HIPS prompts about many system programs

hi again,

after my upgrade from Comodo firewall 10 to the recent version, HIPS is always (if I dont remember the rule) promting about many system programs like StartmenuExperienceHost, RuntimeBroker, YourPhone, Speechruntime, sihost.exe and so on are trying to modify protected registry keys, or to access svchost.exe or explorer in memory…

Is that OK? And if yes, what has changed in the Comodo 12 causing that? In the changelog of Comodo 12 I read something about Windows system programs???

thanks for clarifying me

HIPS is in Safe Mode.
I read that in HIPS Windows System Applications should be an entry “System” but I dont see that ?!? Or maybe I dont understand it right?
Here a screenshot

I would do a clean uninstall using the official uninstaller, then try latest RC version as 12.1 has some known issues that are fixed in

but where should be this “SYSTEM” application in the HIPS exactly?

In HIPS rules section there should be a HIPS rule for the Windows system applications file group.

ah do you mean this? Is tha new added in version 12?

No its a default rule that has been there forever, like I said you should do a clean re-install as you shouldn’t be getting alerts for trusted applications in safe mode, unless another 3rd party security software is causing conflicts which you should not use if that is the case.

how to safe config and application lists? Exporting the Config file will safe both settings AND firewall/HIPS rules?

Yes after you export your config you can import the config after installing. Personal Configurations | Comodo Internet Security | Internet Security

but can you confirm that both settings AND application rules will be restored after importing the config file?

… and something else just to clarify:
Is it the same if I create custom HIPS rule for one Windows system application for ex. sihost.exe thought the alert popup window or if I edit the Windows system applications group in HIPS and add there the application sihost.exe (as shown in the screenshots in post#5)?

Yes everything except for the file list is saved, when you export your config it saves rules and settings.

moment, what is the file list [confused] ? I though these are the files in the rules which will be save with the config file, but obviously not?

Remember, you can also export and save your File List using Exchange in the settings as shown

not related but can be solution for not bothering hips you can just use autosandbox for your all need
just use cruelsister with block unrecognized not virtualize restricted or untrusted while comodo is in this stiuation
hips config can be tricky and always find things to show popups

oh dear, I have missed that in the comodo menu, shame on me.
Ok, what for is that file list? What is the result if one file is (or is not) on that file list, what happen then?

Probably best if you read through these details first File List

I would like to know:
is it the same if A.) I create/add a custom HIPS rule for one Windows System application for ex. runtimebroker.exe thought the alert popup window or the UI. Or instead of that if B.) I edit the Windows System applications group in HIPS by adding there the application for ex. runtimebroker.exe (as shown in the screenshots in post#5)?

We do not advice to allow programs to access memory of protecting executables. Your installation or configuration is apparently borked for reasons we don’t know. Hence why we want you to start with a clean installation.

Just export your configuration to a folder that is not part of the CIS installation folders. Then do a clean install and start from there. The File List won’t be saved when exporting.

The File List will be newly populated after the clean installation. For some applications you may get alerts which you need to answer and they will be added to the File List.

Once the new installation is up and running we want to know if the same problems happen again. If that is the case we need to look further into your system because then there could be other (security) applications interfering.

Hm, ok , i am not fan of clean installs, but I will do it.

Question is: I already added rules for all these Windows applications… in the HIPS as well as in the Firewall earlier after upgrade von Win7 to Win10 (I had the same plenty of popups about Windows apps). So , i think it makes sense to remove all the custom rules (both in Hips and firewall) of these applications created by me BEFORE exporting the config. Otherwise the conclusions about if CIS works properly after the clean install and import of the config are not meaningful/significant.
Am i right?