HIPS interactive permission ('ask') not working anymore! [Solved]

After the update to material design (Comodo Firewall 10, the installer was cmd_fw_installer_6113_c7 ), on my Windows 7 Ultimate (64 bit), ‘ask’ settings on HIPS setting are ignored almost every time!
The HIPS does not show any interface so it does not ask me if I want to allow the program/event or not.
For example, I was used to be asked every time I (or any other program) launched ‘cmd’ (the Windows command shell).
Now, when I launch it, no interface appears and cmd starts without any explicit permission! It means all ‘ask’ voices now behave as ‘permit’! It’s totally unsafe!
If I go on configuration and change ‘ask’ to ‘block’ then it works, the program is blocked (and no interface is needed of course), but since I need to permit programs time to time, this behavior is just wrong.

Set HIPS to paranoid mode. When HIPS is set to safe mode then trusted applications will not ask for any action when its HIPS rules is set to ask and will automatically be allowed.

Related to this topic i have to quote myself :wink:

“If HIPS is third line of defense , i think it is not a good Idea to supress all Warnings just because the File was classified as “trusted” . Even if all other mechanisms of detection get fail , specific HIPS behaviors should always be reported . So the User have a last Chance to regognize that some things go wrong … !!!”

Because human experts are just Humans and because valkyrie verdicts can also be wrong , PLEASE give us more Alerts also for TRUSTED Files !!! Even for HIPS in Safe Mode !!!

In the past, you could do that.
At first, CIS would sandbox the file, but you got a popup where you could choose “don’t sandbox it again”.
If you do that, next time you run the file, it will run out of the sandbox, but you’ll get a HIPS popup.

With the current notification settings, the only way to do that is to set a “ignore” rule on the sandbox, so that the file will run out of the sandbox, but the rating won’t be changed to “trusted”, therefore you’ll get HIPS alerts

Jon79 , I fully agree with you !!! At least in this one point , i think it would be the better way to go back to the past !!! :wink:

Yeah :slight_smile:
Now I’m using CCAV and it uses the old-style popup notification system, so I don’t understand why CIS can’t use the same style…

hm … that’s a very good question ! :-TU Maybe the popups were annoying for some users and therefore comodo has tried to reduce this significantly ?! This is a good approach but under certain circumstances, HIPS must be annoying ! Whether a file is classified as trusted or untrusted !

I understand, but blindly trusting something like cmd only because is signed by Microsoft is not a good idea, since it can be used (for example) to delete all my files (or worst), in the scenario that something (for example an USB device with custom firmware that emulates a keyboard) launches it with an bad purpose.

As someone said, HIPS should activate itself even when the ‘enemy’ is partially in the machine.

By the way I’ve set to paranoid mode (I was used to do that) and it partially works: I’m being asked when cmd tries to launch (for example) notepad.
But I’m still not asked when something (me, a process, a keyboard emulator) launches cmd itself.
Any idea?

If an unknown file launches cmd, both of them will run virtually in the sandbox, so no harm can be done to the real system.
That’s why HIPS is becoming obsolete

The described USB device emulating the keyboard is not an unknown file, it’s exactly as me tapping keystrokes, no process/program is involved ( a part the system low level keystroke handling of course)

I suggest that at least the ‘paranoid mode’ should be really paranoid and ask for everything, like it was used to do earlier.

Check your HIPS rules to make sure windows explorer is not set as a windows system application. Also make sure it doesn’t already have cmd.exe in the allowed exclusions for run an executable access right.

Thanks, now it’s close to the previous behavior.

To make it a little more paranoid, just mark cmd.exe as “unrecognized”, make ignore rule for it in autosandbox, and you will always get a prompt.