HIPS hangs when OpenVPN is connected [M2409]

A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?:
Yes, the problem remains active for CIS 10 and 11.
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Install latest released CIS.
2: Instal latest OpenVPN client.
3: Assign home network as a Home zone in CIS.
4: Install OpenVPN server on home router.
5: In any remote network assign remote network as Public zone in CIS.
6: Coonect to home OpenVPN server using client on PC.
One or two sentences explaining what actually happened:
HIPS is going to work very slowly. The programs those have rules in HIPS are opening with a huge delay. No new warning windows from HIPS appears for new programs (without rules) so it is absolutely impossible to start anything new. It is not possible to open CIS intarface by double-clicking the icon in tray.
All these issues disappear immediately when OpenVPN client is stopped.
One or two sentences explaining what you expected to happen:
All should work like a charm :slight_smile:
If a software compatibility problem have you tried the advice to make programs work with CIS?:
None except Windows built-in.
Any software except CIS/OS involved? If so - name, & exact version:
OpenVPN Client (openvpn-install-2.4.7-I601.exe)
Any other information, eg your guess at the cause, how you tried to fix it etc:

Exact CIS version & configuration:, Comodo - Internet Security
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
HIPS - Safe Mode
Firewall - Safe Mode
AV - Statefull
VirusScope - Enabled
Others are disabled.
Have you made any other changes to the default config? (egs here.):
No, just entering Zoneas as decribed above.
Have you updated (without uninstall) from CIS 5, 6 or 7?:

Have you imported a config from a previous version of CIS:

OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Win 10 Pro x64 1809, UAC default, account admin, real machine.
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:

Thanks for the report, can you clarify a few things? Is the VPN connection setup as bridging mode or routing mode? Does this happen when you connect to remote OpenVPN servers or is it specific to a local server instance. Is the OpenVPN configuration using dev tap or dev tun? If using routing mode with dev tun does it happen with using either UDP or TCP as the connection protocol, or does it happen with both?

  1. Routing mode.
  2. Don’t know, I don’t have other VPN servers that are configured as “Home zone”. I really think it is caused by mess of VPN IP range - and IP range obtaine from local provider.
  3. dev tap

Just in case:

client dev tap proto udp remote xxxxx 9999 float ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC cipher AES-256-CBC comp-lzo adaptive keepalive 15 60 auth-user-pass remote-cert-tls server -----BEGIN CERTIFICATE----- MIIXXXXXX== -----END CERTIFICATE----- -----BEGIN OpenVPN Static key V1----- XXXXXXXXXX -----END OpenVPN Static key V1----- resolv-retry infinite nobind mute-replay-warnings

Ok thanks for info, what I meant for remote servers is if you try to connect to one of the free available OpenVPN server providers does the issue persist. Go to vpngate.net and choose a server to use by downloading the specific servers openvpn config file, they have configs for both udp and tcp using either ddns or ip address. If no issues using remote servers can you try changing your server and client to use dev tun instead, that way it can be narrowed down to using the TAP interface.

Also is it limited to just HIPS or does firewall have issues too? If you temporary set firewall to custom ruleset mode and launch an application does the firewall alert appear fast or slow? Does disabling automatic detection of private networks help?

The problem is that issue does not apears immediately so I’ve tried to point all settings as detailed as possible.
I have used other VPN but not for long (public VPN are subject of security issues so I cannot use them for a long time). But the issue appears always when I connect to VPN that corresponds to Home zone from provider who is Public zone. Anyway - it needs some time to appear.

Switching to dev tun is not a solution for me.

HIPS is affected to this issue 100%. As for firewall - it cannot be tested as far as HIPS prevents the application to start - and of course it cannot connect to network so I will see the alert from firewall. It really looks like hanging the whole CIS interface because I cannot open it also when double clicking on the tray icon.

Disabling automatic detection of private networks does not help (as far as zones are configured in the way i have described above).

Please check issue with thanks.

Unfortunately the situation is still the same.

Please check with v12.1.0.6914 RC to see if you still have the issue.

Please check with v12.2.0.6938 using a clean install thanks.

Hello gjf,

If you still facing this issue in the sense kindly use the Comodo Uninstaller Tool for the clean Uninstallation and Install the CIS v12.2.1.6950 Beta 2 and check. If it persist’s in the same condition please don’t hesitate to ping us.


Please check with the latest version of CIS v12.2.2.7036 to see if you still experience the issue.