HIPS rules disappear randomly [M1897]

Hey there,

so now and then I have the issue that HIPS/Defense+ seems to forget rules. (running it on paranoid mode usually)
That is, one day i start my PC and everything will go very slowly, then I get Defense+ Alerts for e.g. chrome asking to access the internet, or various windows system processes/applications asking to do their stuff, even though i already had them allowed and set and it worked fine for weeks/months.
Doesn’t help that programs seem impatient about getting their permissions, seems they ask again if they dont get an answer after a certain time. So I get a chrome popup where chrome asks for some permission and tell it to treat chrome as Allowed Application
But then a bit later i get another chrome popup, and another, and another (which i assume had been queue’d when chrome wasn’t already treated as allowed app)

My current guess is that theres a “original executor” which would be the windows shell or something, so if windows updates it can happen that that changes (since its a new file?) and thus everything has to ask for permissions again, but thats just a guess…

Anyway, any idea why this happens and how to solve it?

Sometimes when one of the components of CIS has crashed it can damage the rules as they are stored in the registry. Easiest way out is to go back with system restore to a point before when the problem started to happen. Or restore a back up configuration in case you have one.

hi,

as i’m having the same trouble - at least partially (see: https://forums.comodo.com/defense-sandbox-help-cis/open-hostsbat-trying-to-execute-notepadexe-t97435.0.html) -
i was wondering how i could effectively reset the whole CIS configuration and begin from scratch. a reinstall didn’t help me at all. switching to training mode doesn’t help for more than 2 sessions.
sometimes HIPS brings me a popup after i told the system to shut down (“System is trying to access xyz”) . i can’t click the popup though because the system shuts down within 2 seconds (ssd :slight_smile: )

i can’t restore any old windows config because i’ve disabled this feature for good after i had massive trouble with broken backups and heavy performance impacts while windows created these backups. it never asked for it or waited until the system was idle… besides that it just clogged my ssd.

appreciating any tips

Hello L3v I replied in the other topic.

hi there i noticed that HIPS forgets my rules every time i turn off pc :o and i don’t know how fix it… i’m going out of my mind because i have many rules and every time they disappear :cry:
can anyone help me? i don’t know what to do!!!
instead the firewall remembers the rules i tell him to remember luckily

All my applications defined in the Defense+ Rules are gone. They just disappeared. Now I get lots of alerts on the applications that used to be defined as Trusted or Custom policy. This has also happened before. Is this a bug? Is the definitions stored somewhere that I can recover them?

I’ve been experiencing this too. In my situation it is occurring after every two to three reboots. I thought it might be Kaspersky Anti-virus causing it, but after adding the 4 Comodo processes to the Kaspersky exception list it still occurs.

I suspected CCleaner might be another culprit that was causing it, because after using CCleaner and rebooting the system the HIPS rules list returned to defaults more frequently. Unticking the RegEdit option under Applications > Windows within CCleaner seemed to make it occur less often, but then again it could just be an illusion.

My HIPS settings are safe mode with verbose pop-ups and create rules for safe apps.

As a workaround I’ve resorted to backing up my Comodo configuration settings every time I add something to the HIPS list. But it is annoying having to restore them after every two to three reboots. But you only notice there is a problem when you start getting pop-ups asking for action that have already been configured.

Have you ever exported your CIS config?

If so, then import it as MY PERSONAL SPECFIC CUSTOM NOT TO BE TOUCHED AND ABSOLUTELY IMPERVIOUS TO ALL OFFENSE

I save my CIS config on regular basis. I rotate the save-to name to the oldest.

For example,

CIS_I.cfgx
CIS_II.cfgx
CIS_III.cfgx

And I save to the oldest.

What does that mean? As a workaround?

As a matter of course after I’ve been in the HIPS / FW rules for any amount of time, I save the stinkin’ congig. May the Lord have mercy on your ignorant soul.

You misunderstood what I said, therefore I’m an ignorant soul. Non sequitur.

Read my post again. I backup my configuration settings, or in other words export my configuration. i.e. from the General Settings > Configuration > (right click) Export settings.

all of my created Hips rules are gone after the system gets restarted.
what is going on?
any help

I use latest CIP on Windows7

It means that one of the CIS components, cix.exe or cmdagent.exe, had crashed. That can sometimes cause loss of rules. To get them back you can go back with System Restore to a recent restore point because CIS stores its rules in the registry. After you restored it is best to immediately export your configuration to a folder that is not part of the CIS installation folder and consider making backups of your configuration on a regular basis.

Please note if you use the antivirus part of CIS and do a System Restore the database will be marked as corrupt.

Please copy the database elsewhere on your computer then import it after you have used System Restore.

Dennis

I was updating over the existing settings and rules… after updating from scratch rules are getting saved.

BUT CIS makes the whole system soooo lazy and slow. After reboot is starts about 3-5min after all other apps and services are started. Althou I have a lot of RAM and memory. Very ofter I even can not open the CIS GUI, or it reacts very very slow. It is terrible :-TD

I know what you’re saying: I had multiple clients that just threw in the towel and demanded that I remove ALL traces of CIS from their system. It cost me dearly.

What version did you update from?

Did you export your configuration before doing that?

I had multiple clients that just threw in the towel and demanded that I remove ALL traces of CIS from their system.
what do you mean...sorry , my english is not very good:-/ Which multiple clients?

I updated from v5.12
And I did export my settings. Importing them now causes the crash of the HIPS rules ( I think)

i have this error for the past two days.
sometimes at startup it prevents windows from booting into desktop and just gets stuck at a black screen.
this is MAJOR BUG!

please fix it ASAP!

Which error do you have?

i have the error that ALL HIPS RULES ARE DELETED AFTER EACH REBOOT.

this leads to windows being stuck at a black screen because this fucking shit program is blocking some components from running. it does not show an allow/block dialogue until i waited a bit and pressed ctrl-alt-del a few times.

also, every single fucking program AND EVEN EVERY FUCKING WINDOWS COMPONENT IS PRODUCING A POPUP AND ASKS FOR PERMISSION. EVEN WHEN I LAUNCH THE FUCKING TASK MANAGER, I HAVE TO GIVE PERMISSION TO THE TASKMGR APPLICATION EVERY SINGLE FUCKING REBOOT.

what a ■■■■■■■■ bug. fix this ASAP!!!

Please try reinstalling CIS please follow Most Effective Way to Reinstall CIS to Avoid/Fix Problems by my colleague Chiron. It will provide a reliable and clean starting point.