mainly Steam, so I gave that IMA, but then another app would continuously end up getting blocked (every minute), so I’d have to add that to the IMA as well, and so. Before I upgraded to 1804 and then 1903 you only had a few apps that were being blocked and I was fine with that, but it was just taking up too much ram and cpu by blocking the same app over and over again.

I will install it again and then run the tool in order to be helpful. I’ll PM you in the morning.

Just installed it and after rebooting I already have 15 blocked (legitimate) applications and 36 blocked (legitimate) outbound connections (non loopback).

Will PM the logs now. I’ve just never had this issue before. It was always an unrecognized file that was blocked for trying to access the memory (Interprocess Memory Access), not Nvidia, DasHost, Shutdown.exe, Steam, etc. Same thing applies to when these processes are having their outbound connections blocked. The firewall is using Safe Mode as is HIPS.

The log has been sent. Couldn’t initially run the tool because HIPS blocked it (memory access), so I had to add CISTool to to the memory access (modify section), but then listdll.exe was then in turn blocked by hips (memory access), but I couldn’t add that to the modify section because the temp folder and file is only generated while the tool is running and is deleted after the tool is closed. Ended up having to untick Interprocess Memory Access within HIPS settings in order for it to let me run the tool.

Hi nihil66861986,

Thanks for providing the requested logs,our developers are working on it.

Could you post screenshot of the HIPS logs? That is needed to know the exact nature of the events being logged. Blocked Applications does not log extensively enough to know what is happening.

On a related note. What configuration are you running and what are the modifications made to it?

Here you go. Had to reinstall it again. This all happened after a restart. There’s more to come if I open up additional programs. Also, you no longer get the popup to select what network you’re connecting from after reinstalling Comodo.

I have a question about the firewall blocking. Do I unblock these and then allow outgoing only or incoming and outgoing or do I leave them blocked? Also, for the HIPS access memory events, do I add them to the modify section of Comodo Internet Security so that I stop receiving the notifications or do I leave them as they are? Steam constantly trying to access IMA is bogging down my laptop because it’s trying to access it ever minute until I close the application.

I forgot to mention that I have also stealthed my ports.

I have noticed the firewall blocking for some applications right after system startup and logging in. Does the blocks happen around the time you log in to Windows? Or does it happen throughout the day? Also were you running a full screen application when the firewall blocks happen? You can create rules but I don’t think it will make a difference.

For HIPS memory access blocks I have noticed it only happens right after the application is launched, once it is running no more blocks happen, check to see if multiple processes are running as it could be each subsequent launching of the application will generate extra blocked events. Steam might be actually trying to perform memory access on a regular bases depending on what game you are running, as steam does have anti-cheat built into the client. For all others they should only perform the memory access once at application startup. You can add steam to the exclusion for the CIS HIPS protection setting rule if you want.