after my upgrade from Comodo firewall 10 to the recent version, HIPS is always (if I dont remember the rule) promting about many system programs like StartmenuExperienceHost, RuntimeBroker, YourPhone, Speechruntime, sihost.exe and so on are trying to modify protected registry keys, or to access svchost.exe or explorer in memory…
Is that OK? And if yes, what has changed in the Comodo 12 causing that? In the changelog of Comodo 12 I read something about Windows system programs???
No its a default rule that has been there forever, like I said you should do a clean re-install as you shouldn’t be getting alerts for trusted applications in safe mode, unless another 3rd party security software is causing conflicts which you should not use if that is the case.
… and something else just to clarify:
Is it the same if I create custom HIPS rule for one Windows system application for ex. sihost.exe thought the alert popup window or if I edit the Windows system applications group in HIPS and add there the application sihost.exe (as shown in the screenshots in post#5)?
not related but can be solution for not bothering hips you can just use autosandbox for your all need
just use cruelsister with block unrecognized not virtualize restricted or untrusted while comodo is in this stiuation
hips config can be tricky and always find things to show popups
I would like to know:
is it the same if A.) I create/add a custom HIPS rule for one Windows System application for ex. runtimebroker.exe thought the alert popup window or the UI. Or instead of that if B.) I edit the Windows System applications group in HIPS by adding there the application for ex. runtimebroker.exe (as shown in the screenshots in post#5)?
We do not advice to allow programs to access memory of protecting executables. Your installation or configuration is apparently borked for reasons we don’t know. Hence why we want you to start with a clean installation.
Just export your configuration to a folder that is not part of the CIS installation folders. Then do a clean install and start from there. The File List won’t be saved when exporting.
The File List will be newly populated after the clean installation. For some applications you may get alerts which you need to answer and they will be added to the File List.
Once the new installation is up and running we want to know if the same problems happen again. If that is the case we need to look further into your system because then there could be other (security) applications interfering.
Hm, ok , i am not fan of clean installs, but I will do it.
Question is: I already added rules for all these Windows applications… in the HIPS as well as in the Firewall earlier after upgrade von Win7 to Win10 (I had the same plenty of popups about Windows apps). So , i think it makes sense to remove all the custom rules (both in Hips and firewall) of these applications created by me BEFORE exporting the config. Otherwise the conclusions about if CIS works properly after the clean install and import of the config are not meaningful/significant.
Am i right?