HIPS prevents any unrecognized files from executing

Hi,

There is an annoying problem with the Comodo Firewall v6.3 on my machine. The HIPS prevents any file, as long as unrecognized, from executing. They cannot execute at all unless I manually add them to the Trusted Files list. Isn’t Comodo supposed to make those unknown files run in the sandbox if Auto-Sandbox is enabled, or to ask my permission to execute them if Auto-Sandbox is disabled?

My Comodo is configured as factory default “COMODO - Proactive Security”. There are no additional HIPS rules. Whether Auto-Sandbox is enabled or not is irrelevant as all unrecognized files won’t execute as long as HIPS is enabled.

Any solution to this problem?

Thanks in advance.

I guess you mean that CIS’ HIPS asks in popup about unknown executable. Than just check “remember the rule” (or something like that) in the bottom of the popup and it won’t repeat. You can run “rating scan” and examine all unknown executables. Also if you are sure that all executable are trustworthy then you can use HIPS in “Clean PC” mode - it trusts all executables by default.

No, there is not any popup at all. Unknown exes are blocked silently. When I double-click on an unknown exe, explorer.exe freezes for one or two minutes, then Windows returns an error message saying that I am unable to execute the exe. Problem remains the same even if I make an HIPS rule allowing explorer.exe to execute everything. It seems like a bug… BTW, my system is windows 8.1 x64.

It must be a bug. Is it the same if HIPS is disabled?

No, everything goes fine if HIPS is disabled. I tend to believe this is a bug. Hope Comodo staff will notice this thread and find out what’s wrong. And thank you for your reply.

Can you post a screenshot of D+ logs? Sometimes there may a clue in there.

Do you have other security programs installed? If so which ones and which one(s) run in the background alongside CFW?

If you had other security programs installed in the past then make sure they are completely removed by running removal tools for those. A list of such tools can be found here: ESET Knowledgebase .

Hi, please see the attached screenshot. The BOOTICEx64.exe is an unrecognized executable. When I double-click on it, Windows shell freezes for a minute, and the exe is blocked silently. No popup at all.

There is no other security program installed on my machine. I installed the latest CFW right after a clean installation of the OS.

I think there might be a bug in the Enhanced Protection Mode with Windows 8.1 x64, because the problem won’t happen again if I change CFW’s configuration to “COMODO - Firewall Security” where Enhanced Protection Mode is disabled.

[attachment deleted by admin]

I think I’ve found out the cause. It’s the “Enable adaptive mode under low system resources” option. There must be a bug in adaptive mode. Uncheck this option and problem gone! :smiley:

Congratulations!
Actually I’ve never used this option.

What kind of program is booticex64? What does it do?

In your topic start you are reporting:

Does this problem also go away when you disable “Enable adaptive mode under low system resources”?

If so we are looking at a compatibility issue which would be worth considering a bug report for.